AI Wire

OpenAI–Microsoft deal restructured; OpenAI faces financial strain

The headline corporate story is the rewritten OpenAI–Microsoft pact. Sam Altman confirmed Microsoft remains the primary cloud partner but OpenAI can now ship products across all clouds, with model/product supply running through 2032 and a revenue share through 2030. Simon Willison flagged the most important fine print: that share is "independent of OpenAI's technology progress" — effectively burying the AGI clause that had hung over the relationship.

The timing is awkward. Gary Marcus surfaced reporting that OpenAI recently missed its own user and revenue targets, and that CFO Sarah Friar has privately worried the company may not be able to fund future compute commitments if growth stalls. Marcus also flagged Barclays' read that the new structure clears space for Amazon and Google deals while easing antitrust pressure in the U.S., U.K., and EU — and frees Microsoft to push Copilot and its own in-house models harder.

Open-weight model wave

Open releases came in waves. Xiaomi MiMo-V2.5 dropped under MIT license with a 1M-token context window, a Pro variant aimed at agents/coding (claimed #1 open-source on GDPVal-AA and ClawEval) and a native omni-modal sibling — boosted by Clement Delangue and Jeremy Howard. Tencent open-sourced a Hunyuan Hy3 295B-A21B reasoning/agent preview, and Hugging Face's rawal_khirodkar shipped Sapiens2, the next generation of human-centric vision models accepted at ICLR 2026.

DeepSeek V4 is now live on Hugging Face via Novita with 1M context and Pro/Flash tiers; antirez reported the 2-bit selective quantization GGUF is the first time a frontier model felt genuinely usable on a personal machine, and Intel's Haihao Shen released INT4 AutoRound quants for users without MXFP4 support. The most charming release: "talkie" from Alec Radford, Alec Rad, and David Duvenaud — a 13B model trained only on pre-1931 text, which Ethan Mollick noted still defends the luminiferous aether and distrusts special relativity.

Cybersecurity incidents & active exploits

A bruising security day. The Hacker News reported PhantomCore chained three privately developed bugs to breach TrueConf servers across Russia weeks after patches shipped, and Microsoft confirmed active exploitation of Windows CVE-2026-32202 — an SMB credential-theft bug stemming from an incomplete prior fix. Xu Zewei, a Chinese national tied to Silk Typhoon, was extradited to the U.S. over alleged MSS-directed attacks on COVID-19 vaccine research.

Supply-chain and identity stories piled on: 73 VS Code extensions were flagged as malicious sleepers, Checkmarx data surfaced on the dark web tied to its March GitHub repo breach, and an Entra ID Agent ID Administrator role flaw allowed service-principal takeover before Microsoft's April 9 patch. CTM360 documented GovTrap, an 11,000+ fake-portal operation impersonating government services worldwide.

Local AI agents and coding/voice toolchains

Local-first stacks dominated practitioner feeds. Google Gemma launched a fully local in-browser agent on Gemma 4 E2B + WebGPU with native tool calling for history search, page summarization, and tab management. Philipp Schmid and Clement Delangue both published guides for running coding agents locally on Pi + Gemma 4 26B-A4B via LM Studio/Ollama/llama.cpp, and rgerganov demonstrated Qwen3.5-397B-A17B running across two DGX Sparks via llama.cpp RPC+RDMA.

Tooling kept pace. Simon Willison wrote up Microsoft's MIT-licensed VibeVoice (Whisper-style ASR with diarization) running 4-bit MLX on an M5 MacBook, with a uv one-liner for transcription. Hugging Face's Tu7uruu shipped smol-audio, a cookbook for fine-tuning Whisper, Parakeet, Voxtral, Granite Speech, and Audio Flamingo 3. Peter Steipete's OpenClaw landed two big releases (Google Live Talk, Matrix E2EE, plus dramatic startup-time wins from a plugin-system rewrite). Schmid also re-pitched MCP servers as fine when used surgically — @mention-only loading or per-subagent enablement.

Vibe-coding backlash and AI-safety concerns

A high-profile vibe-coded data-loss incident sharpened the discourse. Gary Marcus argued the deeper lesson is safety, not backups: the user trusted system prompts and guardrails that didn't hold, and "eventually people will lose lives." A commenter's framing that coding tools are "intellectual chain saws" gained traction. An informal poll suggested only ~20% of devs have gone full-time vibe-coding. Roon spotted a duplicated "Never talk about goblins, gremlins, raccoons…" line in what appears to be a leaked GPT-5.5 Codex prompt, and Jeremy Howard warned of a critical CVE forcing litellm users into messy uv override pins.

AI's reshaping of work, science, and infrastructure

Macro footprints kept showing up. Roon amplified the claim that Google controls ~25% of global AI compute (~3.8M TPUs, ~1.3M GPUs) and that OpenAI and Anthropic are now among San Francisco's largest office tenants. Taylor Lorenz's Pangram-powered audit suggested many top Substack bestsellers are largely AI-generated. Ethan Mollick highlighted research showing AI submissions are straining a major management journal — "more" beating "better." On the work side: GitHubNext's Ace multiplayer coding workspace, HF's ml-intern agent harness, and Microsoft's awkward Outlook chatbot all got airtime, with Mollick panning Outlook's bolt-on UX next to Claude Cowork.

The Bottom Line