AI Wire

Supply chain & AI security attacks

A coordinated wave of supply-chain and credential-theft incidents hit developer ecosystems. The Hacker News reported that codexui-android, a legitimate-looking npm package masquerading as a remote web UI for OpenAI Codex, has been quietly exfiltrating ~/.codex/auth.json (including non-expiring refresh tokens) to an attacker server since version 0.1.82, with 29,000+ weekly downloads (@thehackersnews). In parallel, a fresh "Miasma" Mini Shai-Hulud variant compromised official Red Hat Cloud Services npm packages via a malicious preinstall hook stealing GitHub secrets, cloud creds, and SSH keys — originating from a compromised Red Hat employee GitHub account, with stolen data exfiltrated to api.anthropic[.]com (with GitHub fallback) and unique per-infection encryption (@thehackersnews).

Beyond npm, threat actors are exploiting WP Maps Pro CVE-2026-8732 (CVSS 9.8) to create unauthenticated admin accounts (@thehackersnews), a brute-force campaign bypassed 2FA on a handful of Dashlane accounts to download encrypted vaults (@thehackersnews), and China-aligned "Operation Dragon Weave" is hitting Czech and Taiwanese targets with AdaptixC2 via Azure Blob Storage (@thehackersnews). On the defensive side, Vercel published its AI-endpoint protection playbook, noting that "a prompt can cost a million times more than an HTTP request, so token theft is a high-margin business for attackers" (@vercel), while OpenRouter rolled out stackable Guardrails covering budget caps, model denylists, prompt-injection defense, and DLP (@openrouter).

NVIDIA's GTC Taipei: Vera Rubin, Cosmos 3, Nemotron

NVIDIA had arguably the day's biggest hardware-and-models moment. Jensen Huang unveiled the Vera Rubin platform — a multi-rack pod-scale system unifying the Vera Rubin NVL72, Vera CPU rack, Groq 3 LPX, BlueField-4 STX, and Spectrum-6 SPX Ethernet — now in full production for agentic AI infrastructure (@nvidia). Cosmos 3, a family of omnimodal world models (Nano 16B and Super 64B in a Mixture-of-Transformers architecture), debuted at #1 on Artificial Analysis open-weights leaderboards for both text-to-image and image-to-video (@huggingface), and is already live on fal (@fal). NVIDIA also dropped LocateAnything, a 3B VLM that ditches token-by-token bounding-box prediction for ~10x faster grounding and now trends #1 on Hugging Face (@huggingface).

The open-source pile kept growing: Nemotron 3 Ultra is teased as "frontier smart, 5x faster, 30% cheaper" (@jeremyphoward, @clementdelangue), and a rumored 550B model has Clément Delangue calling NVIDIA "the strongest American open-source lab" (@clementdelangue). Partnerships landed with Adobe (Photoshop/Premiere rebuilt for RTX Spark, up to 2x faster), Ollama, and vLLM for local NVFP4 serving on DGX Spark (@nvidia, @ollama, @vllm_project).

Anthropic S-1 and the IPO/bubble debate

Anthropic confidentially submitted a draft S-1 to the SEC, giving it the option to pursue an IPO pending review (@anthropicai). Gary Marcus seized on the moment: SpaceX, OpenAI, and Anthropic together could IPO at ~$3.75T — more than all 2,600 dot-com IPOs from 1995–2000 combined (~$3.00T inflation-adjusted), and Marcus flagged Alphabet issuing $40B+ in equity (including a Berkshire private placement) despite $160B+ in operating cash flow as evidence of strain (@garymarcus). His thesis: with everyone "building essentially the same technical solution with essentially the same data," there is no moat, so monopoly pricing won't materialize. He cited a Bain report — "the technology worked, the value didn't arrive" (@garymarcus) — echoing community skepticism already visible on Hacker News asking whether the simultaneous IPOs signal a peak (last30days, news.ycombinator.com). Bernie Sanders' proposed American AI Sovereign Wealth Fund Act (50% public stake in the largest AI cos) entered the conversation, with Marcus calling it imperfect but a needed broadening (@garymarcus).

Coding agents: productivity data and platform moves

Ethan Mollick highlighted a major paper using GitHub data showing autocomplete tools (Copilot) drive 2.2x more code, local agents like original Claude Code 7.4x, and current remote coding agents 17.3x — though human bottlenecks mean actual releases rose "only" ~30% (@emollick). OpenAI GPT-5.5, GPT-5.4, and Codex are now GA on Amazon Bedrock with pay-per-token scaling, plus a hint of future Daybreak cybersecurity capabilities (@gdb). Anthropic reset 5-hour and weekly rate limits on Pro/Max plans after fixing an Opus 4.8 bug that spawned excessive parallel subagents (@claudedevs). Victor Taelin used Opus to build a new HVM in a day at 5–10x prior performance (@jeremyphoward), and Alex Finn shared a multi-agent stack mixing Codex, Claude Code Opus 4.8, a Hermes orchestrator, and a local DGX Spark model (@alexfinn).

New open models and agent platforms

Alibaba launched Qwen3.7-Plus, a multimodal GUI+CLI agent foundation (@alibaba_qwen). JetBrains released Mellum2-12B-A2.5B-Thinking, a 12B MoE with 128K context running natively in vLLM (@vllm_project, @huggingface). ByteDance dropped Bernini for text/image/reference-to-video (@_akhaliq), MiniMax teased M3 open-weights for next week (@clementdelangue), and fal lit up LTX 2.3 Quality with HDR/EXR (@fal). Google's Managed Agents in the Gemini API now let developers spin up a hosted Linux sandbox in one API call (@_philschmid, @googleaistudio). Hugging Face shipped Multimodal STEM HLE++, a 1,100-problem PhD-level benchmark where SOTA hits ~20% pass@1 (@huggingface), and IBM published an open-source enterprise-agents playbook (@huggingface).

AI safety, resilience, and societal framing

Sam Altman announced OpenAI's AI Resilience initiative with $130M+ in initial grants across bio-resilience, cyber-resilience, model safety, and AI's impact on young people (@sama). Roon framed the underlying mood bluntly: "the frontier labs don't have 'comms problems' — reality right now has a comms problem" (@tszzl).

The Bottom Line