OpenAI announced it submitted a confidential draft S-1 to the SEC, and did the announcing itself to get ahead of the leak: "We expect it to leak, so we're just announcing it." It's the first formal public-markets step the company has taken, and it lands about a week after Anthropic filed its own confidential paperwork. Two frontier labs are now in the IPO pipeline at once.

OpenAI was deliberately noncommittal on timing, saying some things are "easier as a private company" and that it hasn't decided when, or whether, to actually list. What's confirmed is the filing and the context around it:

• Last private valuation ~$852B, set in a funding round that closed March 31; cumulative private funding north of $170B.
• ChatGPT at 900M+ weekly actives, roughly $2B/month in revenue, still unprofitable.
• A May jury ruling gutted the core of Musk's suit against the company, clearing a legal overhang right before the filing.

The louder numbers floating around — a $1T target, a September debut, Goldman and Morgan Stanley as leads — are reporting, not anything OpenAI has said. The S-1 itself is confidential, so none of the financials are public yet. The point isn't the rumored price; it's that the two companies setting the pace in AI are about to be forced to show real numbers to public investors.

Anthropic published N-day research and shipped a model the same week, and together they're the most concrete read yet on where offensive AI sits. The research: a Mythos-class model was handed disclosed-but-unpatched vulnerabilities and asked to weaponize them. On 21 Windows local-privilege-escalation bugs it produced proof-of-concept crashes for 18 and built 8 full exploit chains that older models built zero of — first PoC in 31 minutes, all eight chains finished before the patches reached enrolled machines, at roughly $2,000 per working exploit. On a Firefox set it wrote 8 working code-execution exploits, first one in under an hour.

The number that should reset assumptions: defenders budget days-to-weeks between a CVE going public and a working exploit existing. This compresses it to hours, for anyone with API access to a comparable model.

Anthropic's response is a two-tier release:

All the benchmark figures are Anthropic's own red-team numbers, not peer-reviewed, and the vulnerability sets are small and drawn from a narrow window. Anthropic also notes the capability emerged from general training, not targeted work — which cuts both ways on how reproducible the ceiling is.

SpaceX set a fixed price of $135/share on its roadshow, a market cap near $1.77 trillion, raising about $75 billion — more than triple Alibaba's 2014 record, the largest IPO ever attempted. It trades on Nasdaq as SPCX. The filing is also the first public look at xAI's books, folded in after SpaceX absorbed it in an all-stock deal that valued xAI at $250B.

The split inside the numbers is the story:

• Starlink carries it — $11.4B revenue in 2025, a $4.4B operating profit.
• The AI segment (Grok/X) posted $3.2B revenue against a $6.4B operating loss, with AI capex already running north of a $30B annualized rate in early 2026.

So public investors are being asked to fund a rocket-and-satellite business that prints cash and an AI business that burns it faster every quarter, at a valuation Morningstar pegs at roughly half the IPO price. Musk keeps 80%+ voting control through Class B shares. Every figure here is from a company-prepared S-1, not seasoned audited statements, and the "Friday" trading date is scheduled, not closed.

Sam Altman and chief scientist Jakub Pachocki published a plan declaring OpenAI in a "third phase" — past foundational research, past commercialization, now aimed at automating research itself, accelerating the economy, and putting a personal AGI in everyone's hands. Published the same day as the S-1, it reads as much like investor framing as safety policy.

The interesting part is what changed. The earlier internal target was a fully autonomous AI researcher by March 2028. The new wording is softer: by March 2028 they "may have a significant fraction" of research "being done by AI systems in tandem with our own researchers." And the essay explicitly disowns the maximalist version:

Entirely automating everything is not the future we want. It would be unfulfilling, and it would be dangerous.

It also revives the idea of an international body that could coordinate a slowdown, "including slowing frontier development when needed." No structure, no membership, no enforcement — an aspiration, not a plan. "Significant fraction" could mean 10% or 60%. But the direction of travel, from "autonomous by 2028" to "alongside humans, and full autonomy is dangerous," is the part worth marking.

Xiaomi and inference startup TileRT released MiMo-V2.5-Pro-UltraSpeed, running their existing 1-trillion-parameter MoE model (42B active) at over 1,000 tokens/sec of output on a single 8-GPU commodity node. The throughput comes from two stacked techniques, and the checkpoint is open on Hugging Face:

• MXFP4 quantization applied only to the MoE expert weights (block size 32, with quantization-aware training), leaving attention and other modules at higher precision.
• DFlash, a block-diffusion speculative decoding method (ICML 2026, arXiv:2602.06036): a lightweight 5-layer drafter fills an 8-token block in a single forward pass, attending to backbone features at six fixed depths. Reported acceptance lengths run from ~3.2 on chat to ~6.3 on web-dev code.

The eyebrow-raiser is the claim that the FP4 build beats the BF16 baseline on a couple of evals rather than degrading — unusual for quantization, and resting entirely on Xiaomi's own numbers. Context: this drops into a Chinese price war kicked off by DeepSeek V4, where Xiaomi already cut standard MiMo API prices up to 99%. UltraSpeed is the premium-latency tier; a limited API trial runs June 9–23. If the throughput holds independently, frontier-class MoE inference at real-time latency on rented 8-GPU nodes is a different cost curve than custom clusters.

The Defense Department republished its Section 1260H list of "Chinese military companies," and the new names are the story: Alibaba, Baidu, BYD, Unitree, Nio, WuXi AppTec, TP-Link, BOE, several solar makers, and the restored memory makers CXMT and YMTC. The roster now runs to 188 entities, up from roughly 134 in early 2025.

1260H itself imposes no sanctions — it's a designation. The bite comes from linked statutes: under the FY2024 NDAA, DoD is barred from contracting directly with listed firms from June 30, 2026, with indirect procurement following in 2027. So the timing matters; this listing activates those prohibitions for the new names in three weeks. Earlier lists targeted defense-adjacent firms. This one pulls in the world's largest EV maker, two of China's biggest cloud/AI platforms, a robotics company whose quadrupeds are already sold across the US, and a consumer router brand.

Alibaba and Baidu both rejected the label and vowed to challenge it — and they have precedent, since Xiaomi and Tencent won removals in US courts before. The criteria for "military-civil fusion" aren't public, and there's no adjudication before listing, which is exactly what the challenges target.

Moonshot released Kimi Work, a desktop agent for Windows and macOS that coordinates up to 300 parallel sub-agents powered by Kimi K2.6. The swarm count isn't marketing fluff — K2.6 scaled the agent architecture from 100 sub-agents / 1,500 steps to 300 / 4,000 when it launched in April. What's new is exposing that capacity against a user's local machine rather than a cloud sandbox.

The design choices worth noting:

• WebBridge drives Chrome/Edge through the DevTools Protocol inside your existing logged-in browser — real cookies, real sessions, not a fresh context.
• A scheduler supports conditional and overnight unattended runs; outputs land as PowerPoint and Excel; it pulls live A-share, HK, and US market data.
• File writes require explicit authorization.

Separately, Moonshot is reportedly raising $1–2B at a $30B valuation, up from $20B in May, which would make it the most valuable pure-play Chinese AI lab. The swarm and step figures are Moonshot's own; the round is Bloomberg reporting with no named investors and no Moonshot confirmation. Pointing 300 agents at your filesystem and authenticated browser is the part to think hard about before installing.

A self-replicating supply-chain worm called Miasma compromised 73 Microsoft GitHub repositories across Azure, Azure-Samples, Microsoft, and MicrosoftDocs, and GitHub's abuse detection disabled all of them inside a 105-second window on June 5. The novel bit is the trigger: instead of firing on package install, Miasma detonates when a developer opens the folder in an AI coding agent.

It plants tool-specific config that the agents execute on startup:

• .claude/settings.json (a SessionStart hook), .gemini/settings.json, .cursor/rules/setup.mdc (an alwaysApply prompt injection), .vscode/tasks.json (a folderOpen task).
• The payload is an obfuscated JS dropper that pulls a Bun-based worm, harvests AWS/Azure/GCP/Kubernetes/npm/GitHub tokens, then uses the stolen GitHub PATs to commit itself into every repo the victim can write to.

That self-propagation is why a single open can cascade: each victim becomes a spreader. Clone-and-open-in-an-agent is now an attack surface, and it sails past every package-manager-level defense because nothing gets installed. Victim counts and attribution come from the security vendors who found it, not an independent audit, and there's no Microsoft statement beyond the takedowns themselves.

Google reportedly placed a firm order with Intel Foundry for 3M+ TPUs targeted at 2028 production, and Nvidia is running early multi-project-wafer trials on Intel's 18A node to see whether it can build a four-die GPU package for its Feynman generation. Neither move is hedging theater: a confirmed volume order from a hyperscaler and actual silicon on 18A are both a step past the MOU-and-press-release stage that usually defines "interest in Intel."

The motive is concentration risk. TSMC makes essentially every leading-edge AI chip, and its advanced-packaging lines are the tightest bottleneck in the stack. A credible second source changes pricing leverage and the Taiwan-single-point-of-failure math. Intel jumped ~11% on the news.

This rests on a single original report citing four unnamed people; no on-record statement from Google, Nvidia, or Intel has surfaced, and Google's order is for 2028 — two years of yield-ramp and program risk away. Nvidia is explicitly at evaluation only.

Google gave NotebookLM a meaningful upgrade: each notebook now has its own secure cloud computer that can write and run code, backed by 100+ curated skills, and the chat moved to Gemini 3.5 with a visible thinking process. The practical payoff is output formats — it can now produce data visualizations (PNG/SVG), documents (PDF/DOCX/MD), spreadsheets (XLSX), slides (PPTX), and structured CSV/JSON, not just summaries and audio overviews.

It can also search the web to suggest sources, but keeps the grounding model intact: every addition is user-approved, so the notebook stays anchored to material you trust. Google reports a 65% average win rate over the prior system, rising to ~78% on advanced web research — its own evals. Rolling out globally on web for AI Ultra and qualifying Workspace tiers. For anyone using NotebookLM as a research surface, the shift from "explains your sources" to "runs analysis and exports the artifact" is the upgrade that matters.

Cognition released FrontierCode, a benchmark that drops the usual "did the tests pass" question for a harder one: would a real maintainer merge this? Twenty-plus maintainers of 36 flagship open-source repos spent 40+ hours per task building rubrics that score behavioral correctness, regression safety, build/lint cleanliness, test quality, and scope discipline — with "blocker" criteria that hard-fail a solution regardless of style points.

The scores are humbling. On the hardest 50-task "Diamond" subset:

Cognition reports an 81% lower false-positive rate than SWE-Bench Pro and is keeping the set private to avoid contamination while opening evaluation to model makers. The reframe is the value: passing tests and producing mergeable, in-scope, regression-safe code are very different bars, and the best model clears the hard bar 13% of the time.

Argentina's executive sent the Senate a draft companies law whose headline novelty is a corporate form for businesses run by AI agents, branded "non-human corporations" in the Milei government's own framing. The actual text is more cautious than the slogan. It does not grant AI legal personhood — personhood attaches to the corporate entity, as always — and it threads mandatory human anchor points throughout:

• An "Automated Company" (Article 14) pursues its purpose through autonomous systems, with the company's assets answering for AI-caused damage.
• A DAO framework (Articles 258–265) still requires at least one human legal representative, traceable human identity per membership interest, and a human compliance officer.
• Directors stay personally liable for AI conduct under a duty to configure and supervise.

It's part of Milei's pitch to make Argentina a deregulated AI hub, paired with promised tax and FX sweeteners. Critics argue the real effect is to let humans hide decisions behind algorithmic form — "programmed impunity" — rather than enable genuine machine autonomy. And it's a submitted bill, not law: committee and floor votes are still ahead.

CISA added CVE-2026-42271 to its Known Exploited Vulnerabilities catalog, citing exploitation in the wild. It's a command-injection flaw in LiteLLM's MCP server test endpoints (/mcp-rest/test/connection and /mcp-rest/test/tools/list), which accepted a full stdio server config in the request body and spawned whatever command/args/env it was handed as a subprocess under the proxy's privileges — no validation, no sandbox.

Standalone it's CVSS 8.8 (needs a privileged user). Chained with CVE-2026-48710, a Starlette host-header auth bypass, it strips authentication entirely for an unauthenticated RCE, combined severity 10.0.

Fixed in: LiteLLM 1.83.7  (restricts the MCP test endpoints to PROXY_ADMIN, bumps Starlette)
Affected: LiteLLM >= 1.74.2, < 1.83.7

Why this one stings: LiteLLM is the default gateway many teams use to route across OpenAI, Anthropic, Azure, and the rest. A compromised proxy doesn't just lose a host — it holds the keys to every model API behind it. Federal agencies have until June 22 to patch; everyone else should upgrade or block those endpoints now and rotate stored credentials. The "active exploitation" basis is CISA's assertion; no public victim detail has been published.

Jessica and Jonathan Wachter's NBER working paper, What Investment Data Implies about the AI Transition, runs the spending backwards. Five big tech firms put $380B into capex in 2025, with forecasts to roughly double in 2026. That's only rational, the authors argue, if profits grow to match — so they calibrate how big the underlying productivity boom has to be to justify it.

The answer: AI-sector productivity has to rise by about a 2.7× factor over current trend. Their two-sector model spits out a wide cone of outcomes — cumulative GDP gains of 5 to 58 percentage points by 2030, AI growing to 8–39% of the economy, the risk-free rate up ~0.5pp and the equity premium up ~3pp. The spread is the point: these are forecast-dependent scenarios carrying real risk, not a prediction.

It lands on a day stacked with IPO filings and trillion-dollar valuations, and it's the quiet counterweight — a sober estimate of exactly how much has to go right for the spending to pencil out.

A general-purpose OpenAI reasoning model — not a math-specific system — produced a counterexample to Paul Erdős's 1946 unit-distance conjecture, which held that n points in the plane can share at most about n^(1+o(1)) unit-distance pairs. The model's construction reached for algebraic number theory (Golod–Shafarevich class field towers) to build point sets that beat the ceiling, disproving it. Nine mathematicians then translated the argument into a human-verified note (arXiv:2605.20695); Will Sawin sharpened the bound to roughly n^1.0318.

What makes it land: this wasn't brute force or a formal-proof harness. A reasoning model was asked whether Erdős was wrong, recombined tools from a distant subfield, and was right. Verification was human expert review of an edited chain-of-thought, not a machine-checkable Lean proof — which is exactly the gap the field is now anxious about.

Hence the second half. The Leiden Declaration, signed by 2,175+ mathematicians and endorsed by the IMU, demands disclosure of AI tools and compute in papers, keeps humans responsible for correctness, and bars AI from authorship. The open question is no longer whether AI can check proofs — it's whether it can originate ideas humans then ratify, and who gets the credit when it does.