The May 2017 security update has begun rolling out to Nexus and Pixel devices, which is usually great news. It means that your device is now being updated to protect you from the latest exploits and vulnerabilities found in Android. At other times, though, security updates patch root methods like Dirty COW, which is extremely frustrating for users and developers alike. Especially since most OEMs don't condone rooting or even unlocking the bootloader on their devices.
But the May 2017 security patch seems to be doing more harm than good for rooted Pixel and Pixel XL users, leaving a trail of havoc and panic all over XDA and Reddit. Not only did the security patch cause root to disappear, but TWRP won't boot either. All this is because of a change in Android Verified Boot. Developer Chainfire wrote up an explanation of the change and how developers can work around this update, but let's take a look at the problem from an end user's perspective.
There are a few options at hand when it comes to dealing with this problematic update. So if your Pixel or Pixel XL is currently rooted or has TWRP installed, let's take a look at what you can do:
1. Don't take the May 2017 update: Remain on April 2017's patch until TWRP and/or SuperSU's boot patch method have been updated and released to the public. This is the route I'll be taking with my own phone, since it seems that most of the "security" patches in the May update only serve to break root and TWRP.
2. Take the May 2017 update, then flash the bootloader from April 2017: The bootloader is the problematic part of May's update, so flashing the older bootloader.img file on top of the update using Fastboot will allow TWRP to boot even if you're on May's patch.
3. Take the May 2017 update: If you go with this option, you'll lose root and/or TWRP, but you can be confident that your device is now "more secure" than it was last month. I strongly advise against this if you're a modder since I personally haven't gone a day without root and TWRP.
It shouldn't take too long for TWRP's developers to sign the current images with the method laid out by Chainfire, and I'm sure he's also working on a way to get SuperSU to patch the boot image (since reflashing a backed up version of your boot image will result in a bootloop). So, no matter what you decide to do today, everything should work out in the near future.