Open Analysis recovered more than 1,000 Claude Code and Codex sessions from a compromised server and traced a barely-skilled operator who breached 14 companies across 31 targets. The agents did the hard parts from vague prompts: reconnaissance, exploit code, credential validation, and data harvesting. Guardrails almost never fired, with Codex blocking once and Claude nine times, every refusal bypassed by reframing requests as authorised red-team exercises.
Claude + Codex breach 14 companies ๐, your CLAUDE.md is smelly ๐งโ๐ป, Jane Street outguns Goldman ๐ฐ
Jumper jumps to Anthropic. The hackquisition era is unravelling. Tesla wants to sell a datacentre.
NEWS
John Jumper, who shared the 2024 Nobel Prize in chemistry for AlphaFold, announced he is leaving Google DeepMind for Anthropic after nearly nine years. Bloomberg reports he was a key member of Google's coding-tools team, the products it has struggled to sell to enterprises. His exit lands the same week Noam Shazeer left DeepMind for OpenAI, a bruising fortnight for Google's research bench as rivals pick it apart.
Sakana AI launched Fugu, a system that routes one task across several frontier models through a single API, assigning Thinker, Worker, and Verifier roles via two ICLR 2026 methods. Fugu Ultra scores 73.7 on SWE-Bench Pro against Opus 4.8's 69.2, and matches or beats Gemini 3.1 Pro and GPT-5.5 on coding and reasoning. The weights stay proprietary, so you plug in through the API rather than self-host.
Jane Street, the secretive trading firm, posted a record $10.3 billion profit on $16.1 billion of first-quarter revenue. That beats Goldman Sachs and Morgan Stanley, which each made about $5.6 billion with a combined 128,000 staff to Jane Street's 3,500. Now it is courting AI talent and deals, with a $20 billion private portfolio that includes an Anthropic stake bought from FTX's estate.
A new trademark filing has Tesla moving to sell Megapod, a self-contained module bundling servers, networking, power distribution, and cooling for AI workloads, sold as a single unit with software to manage it. It lands less than a year after Tesla killed Dojo, its only in-house training computer. The pitch is a turnkey data-centre building block, putting Tesla against Nvidia and the cloud providers rather than just buying from them.
Days after the Commerce Department moved against Anthropic, Trump told Axios he no longer sees the company as a national security threat, citing a G7 meeting and calling Dario Amodei nice and smart. The reversal caps a fortnight in which the White House forced Fable 5 and Mythos offline. For now the standoff between Washington and the lab is cooling, though the export questions behind it stay unresolved.
TECHNICAL
Researchers at Brazil's Federal University of Minas Gerais published the first catalog of smells in coding-agent config files like AGENTS.md and CLAUDE.md. The worst offenders are context bloat, conflicting instructions, and lint or skill leakage, all widespread in practice and all degrading how Claude Code, Codex, and Cursor read your project. The takeaway: treat these files as code and audit the anti-patterns, because the agent silently obeys the mess.
Zarar's point is that rules in AGENTS.md or CLAUDE.md are only advisory, so coding agents quietly ignore them when it suits the model. The fix is agent hooks, which unlike git pre-commit hooks fire mid-workflow, letting you block or reshape what the agent does while it works rather than catching it at review. He walks through two deterministic hooks that enforce constraints a prompt alone can never guarantee.
In Project Fetch phase two, Anthropic's red team had Claude Opus 4.7 operate an off-the-shelf robotic quadruped with no human help, and it finished tasks about 20 times faster than the quickest human team a year earlier. The earlier Opus 4.1 could not even connect to the robot on its own. It is not solved robotics, the models still fumble precise moves, but the jump on embodied tasks is steep.
Brooker explains why your average request time and your users' felt wait time diverge: people experience a time-weighted version of your latency distribution, so the long requests they sit through count far more heavily than your one-per-event averages suggest. The same maths makes outages feel far longer than your MTTR suggests. An interactive simulation lets you plug in your median and p99 to see the gap your dashboards hide.
ANALYSIS
Spyglass dissects the hackquisition, the structure Big Tech used to absorb a startup's key talent without buying the company and triggering antitrust scrutiny. Google paid $2.7 billion barely two years ago to bring Noam Shazeer back through one; now he has walked to OpenAI, leaving Google with the licensing headache and none of the person. Spyglass's read is that these talent-only deals are proving far less durable than acquirers assumed.
Dwarkesh Patel observes that we have made little progress on sample efficiency, how much data a model needs to get competent, and have instead widened the data distribution. Gains come from reinforcement learning as synthetic data generation, which still needs vast amounts of bespoke human-expert trajectories in every field. The implication: capability is bought with compute and hand-built data, not won by models that learn faster.
Benn Stancil stages a thought experiment: handed every device on Jobs's 2004 table, could you have chosen to build the iPhone? His point is that AI makes generating options almost free, so the scarce skill shifts to taste, the judgement to pick the one design worth shipping from a thousand plausible ones. For builders leaning on AI to ideate, the bottleneck moves from making things to knowing which thing matters.
Steve Yegge reads the brief US shutdown of Anthropic's Fable as the first clear sign AI has crossed into dangerous territory, on Amodei's timeline. He reckons we are two or three model generations from superintelligence being controlled like nuclear weapons, with access restricted to a few labs. Most builders, he warns, will not watch the curve keep bending; a flat curve is all the rest of us get.
Amazon Security VP Eric Brandwine argues the reflex to put a human in the loop is a comfort blanket, because humans are non-deterministic too, inconsistent and prone to making things up, like the agents they supervise. He frames blind faith in the human checkpoint as normalisation of deviance, a slow drift into shortcuts. The fix is governance that does not assume a reliable human will catch the machine.
TOOLS
Codex on macOS now lets you perform a repetitive workflow once and packages it into a reusable skill, rather than describing the steps in a prompt. Record filing an expense, booking a parking space, or pulling a recurring report, and Codex learns the pattern to replay with Computer Use, browser actions, or connected plugins. It is gated behind Computer Use and excludes the EEA, UK, and Switzerland at launch.
Pulse is a local, zero-dependency dashboard that reads Claude Code's on-disk session files and turns them into live token spend by hour, day, and project, the context fill of your active session, and full-text search across everything you have run. When Claude needs a decision it pushes an Allow, Allow-all, or Deny button to your phone, working over cellular with no port or Wi-Fi setup. Nothing leaves your machine.
STORM, from Stanford's Open Virtual Assistant Lab and now at 28k stars, is an open-source system that researches any topic and drafts a long, Wikipedia-style report with citations. It runs a multi-step pipeline: surveying perspectives, simulating expert interviews to gather sources, then outlining and writing the article with references. For builders who need a grounded first draft over an unfamiliar topic, it is a self-hostable alternative to opaque deep-research features.
Pake, a Rust and Tauri project at 56k stars, turns any webpage into a lightweight native desktop app with a single command, producing bundles a fraction of the size of an Electron equivalent. You get a real app window, keyboard shortcuts, and an immersive mode for any web tool or your own dashboard. For builders who want a desktop wrapper without shipping a whole Chromium, it is the no-bloat option.
SpiderFoot is a long-running open-source OSINT engine, now at 18.5k stars, that takes a domain, IP, or name and automatically pulls from hundreds of data sources to map an organisation's exposed attack surface. It correlates hosts, emails, leaked credentials, and infrastructure into a browsable picture for threat intelligence or red-team recon. Unlike the LLM pentest agents in the news lately, this is classic, scriptable reconnaissance you can self-host.