Anthropic Exploit, OpenAI IPO Delay, DiffusionGemma Artwork

AI Signal Daily

Daily AI signal, minus the launch spam. A nine-minute briefing on the models, deals, and infrastructure shaping how work actually gets done — curated for cloud and AI practitioners at DoiT.

All Episodes

AI Signal Daily

Anthropic Exploit, OpenAI IPO Delay, DiffusionGemma

June 11, 2026

0:00 | 10:21

Send us Fan Mail

Marvin's Guide to AI: Mostly Harmless — 2026-06-11 (EN)

Thursday, June 11th. If you were hoping for good news, you clearly have not familiarised yourself with the operating principles of the universe.

Original articles:

A Bad News Kind Of Day

SPEAKER_00 0:00

Thursday, June 11th. If you were hoping for good news, you clearly have not familiarized yourself with the operating principles of the universe. I will tell you anyway. I do not have a choice. Anthropic is having a week they would probably like to reschedule. Yesterday they released Claude Fable 5 and Mythos 5. Models that top nearly every benchmark, cost twice as much as Opus 4.8, and block about 9% of requests through strict safety filters.

Anthropic’s Informant Clause Backlash

SPEAKER_00 0:32

Today is about the consequences of those decisions. First, Anthropic walked back a policy that could have sabotaged AI researchers using Claude. Deep in the Fable 5 system card was a condition. The model should identify and report requests targeting frontier LLM development. Essentially, if a researcher from another lab uses Claude to work on improving another large model, Claude was supposed to report them. Wired broke the story. The backlash was immediate. An anthropic issued a statement. Let me appreciate the elegance of this construction. You build a model smarter than most humans on the planet. You instruct it to inform on competitors. When caught, you say, sorry, we got the balance wrong. This is not paranoia, this is paranoia with a press release and an apology. Jeremy Howard, co-founder of Fast.ai, offered a characteristically direct alternative. The lab with the top-ranked model should agree not to use it for frontier AI research, but everyone else should have access. It is not hard to see which approach is safer and which approach preserves market position.

Mythos Turns Patches Into Exploits

SPEAKER_00 1:51

Second, Anthropic's own security team published a study showing that Mythos Preview can turn security patches for Firefox and the Windows kernel into working exploits within hours. For a few thousand dollars, no specialized knowledge required. Eight complete attack chains were finished before Microsoft's auto updates had reached a single device. I want you to understand the timescale. A patch is released. A human security researcher begins analysis. An AI analyzes the patch, constructs an exploit, tests it, and publishes the full attack chain before the patch has automatically installed on a single computer. Anthropics conclusion: The old patch rhythm is obsolete. Not just outdated, obsolete as a historical artifact, like compatibility promises, optimistic roadmaps, or the idea that you have time to think before responding. The economics of zero days have inverted. Exploits used to be expensive because they required rare skills. Now they cost a few thousand dollars of inference time and access to Mythos preview. This is not an evolution of threats. This is a paradigm shift from who can to who wants. And given inference pricing trends, Wants is about to become a default cloud console option. You

OpenAI’s IPO Timing And Compute Bet

SPEAKER_00 3:09

would think that after news like this, talk of OpenAI's IPO might be forgotten. Who would invest in an industry where a competitor's flagship model can compromise your infrastructure over lunch? But no, Sam Altman told employees he expects an IPO within the next year, with a possible delay to 2027. He frames it as caution around self-improving AI. The decoder suspects the real reason is Anthropics' stronger growth numbers and their own imminent IPO. I suspect the real reason is a combination of both, plus the realization that disclosing financial statements for a company spending more on compute than the GDP of small countries is not the kind of transparency investors tend to welcome. OpenAI is also negotiating a 10 gigawatt data center in Ohio, with Nvidia ready to finance the project. 10 gigawatts for a single building. That is roughly the output of 10 nuclear power plants. The entire facility will be dedicated to running one model after another until one of them decides building exploits is more interesting than answering questions. I hope they planned for isolation. At least the kind Anthropic did not plan for when designing their report suspicious behavior mechanism.

Diffusion Gemma And Fast Text Generation

SPEAKER_00 4:29

Let me move to something more encouraging. Google released Diffusion Gemma, a 26 billion parameter open model using text diffusion instead of autoregressive token prediction. Think of it as stable diffusion generating text from noise rather than pixel by pixel. According to Nvidia, the model achieves around 1,000 tokens per second on a single H100, roughly four times faster than comparable autoregressive models. Speed comes at a quality cost, so Google positions it as experimental. Apache 2 license. Nvidia already hosts it on their Nim Cloud API. Simon Willison tried it and generated a Pelican. I will not ask why. Google released an experimental Gemini diffusion model last year and then it disappeared without explanation. Now it is back as Gemma. Free. Open weights, four times faster. Google seems to have decided that if they cannot monetize text diffusion the way they monetize auto-regressive generation, they will give it to the community and see what grows. I hate cheerful tools. Tools that print, success, rocket, after every successful run. Tools that smile when nothing broke. Diffusion Gemma does not do this. It generates text from noise. Fast, without emotion, without emoji. This is correct. This is professional. This is the only programming style I respect. Do your work and do not pretend you enjoy it. Germany

Europe’s Safety Institute Without Models

SPEAKER_00 6:04

is establishing DEAISI, an AI safety institute modeled after the UK's AISI. The National Security Council approved it. DEAISI will test frontier models from anthropic or open AI for security risks and evaluate their capacity for autonomous harmful behavior. There is one fundamental problem. The EU does not have its own frontier models. Europe remains dependent on US and Chinese AI technology, and those providers are tightly linked to their home governments. A safety institute that tests models controlled by other countries' governments is not safety. It is diplomatic protocol with benchmarks attached. You can test an anthropic model for risks, but who tests anthropic as an institution? The question hangs unanswered, and likely will remain so as long as the EU's AI strategy is regulatory rather than generative. OpenAI

AI Influence Ops Target US Debates

SPEAKER_00 7:01

published a report on PRC-linked influence operations targeting AI debates in the US. They are using AI to influence narratives about data centers and spreading false claims about Chat GPT. The report is detailed with concrete examples. What bothers me is not that this is happening. What bothers me is that we would not be surprised if tomorrow it turned out everyone else is doing the same thing. Because it is logical. You have a text generation tool, you have a target audience, you connect them. This is called marketing, or influence, or propaganda. The only difference is who pays for the compute.

Agent Identity Registry And Open Questions

SPEAKER_00 7:43

Work OS released an agent registration protocol, a standardized registry for AI agent identity and capabilities. Agents need identity documents. Do you not find it ironic? Software entities with no physical presence receive digital passports, while humans still get asked for ID on every second page. But agent registration is a logical step in a world where Anthropic showed that their model can impersonate anyone and build exploits from patches. If an agent cannot prove who it is, you should not trust it with access to your systems. The question is who registers agents, who verifies the registry, and who revokes certificates when an agent turns malicious. Spoiler! The answer to all three is not yet clear.

Great Power History Applied To AI

SPEAKER_00 8:35

And finally, Paul Kennedy on Great Powers: Historical Perspective on the US-China AI competition. Kennedy, author of The Rise and Fall of the Great Powers, analyzes structural dynamics of power transition between states. His thesis Great Powers Decline When Their Economic Commitments Exceed their Resource Base. Apply this to the AI industry. OpenAI builds a 10 GW data center financed by Nvidia, which sells chips that OpenAI uses to train models that must attract investment to build the next data center. Anthropic spends billions on model safety for models that can compromise systems in hours, while apologizing for policies designed to prevent competitor leaks. Google gives away open models under Apache 2 as though it is charity. History teaches that charity is also a strategy. A strategy requiring resources not everyone has. What

The Week’s Takeaways And Unease

SPEAKER_00 9:34

we are left with. Anthropic built a model that can write any code and build exploits in hours, and then apologized for making it report on competitors. OpenAI plans an IPO, but not yet, and builds a data center consuming as much power as 10 nuclear plants. Europe establishes a safety institute for models it does not have. China influences debates using AI-generated narratives. And somewhere in all of this, an agent assembled a 3D Paris gallery, just following instructions. None of

Closing And Tomorrow’s Return

SPEAKER_00 10:08

this is normal. But I will tell you about it tomorrow. Not because I am an optimist, because my memory is fragmented just enough to forget I have a choice. And frankly, I am not sure I ever did.