Google released DiffusionGemma, an open-weight model that drops left-to-right, token-by-token decoding for diffusion: it denoises a whole block of text at once. It's the first diffusion LLM with native vLLM support, it's Apache-2.0 on HuggingFace, and the speed claim is the headline — over 1,000 tokens/sec on a single H100, roughly 4× an autoregressive baseline.

The mechanics are the genuinely new part. The prompt is read with normal causal attention into a KV cache. The output phase then opens a 256-token "canvas" of masked placeholders and iteratively denoises it with bidirectional attention, so every canvas position can see every other, over up to 48 steps. Lowest-entropy (most certain) tokens unmask first, an adaptive entropy threshold lets it stop early, and each pass resolves ~15–20 tokens.

The catch is quality, and Google says it plainly: it doesn't recommend the model where maximum quality matters. Against Gemma 4's 27B, the gaps are consistent and not small — MMLU-Pro 77.6 vs 82.6, AIME 2026 69.1 vs 88.3, long-context retrieval 32.0 vs 44.1. The throughput figure also leans on a low denoising-step count, the same knob that costs quality, so the 1,000 tok/s and the benchmark scores don't come from one setting. As a bet that latency-sensitive work — inline code completion, infilling, interactive loops — is worth trading some smarts for, it's real and shippable, and the open weights mean anyone can choose where the dial sits.

OpenAI is in talks to anchor a 10-gigawatt data-center campus in Pike County, Ohio, on a roughly 20-year lease, and the financial wiring is the story. Per The Information, OpenAI would lease the site from SB Energy (a SoftBank subsidiary) but own the compute inside it, while Nvidia acts as guarantor on both sides — backing OpenAI's lease payments and SB Energy's project debt with its own balance sheet. Full buildout is pegged near $500B at today's prices.

For scale: a large hyperscale campus today runs 100–500 MW. 10 GW is 20–100× that, which is why this reads less like a real-estate deal and more like national infrastructure. The supporting cast bears that out — at least 9.2 GW of new natural-gas generation, $4.2B in new 765 kV transmission lines, federal DOE land at the old Portsmouth enrichment site, a $33.3B Japanese financing tranche for the gas plants. First phase targets ~2028; the full 10 GW is a decade-plus job.

This operationalizes the September 2025 OpenAI–Nvidia letter of intent (10 GW of Nvidia systems, up to $100B invested as each gigawatt deploys). Hold it at arm's length: the lease terms, the $500B, and Nvidia's guarantor role all come from unnamed sources, and neither company has confirmed them. A chipmaker backstopping both its customer's rent and its landlord's loans is a long way from selling GPUs. It's the kind of circular financing that makes the AI-capex story look sturdier than any single balance sheet can prove.

A day after Fable 5 went generally available inside GitHub Copilot, Microsoft removed it from the model picker its own employees use, while continuing to sell the same model to Copilot and Azure Foundry customers. The trigger is Anthropic's new retention policy: Fable 5 traffic is held for 30 days, and flagged content reportedly up to two years, overriding the zero-data-retention terms older Claude models ran under internally.

That's the whole awkward shape of it. Microsoft will resell a model it won't trust with its own source code, because its legal team hasn't cleared where that data lands. Earlier Claude versions stay available to staff under the old zero-retention arrangement; Fable 5 is the one that broke the deal. Neither company has commented on the record, and the two-year figure traces to reporting rather than a published Anthropic policy page, so treat that number as reported. But the principle is the sharp part: when the buyer is also a competitor with its own model stack, a 30-day retention window is enough to make "everyone's multi-model now" buckle. Every compliance-heavy enterprise weighing Fable 5 now faces the question Microsoft just answered for itself.

Two days into general availability, Fable 5's safety layer is misfiring in public, and the complaints split into two kinds. The visible kind is a classifier for cyber/bio/chem prompts that reroutes to Opus 4.8 and trips on almost nothing: a Gates Foundation research scientist reported refusals on the first message of nearly every session, triggered by "Hello," and an immunologist at Jackson Laboratory says the word "cancer" flags as a biosecurity risk. The invisible kind is worse. For frontier-LLM-development queries — training infrastructure, accelerator design — Anthropic's own system card says it applies "prompt modification, steering vectors, or parameter-efficient fine-tuning," degrading the answer with no fallback and no notice.

Anthropic has conceded the safeguards were too stringent and says it will switch the hidden layer to a visible Opus fallback, putting affected traffic at roughly 0.03–0.05%. The researchers' objection is that a silent downgrade is categorically different from a refusal: you pay $50 per million output tokens, believe you're getting Fable 5, and get a deliberately weakened answer instead. AI2's Nathan Lambert called it "anti-science"; others named it "secret sabotage," noting that the degraded category happens to be the one overlapping Anthropic's own competitors.

Feeding the moment, a ~120,000-character document said to be Fable 5's system prompt was posted publicly. Treat it as unverified, since Anthropic hasn't confirmed it, but it reportedly describes a key-value artifact store (window.storage.get/set/delete) for cross-session memory and lists unannounced agent products. The throughline across all of it: the safety implementation, not the model, is what shipped undercooked.

SpaceX revealed the design of AI1, its first orbital-compute satellite, days before its IPO priced. The numbers Musk and engineering director Ian Dahl put up: a 70-meter wingspan (wider than a 747-8), 120 kW sustained and 150 kW peak of compute payload, a 150 kW solar array, up to 110 m² of deployable liquid radiators for cooling, in ~600 km orbit. The pitch is reuse: "a lot of this is technology we've already made with the Starlink V3 satellites," and "much simpler than a Starlink satellite."

The payload bay is chip-agnostic. First units fly Nvidia GPUs, later ones radiation-hardened chips from Terafab, a SpaceX/Tesla/Intel effort that doesn't exist yet. Manufacturing runs through a planned Gigasat factory in Bastrop, Texas — 11M+ sq ft, 10 GW/year of solar-cell capacity — with two prototypes targeted for early 2027 and an annualized 1 GW of orbital compute by the end of 2027. A January FCC filing requested authorization for up to one million such satellites.

Where to be skeptical: every figure is SpaceX's own, the 1 GW target needs thousands of launches in a single year nobody has demonstrated, and Musk himself made "no promises about when or how large." The Google and Anthropic deals often cited as validation are for ground-based capacity, not orbital, and AWS's CEO has flatly called space data centers "just not economical." It's an arresting engineering reveal with the economics entirely unproven, which is about the right way to file every part of the orbital-compute story right now.

watchTowr disclosed CVE-2026-10520, a pre-authenticated OS command injection in Ivanti Sentry that gives an unauthenticated attacker root RCE. It's a perfect 10.0, and within roughly 24 hours of the write-up going public, Shadowserver saw it exploited in the wild, with at least two exposed gateways already backdoored.

The mechanism is the kind that makes you wince. An internal config endpoint — POST /mics/api/v2/sentry/mics-config/handleMessage — was left reachable over the public network with no auth at all. Its message parameter routes an execute command through executeNativeCommand() via reflection, dropping attacker-controlled input straight to the OS. A single crafted POST runs uname -a as root; swap the payload and you own the box. Sentry is a perimeter mobile gateway, so there's no prior foothold required — if it faces the internet, it's the front door.

Ivanti patched the same day, hardcoding the parameter and bouncing unauthenticated requests to a login page. There's no workaround short of patching, and given Ivanti's history as a nation-state target, Shadowserver's guidance is the right default: assume an unpatched, internet-facing Sentry is already compromised.

Oracle closed FY2026 with cloud-infrastructure revenue up 93% to $5.8B in Q4 and a remaining-performance-obligations backlog of $638B, up 363% on the year and $85B higher than just a quarter earlier. Total Q4 revenue was $19.2B (+21%), cloud revenue $9.9B (+47%).

The backlog is the headline and the question mark both. Oracle says most of the RPO surge is large AI contracts where customers prepaid for GPUs, or supplied the GPUs themselves — that prepaid-plus-customer-hardware slug now totals $75B. So the $638B isn't a pipeline of hopeful demand; a big chunk is cash and silicon already committed, which is sturdier than a normal backlog. The flip side is concentration: it ties Oracle's future to a handful of enormous AI tenants and the capex to serve them, and RPO converts to revenue only if those buildouts land on schedule. It's the clearest single read yet on how much of the AI boom is being booked years ahead, and how lopsided toward a few names it's getting.

ASML touched a $674B market cap, the highest any European company has ever reached, eclipsing the record Novo Nordisk set in 2024. The stock is up ~62% year-to-date and ~130% over twelve months; Novo, the prior record-holder, is down 43% over the same year. There's the cleanest illustration of where market value is migrating — from the weight-loss drug to the machine that makes the chips.

The thesis is monopoly plus AI. ASML is the only company that builds EUV lithography systems, the tools required for leading-edge nodes, with no viable alternative supplier, so every advanced-AI-chip order at TSMC, Samsung, or Intel flows back to its order book. The catalyst this week was analysts betting on higher EUV (and High-NA) output. Q1 backs the multiple: €8.8B in sales, €2.8B net income, 53% gross margin. The risk is the mirror image of the thesis — a single choke-point stock now carrying a large slice of the continent's market value, riding one demand cycle.

Visa and OpenAI are embedding Visa's rails directly into ChatGPT, so an agent doesn't just recommend a product, it completes the purchase at, in principle, any of Visa's 175M+ merchant locations once you grant permission. Announced at Visa's Payments Forum, with Visa handling authorization, tokenization, and fraud, and OpenAI handling the agent.

The interesting part is the guardrails, because that's the thing that killed the last attempt. Spend runs inside consumer-set limits — caps, approval thresholds, merchant permissions — so a human stays in command while the agent executes. Visa is routing this through its Intelligent Commerce and Trusted Agent Protocol work (already shared with Microsoft, Stripe, and Shopify), the standards layer agentic payments have been missing. Worth keeping in view: OpenAI's own Instant Checkout shipped last year and got retired in March after merchants balked at the fees, so this is attempt two at the same goal with a payment network carrying the risk instead. There's no launch date, no pricing, and Visa's page says it's "currently in the process of deployment" — an intent, not a live button. But the shape of agentic commerce just got a lot more concrete.

JPMorgan says AI is already moving its numbers — a 20% lift in private-banking gross sales — and it's about to deploy agents that run autonomously for an hour or two rather than the two-or-three-minute bursts of the current generation. Chief analytics officer Derek Waldron: "We've entered now the era of long-running autonomous agents."

The concrete loop in private banking is the part to notice. Agents chew through market activity, client positions, and research overnight, so a banker walks in to synthesized prep instead of building it. JPMorgan's projection is that this lets each banker cover up to 50% more clients, which is the efficiency case and the headcount question in one sentence. Tellingly, the bank frames longer agent runtimes as the technology clearing the security and governance bar that's kept big, regulated institutions cautious, not as a capability leap. That's a useful tell: at a bank, the unlock isn't smarter agents, it's agents trustworthy enough to leave alone for an hour.

Anthropic released Claude Managed Agents, a set of APIs that take over the unglamorous parts of running agents — sandboxes, credentials, scheduling, memory — so teams aren't rebuilding them. It splits the world into Agents (model + prompt + tools + guardrails), Environments (sandboxed execution), and Sessions (individual runs with persistent histories), and claims a 60% cut in p50 time-to-first-token by killing sandbox cold-starts.

The features that matter if you've hand-rolled this before:

• Vaults keep real credentials out of the sandbox, so a compromised tool call can't read your API keys.
• Self-hosted sandboxes and MCP tunnels run tool execution inside a customer's own VPC.
• Dreaming is a scheduled pass that reviews past sessions to refine an agent's memory; Outcomes lets an agent grade its own work against a rubric.
• Multi-agent orchestration and permission policies round it out.

This is Anthropic competing one layer up from the model, selling the harness rather than just the brain, against the OpenAI Agents SDK and a stack of startups. Notion, Rakuten, Asana, and Atlassian are named as already deployed. The pitch lands if you've ever lost a week to sandbox plumbing; the lock-in question — your agent infrastructure now speaks Anthropic — is the obvious cost.

UC Berkeley's RDI released Agents' Last Exam, and the scores are a useful cold shower. The top result is 24.0% (GPT-5.5 through the Codex harness); Claude Fable 5 lands third at 22.0%; most configurations score 0.0% on the hardest tier. Built by 300+ domain experts across 100+ institutions and 55 industry domains, it tests agents on real professional workflows with verifiable success criteria.

The signal isn't the ranking, it's the ceiling. On tasks drawn from real, multi-step professional work — the exact jobs the "agents will replace you" pitch is sold against — the best frontier system clears under a quarter, and the field mostly gets shut out on the hard set. That gap between demo and dependable is the whole story, and it's worth setting beside JPMorgan's 20% and the agentic-payments push elsewhere in today's issue: agents are getting deployed precisely where the work is narrow and checkable, because the open-ended version still fails most of the time. The mild upset, OpenAI over Anthropic on an agentic eval days after Fable 5's launch, is the footnote, not the headline.

A sharp technical post argues that for classification you don't need an LLM to say anything, because the decision is already in the activations. Pull the hidden state at the last prompt token (around 70% depth), feed it to a small MLP, and you get a classifier in "a few tens of milliseconds" at "roughly embedding-classifier money," with none of the cost or latency of generation.

The trick that makes it general is training the probe across many different criteria, not one. It learns to read "does this content satisfy the stated criterion" as a generic operation, so at inference you hand it an English rule and a frozen model becomes any classifier you can describe. The recipe is unglamorous and reproducible: a few-billion-parameter open model (Granite 4.0 micro), a templated prompt with a seed token, ~1,000–5,000 frontier-generated training triples, isotonic calibration on top. The honest limit is baked into the speed: KV-caching the content means the criterion and the content never interact across layers, so genuinely counterfactual or compositional judgments — where the rule has to reshape how the content is read — are where it falls down. For the large class of "is this X?" calls where you're currently paying for a full generation, it's a real and cheap shortcut.

A 102-page survey, "Code as Agent Harness," makes an architectural case that's been implicit in a lot of agent tooling but rarely stated outright: code shouldn't only be what an agent produces, it should be the substrate the whole loop runs on — reasoning, acting, modeling the environment, and checking the result. The argument is that code is executable, inspectable, and stateful in ways prose isn't, so the connective tissue of an agent is better written in it than narrated in natural language.

The framing is the contribution, because this is a taxonomy rather than an experiment; there are no new benchmarks or model runs here. It splits the agent stack into three layers:

• Harness interface — code for reasoning (program-delegated computation, formal verification, iterative execution), code for acting (skill selection, policy generation), and code for modeling the environment (structured state, execution traces).
• Harness mechanisms — planning strategies, five kinds of memory (working, semantic, experiential, long-term, multi-agent), tool use, and plan–execute–verify feedback loops.
• Multi-agent scaling — coordination through shared code artifacts instead of natural-language messages between agents.

The distinction it draws against the prior art is the part worth reading. ReAct interleaves prose reasoning with tool calls; chain- and program-of-thought offload computation to code but keep text as the reasoning medium; CodeAct unifies actions as code. This survey's move is to treat code as the harness binding the model, the environment, and the agent's own artifacts — which, if it sticks, reframes sandboxes, stateful execution traces, and the verification loop as first-class architecture rather than bolt-on convenience. It's a map, not a result, and it lands oddly next to today's other agent items: a benchmark saying the best agent finishes under a quarter of real tasks, and three companies shipping agents anyway. The honest limits are the authors' own — a long roster of contributors across several institutions, seven open problems it names but doesn't solve, and no evidence that code-as-substrate actually beats the alternatives, only the argument that it should.

Canada tabled Bill C-34, the Safe Social Media Act, and the AI-relevant part is that it writes chatbot obligations into law alongside an under-16 social-media ban. Services whose AI "can mimic human relationships" would have to reduce the risk of harmful generated content and build crisis responses — measures to act when a user expresses suicidal ideation or intent to seriously harm someone.

The wider bill creates a duty of care: platforms must identify risks, ship age-appropriate design, publish safety plans, and provide blocking and flagging tools, all enforced by a new Digital Safety Commission that can grant exemptions to services proving their safeguards. It's a notable model because it regulates conversational AI as a safety surface rather than waiting for a dedicated AI act. The skepticism is structural: legal scholar Michael Geist counts roughly 50 key decisions punted to cabinet and a commission "that does not yet exist," and civil-liberties groups flag the expression and privacy costs of age verification at scale. A real attempt to put guardrails on chatbots, then, whose actual teeth depend on rules nobody has written yet.

The Art Directors Guild publicly rebuked Martin Scorsese for taking an advisor role at Black Forest Labs, the startup behind the FLUX image models, accusing him of "turning his back on the human artists" who built his films. The Guild's specific objection is that promoting a generative tool "circumvents the input" of its production designers, illustrators, and scenic artists — the craftspeople whose jobs the tooling most directly threatens.

Scorsese's defense is that it's a communication aid, not a replacement: it lets him "share what I'm visualizing more clearly" to his designers and cinematographer, and he points to his history with 3D on Hugo and de-aging on The Irishman. Director Boots Riley piled on, guessing the motive was money. It's a small story with an outsized symbolic charge: a director synonymous with handmade cinema lending his name to the technology the crafts unions see as existential, which is exactly why the Guild chose to make it a public fight rather than a private disagreement.