Good morning, I'm your AI Brief anchor. Here's what's happening in AI today, Tuesday, July 7, 2026.
Cognition Labs Discloses Major Data Breach
Our top story this morning: Cognition Labs, the high-profile company behind the AI software engineer ‘Devin’, has announced a significant data breach. In a statement released late yesterday, the company confirmed that attackers exploited a previously unknown "zero-day" vulnerability in their platform infrastructure in late May.
The breach resulted in unauthorized access to private code repositories for a number of their enterprise clients, exposing sensitive intellectual property and proprietary AI agent configurations. While Cognition Labs has since patched the vulnerability and is working with cybersecurity firms, the incident is a stark reminder of the high-value targets that AI development companies have become. The full impact on clients is still being assessed, but this breach sends a shockwave through the AI development community, raising serious questions about the security of AI-powered software creation tools.
EU AI Act Enforcement Begins
Moving on to regulation, the European Union's landmark AI Act is no longer just theory. The bloc’s AI Office has officially kicked off the first phase of enforcement, issuing new, binding directives for companies deploying what it deems ‘high-risk’ AI systems. This category includes AI used in critical infrastructure, medical devices, and law enforcement.
Effective immediately, companies with these systems on the market must engage third-party auditors to ensure they meet the Act's strict requirements for transparency, accuracy, and security. The directives lay out a detailed framework for these audits, marking a pivotal shift from voluntary guidelines to mandatory compliance. For businesses operating in the EU, this means a new era of regulatory scrutiny has begun, with non-compliance potentially leading to fines of up to 35 million euros or 7% of global annual turnover.
'Sleepwalker' Jailbreak Bypasses Major LLM Safeguards
While regulators work to secure AI from the outside, researchers are finding new vulnerabilities from within. A team at Carnegie Mellon University has unveiled a novel and alarmingly effective jailbreak technique they’re calling ‘Sleepwalker’. In a paper published this morning, the researchers detail how this universal attack can bypass the safety alignment of nearly every major large language model, including the latest from OpenAI, Google, and Anthropic.
The technique works by appending a specific, carefully crafted suffix to a malicious prompt, essentially putting the model’s safety filters “to sleep” and allowing it to generate harmful or prohibited content. Unlike previous jailbreaks that were often model-specific, Sleepwalker’s universal nature presents a fundamental challenge to the industry’s current safety practices, putting pressure on all major labs to develop more robust defense mechanisms.