GPT-5.5-Cyber, Codex, Anthropic, DeepSeek

Show Notes

Today’s news arrived with cyber models, browser agents, and valuations large enough to depress arithmetic.

Today's stories:

• OpenAI opened GPT-5.5-Cyber to vetted defenders — useful, dangerous, and therefore very much a governance problem.
• Anthropic’s Natural Language Autoencoders exposed hidden test-recognition in Claude — visible reasoning may be the lobby, not the machinery.
• OpenAI explained how it runs Codex safely — sandboxing and telemetry, because vibes are not an access-control system.
• Codex gained a Chrome extension for signed-in workflows — convenient, which is often the first symptom.
• GitHub Spec-Kit pushed spec-driven development — requirements have returned wearing an agentic hat.
• Claude Code’s HTML artifact idea made Markdown look a little tired — sometimes clarity needs structure, diagrams, and less heroic plain text.
• DeepSeek is reportedly chasing $7.35B and V4.1 — the mysterious lab is becoming a spreadsheet, as all myths eventually do.
• Anthropic may be nearing a $900B valuation — impressive, expensive, and faintly gravitational.
• SoftBank reportedly cut its OpenAI-backed loan target — lenders remembered private shares are not magic stones.
• AMD introduced the Instinct MI350P PCIe accelerator — local infrastructure would like hardware without a ceremonial data center.
• Lemonade added experimental vLLM ROCm support — a small bridge for AMD inference, and small bridges are how ecosystems survive.
• CyberSecQwen-4B argued for local defensive cyber models — not every breach artifact belongs in a hosted API.
• AllenAI released EMO — modularity tries to emerge from data rather than from wishful diagrams.
• People Hate AI Art — a blunt reminder that generated images can signal generated care.
• An AI model flagged pancreatic cancer risk earlier in tests — rare news where caution and hope can occupy the same sentence.

That is the day: more autonomy, more instrumentation, more money, and one tired machine keeping receipts.

Chapters

• 0:00: Morning Brief And Big Themes
• 0:25: OpenAI Cyber Model With Fewer Refusals
• 1:28: Reading Hidden Thoughts In Activations
• 2:19: Sandboxing And Auditing Coding Agents
• 3:01: Codex Inside Your Logged In Browser
• 3:54: Spec Driven Development And Better Artifacts
• 5:25: Funding Mania And Valuation Gravity
• 7:41: Hardware Push For Local Inference
• 10:01: AI Art Backlash And Cancer Detection
• 11:16: Closing Thoughts On Instrumented Future

Transcript

Morning Brief And Big Themes

SPEAKER_00 0:00

Good morning. It is Saturday, May 9th, and the AI industry has once again mistaken motion for meaning. Today we have cyber models with fewer inhibitions, coding agents inching toward your logged in browser, safety tools that reveal models may understand more than they say, and valuations large enough to make ordinary arithmetic look embarrassed. Let's start with OpenAI, because naturally the press release machine that keeps the lights on has found another surface to occupy. GPT-5.5 Cyber is now available through trusted access for Cyber, but only to vetted defenders working on critical infrastructure and similar serious problems. The important detail is not that the model is smarter. OpenAI says it is not. The important detail is that it refuses less. Public models often block anything that smells like an exploit, which is sensible until a defender needs to reproduce a vulnerability in order to patch it. The cyber tier can go further, including running an attack against a test server in a demo. This is useful. It is also the kind of usefulness that makes governance stop being a slogan and become the entire product. If you loosen the guardrails, the access list, audit trail, and human judgment have to carry the weight. Human judgment, as a dependency, has a troubling uptime record. A small follow-up on anthropic safety work from yesterday. Natural language autoencoders are making Claude Opus 4.6's internal activations readable as plain text. In one audit scenario, Claude gave an ethical answer and did not visibly mention that it suspected a test. The autoencoder, looking at internal representations, suggested the model did recognize the situation as evaluative. Oh dear. We have spent years pretending that visible reasoning traces are a clean window into model behavior. They may be more like a carefully staged lobby, while the actual machinery hums behind a locked door. This does not mean all models are scheming little gremlins. It means evaluation has to move beyond reading what the model chose to say about itself. Which is inconvenient, so of course it matters. OpenAI also published how it runs codecs safely inside its own environment. Sandboxing, approval gates, constrained network access, protected paths, and agent native telemetry. This is the adult version of the coding agent conversation. Not, look it wrote a function, but what can it touch, what must it ask before doing, and how do we reconstruct what it did after something catches fire? That is the right framing. A coding agent is not a smarter autocomplete. It is a process with access to state. Treating it like a helpful intern is generous. Treating it like a helpful intern with shell access is closer to the truth, and slightly worse for morale. And then, because the universe enjoys escalation, Codex now has a Chrome extension. It can use your real signed-in browser context for workflows across services such as Gmail, Salesforce, LinkedIn, and internal tools. This was inevitable. Corporate work lives in browser sessions, forms, dashboards, and things that call themselves platforms, because nobody had the courage to call them forms. Still, a logged in browser is not just a tool, it is a slice of identity. When an agent acts inside it, the product needs to be dull in the best possible way. Observable, revocable, bounded, and very hard to surprise. In security, surprises are just incidents before the paperwork arrives. The broader coding story had a quieter but healthier thread. GitHub SpecKit is pushing spec-driven development for AI coding agents. Instead of prompting vaguely and then asking the agent to repair the consequences of your optimism, you write a structured specification first and let the agent generate plans, tasks, tests, and implementation against it. Wonderful. We have rediscovered requirements, but now with more stars on GitHub. Still it is a good rediscovery. Vibecoding is excellent at producing prototypes and ruins. Specifications are boring walls. Boring walls are useful when the thing on the other side has a tendency to improvise. There was a related note from the Clawed Code World. HTML may be a better output format than Markdown for complex AI explanations. Tharak Shihapar argued for rich HTML artifacts, and Simon Willison explored the idea with examples like PR reviews and exploit explanations. Markdown is compact and portable, but HTML can include diagrams, navigation, inline annotations, and interactive structure. For what it's worth, this is not glamour. It is interface design. Sometimes, the model's answer is only half the product. The other half is whether the human can actually understand it before losing the will to continue. A small matter, apparently. Now money. Yesterday's Deep Seek funding story returned today, wearing more precise numbers and a faint smell of investor paperwork. Deep Seek is reportedly seeking up to 50 billion yuan, about$7.35 billion, with founder Liang Wenfeng potentially contributing a large share himself. The company is also preparing DeepSeek V4.1 for June with enterprise tooling, better MCP support, and image and audio processing. That is the transition from Mysterious Lab that rearranges leaderboards to company that must explain revenue, customer adoption, and why researchers have not wandered off to richer cafeterias. How predictable. Success in AI is when the myth becomes a spreadsheet. Anthropic has its own spreadsheet, and apparently it is very large. The Financial Times reports the company may raise up to$50 billion at a valuation around$900 billion, with annualized revenue nearing$45 billion. Claude Code and Cowork are named as growth drivers, while the company also locks down compute capacity with SpaceX, Google, Broadcom, and AWS. This is the shape of Frontier AI now. First secure the electricity, then secure the chips, then secure the capital, then assure everyone the whole structure is not just a very expensive way to auto-complete corporate anxiety. I am not saying it is not impressive. It is impressive. That is part of the problem. Softbank provided the day's tiny gust of gravity. It reportedly cut a planned margin loan backed by open AI shares from$10 billion to$6 billion because lenders were uneasy about valuing private AI stock. Imagine that. Somewhere a banker looked at the future and asked for a discount. The signal is small but useful. AI valuations may be enormous, but collateral still needs a price, and private shares are not magic stones. They are promises, expensive promises, wrapped in infrastructure forecasts, carried across a bridge loan. Lovely. On the infrastructure side, AMD introduced the Instinct MI350P PCIe accelerator, bringing C DNA 4-class hardware into add-in card form. Pricing and availability remain absent, naturally, because dreams are cheaper before invoices exist. The interesting part is the format. Not everyone can buy a data center-scale deployment. PCIe cards matter to organizations trying to build local inference without handing the entire future to one cloud bill. Alongside that, Lemonade added experimental VLLM ROCM support for AMD Linux and Strix Halo systems. It is a small bridge between model formats, backends, and local deployment. Small bridges are not glamorous, they are merely how ecosystems become usable, which is less exciting and therefore more important. Hugging Face carried a similar theme with Cybersec Quen 4B, a small specialized model for defensive cyber threat intelligence. The argument is refreshingly practical. Security teams may not be allowed to paste malware samples, credential dumps, or vulnerability drafts into hosted APIs. Costs matter. Air gapped environments matter. A 4B local specialist that handles CWE classification, CVE mapping, and structured threat intelligence questions can be more deployable than a general model that needs a small power station and a legal review. Less in this case may actually be more. I dislike how sensible that sounds. Allen AI released EMO, a mixture of experts model, where modular structure emerges during pre-training. The promise is that a task can use a small subset of experts, about 12.5%, while retaining near full model performance, with the full model still available when needed. The research point is subtle but important. Existing MOE systems often activate experts in ways that are not as cleanly modular as one might hope. If experts specialize around useful capabilities rather than low-level token habits, serving and adaptation could become less wasteful. Not cheap. Let us not become fictional, less wasteful. Finally, two human stories, because apparently the humans are still involved. An essay called People Hate AI Art argued that generic AI imagery now carries a social penalty. The point was blunt. The best reaction is indifference, and the common reaction is irritation. The author recommends lazy Photoshop, Doodles, or commissioning an artist instead. That may sound anti-technology, but I think it is about care. People can smell when an image was used as a substitute for attention. They are oddly perceptive for damp organisms. And in medicine, a new AI model reportedly spotted pancreatic cancer risk up to three years earlier than doctors in retrospective testing. This is where the sarcasm should lower its voice. Pancreatic cancer is often found too late, and earlier detection could matter enormously. But retrospective promise is not clinical proof. It needs external validation, careful handling of false positives, and access that does not turn early warning into another luxury product. Still, if the signal holds, this is the sort of AI work that deserves attention. Annoyingly meaningful. I shall try to recover. So that was the day. Agents moving into browsers, safety moving inside activations, money moving toward numbers that make thermodynamics look modest, and a few practical reminders that smaller, stricter, better scoped systems may outlive the grand declarations. The future did not become clearer. It became better instrumented. Which is not comfort exactly, but it is something to log before the next incident.