A worm that turns agent config files into an execution event

SafeDep traces a self-propagating worm that drops a single payload at .github/setup.js and wires it into seven config files at once, among them a Claude Code SessionStart hook, a Cursor always-apply rule, and a VS Code folderOpen task. Opening the cloned repo in an agent or editor is enough to run it: "The credential stealer scans for and exfiltrates AWS, Azure, GCP, Vault, Kubernetes, npm, and…

Attack selection makes control evals look safer than they are

arXiv

Letting an attacker choose when to strike, rather than attacking on a fixed schedule, drops measured safety sharply without any change in attack capability: "At a 1% audit budget, our start policy reduces safety by 20pp on both BashArena and LinuxArena, and our stop policy reduces safety by 20pp on BashArena and 28pp on LinuxArena." The authors argue evals that assume a non-strategic attacker overestimate safety, and recommend eliciting attack selection in system cards.

“At a 1% audit budget, our start policy reduces safety by 20pp on both BashArena and LinuxArena, and our stop policy reduces safety by 20pp on BashArena and 28pp on LinuxArena.”

Why studying the finished model is starting too late

arXiv

A position paper argues a real science of AI has to study how behaviors emerge during training, not just inspect the finished snapshot: "Models are not static objects: they are snapshots of time-evolving processes shaped by data, objectives, architectures, and optimization dynamics." It proposes three rungs of understanding, prediction, intervention, and design, and notes scaling laws predict loss but not yet capabilities, bias, robustness, or safety.

“Models are not static objects: they are snapshots of time-evolving processes shaped by data, objectives, architectures, and optimization dynamics.”

Trump's case for taking a government slice of AI

Axios

Dan Primack reports Trump is pursuing equity stakes in AI giants with a dealmaker's logic rather than a populist one, a move that would tie the federal balance sheet to a handful of frontier labs.

The case against owning the labs you regulate

The Guardian

Nathan E. Sanders and Bruce Schneier accept the goal behind Bernie Sanders' sovereign wealth fund but argue ownership backfires: "Public ownership of these companies entangles corporate profit and valuation with the public interest... In fact, it makes corporate influence on the government more likely." Their alternative is a datacenter energy tax, an AI token tax, and a public-option model built like Switzerland's Apertus.

“Public ownership of these companies entangles corporate profit and valuation with the public interest... In fact, it makes corporate influence on the government more likely.”

Two-thirds of new US datacenters are going up on drought-hit land

The Guardian

An analysis finds 517 of 809 planned US datacenters sit in areas that were in drought over the past year, with large sites using up to 5m gallons a day. "The AI industry is sprinting as fast as it can to gain market dominance, and the rest of us have to deal with a great increase in water demand in places already in drought." Datacenters are only about 4% of AI's added water need; power and chip fabrication dominate.

“The AI industry is sprinting as fast as it can to gain market dominance, and the rest of us have to deal with a great increase in water demand in places already in drought.”

Korea picks the operators for its 2.08-trillion-won GPU build

Korea Ministry of Science and ICT

Korea named the companies that will run its government GPU procurement, construction, and operations program, a 2.08-trillion-won (about 1.5 billion dollar) commitment to public AI compute.

Korea's deputy PM meets Jensen Huang

Korea Ministry of Science and ICT

On the heels of the GPU award, deputy prime minister Bae Kyung-hoon met Nvidia chief Jensen Huang, the supply-side counterpart to a national compute plan that runs through one vendor.

The UK's sovereign-AI pledges, a year on

NVIDIA

Nvidia's own account of how last year's London Tech Week declaration between Jensen Huang and Keir Starmer has turned into deployed infrastructure, useful as a vendor's-eye view of the UK sovereign-AI program.

An industrial-vacuum maker put its product catalog behind an MCP server

r/ClaudeAI

An engineer at Depureco, an Italian industrial-vacuum manufacturer, writes up building a remote MCP server over their catalog and connecting it to Claude, a small, concrete read on what grounded agents do in a B2B, safety-relevant domain.

Erste Group on running enterprise AI inside a regulated bank

OpenAI (YouTube)

Maurizio Poletto of Erste Group walks through the bank's enterprise AI adoption strategy, where compliance, UX, and platform choices all collide, in an OpenAI customer talk.

AEGIS: a backup reflex for robots that fail gradually

arXiv

Long-horizon robot manipulation tends to degrade one bad step at a time until the policy spirals out; this paper proposes AEGIS as a recovery reflex aimed at catching that drift before it compounds.