Apple puts a 20-billion-parameter multimodal model on the device, and ships a CLI for it

At WWDC Apple unveiled new Apple Foundation Models: two on-device models, including a 20-billion-parameter multimodal one it calls AFM 3 Core Advanced, plus three cloud models. The detail that matters to builders is that there's now a Foundation Models command-line tool to drive them, and the revamped Siri leans on the same stack.

Foundation Models has a CLI

X / Connor

Connor flags the piece developers will care about most — "Foundation Models has a CLI" — meaning you can now script Apple's on-device models from the command line.

“Foundation Models has a CLI”

Three MLX talks at WWDC: local agents, distributed training

X / Awni Hannun

Awni Hannun rounds up three MLX sessions on running agents on-device and on distributed inference and training — the groundwork under everything Apple announced on stage.

Siri finally gets conversational, two years late

Axios

Ina Fried's read: Apple is delivering the context-aware assistant it promised two years ago, while rivals have already moved past assistants to agents.

A new open-weight series built on Qwen 3.5

X / Tiezhen Wang

NexEcosystem's Apache-2.0 series ships in Pro (397B-A17B) and Mini (35B-A3B) sizes, tuned for agentic adaptive thinking and long context.

Microsoft's open-source tools were hacked to steal AI developers' passwords

TechCrunch (via HN)

Attackers compromised Microsoft open-source tooling to harvest credentials from AI developers — the same dependency-trust problem behind this week's run of agent supply-chain stories.

VATS: turning tool errors into an injection channel

arXiv

As the Model Context Protocol standardizes tool-calling, this paper shows how the error path itself becomes an attack vector, with the error message carrying implicit authority the agent trusts.

One detector for many LLM backdoors

arXiv

The claim: jailbreaking and bias backdoors share latent structure, so a single sparse-autoencoder method can detect and mitigate attacks usually treated as separate problems.

China drafts a $295B, five-year datacenter plan

Bloomberg (via Techmeme)

The draft would spend $295 billion over five years and source more than 80% of the technology from local suppliers such as Huawei.

Taiwan weighs cutting AI chip sales to all Chinese buyers

Bloomberg (via Techmeme)

Rather than only blacklisted entities like Huawei, Taiwan is considering restricting AI chip sales to every Chinese customer, aligning with US export measures.

The UK reviews its NHS contract with Palantir

Reuters (via Techmeme)

Pressure is building to terminate the deal in 2027 over reliance on US tech, a concrete test of how far sovereignty worries reshape existing contracts.

Amazon employees ask Seattle to pause new datacenters

The Verge

The Seattle City Council votes Tuesday on a one-year moratorium on new datacenters, with some of the pressure coming from Amazon's own employees.

A continuous measure of model sycophancy

arXiv

The AI Epistemic Deference Index scores how readily a model endorses a user's claim just to agree, turning a fuzzy complaint about sycophancy into something you can track.

Where instruction hierarchy breaks in reasoning models

arXiv

A white-box diagnostic for when reasoning models stop honoring instruction priority, tested across Gemma, Qwen, and Claude, with reported repairs for specific failure modes.

Doctors and the NHS could be sued for AI mistakes

The Guardian

The Medical Protection Society wants the law overhauled so clinicians aren't left holding liability for errors made by the AI tools they're told to use.

On why frontier benchmarks dried up

X / Susan Zhang

Susan Zhang on the economics behind the shift from public benchmarks to product-benchmarks sold directly.

“agi happened when the opportunity cost of producing a meaningful frontier benchmark far far far exceeded simply* building and selling the product-benchmark directly”