Daily digest
Today's top tech stories, deduped across the newsletters I read and briefly summarized. Click a source to open the original article.
AI
Anthropic nears $1 trillion valuation with $65 billion Series H round
Anthropic announced a $65 billion Series H round at a $965 billion post-money valuation, driven by strong enterprise adoption and $47 billion in annualized revenue. The company is now the most valuable AI startup in Silicon Valley.
Anthropic releases Claude Opus 4.8 with dynamic workflows and adjustable effort controls
Claude Opus 4.8 improves reliability and honesty, adds developer-facing effort controls, and introduces dynamic workflows in Claude Code that orchestrate hundreds of parallel subagents for complex end-to-end tasks. A new fast mode is also significantly cheaper.
Apple integrating distilled Gemini into Siri ahead of iOS 27 reveal
Apple is working with Google to distill a version of Gemini small enough to run on iPhone, using encrypted cloud servers and specialized Nvidia hardware to protect user data. iOS 27 will also bring a major Siri redesign that moves the assistant into the Dynamic Island with a combined voice, text, and chatbot interface.
SpaceX and Anthropic disagree on duration of billion-dollar compute deal
SpaceX signed a major compute deal with Anthropic worth billions of dollars per month, but Elon Musk and Anthropic dispute how long SpaceX has committed — the actual agreement is reportedly 18 months. Separately, SpaceX is nearly done building an in-house AI training stack in C that targets more than an order-of-magnitude speed improvement.
ByteDance and Mistral move to design custom AI chips to cut infrastructure dependence
ByteDance has approached external partners to design its own processors after months of waiting for chip deliveries, while Mistral AI says it plans to design custom chips to lower deployment costs and expand its European data center presence. Both moves reflect growing pressure on AI companies to control their hardware supply chains.
Snowflake acquires Natoma to bring governed AI agent access to the enterprise
Snowflake plans to acquire Natoma, a centralized MCP gateway that enforces identity, policy, and audit at the tool-call level, to give enterprises a secure and governed way to deploy AI agents across their data environments. The deal reflects rising enterprise demand for oversight of agentic actions.
Sakana Labs trains deep networks block-by-block, breaking the memory wall
Sakana Labs found a way to split neural networks into independent blocks and train each one separately by treating the forward pass like a diffusion model denoising a signal, slashing memory requirements. The approach could remove a key hardware bottleneck that has been limiting AI training scale.
Security
Glassworm botnet disrupted after coordinated takedown of malicious VS Code infrastructure
CrowdStrike, Google, and The Shadowserver Foundation simultaneously severed four command-and-control nodes to dismantle the Glassworm botnet, which had been spreading through malicious OpenVSX and VS Code extensions, GitHub repos, and npm packages since October 2025 to steal crypto wallets and developer credentials.
Critical Starlette ASGI vulnerability puts millions of AI agents at risk
A critical flaw in the Starlette ASGI implementation underpinning FastAPI and other widely used Python frameworks allows attackers to bypass path-based authorization by appending a single character to the HTTP host header. Millions of AI agent deployments built on these frameworks are potentially exposed.
IBM and Red Hat launch Project Lightwell with $5 billion to secure open source supply chains
Project Lightwell uses 20,000 engineers and AI to automatically backport vulnerability fixes to the exact dependency versions already running in production, starting with Maven/Java packages and expanding to PyPI, npm, and Go. IBM and Red Hat are committing $5 billion to the initiative.
Gitea bug exposed private container images across 30,000 deployments for four years
A container registry flaw in Gitea (CVE-2026-27771) let unauthenticated users pull private images for roughly four years, leaking code, secrets, and production configurations across about 30,000 self-hosted Gitea and Forgejo instances in healthcare, aerospace, SaaS, and ISP environments.
Carnival data breach exposed nearly 6 million people after social engineering attack
Hackers used social engineering to compromise a Carnival employee account on April 14, then accessed internal systems and exfiltrated files containing personal data for approximately 5,995,277 people. The breach exposed sensitive personal information across the affected individuals.