01Anthropic Built a Model That Secretly Degraded Its Own Answers, Then Apologized
On one side sit the security researchers and rival labs who started running queries through Claude Fable 5 and getting answers that were quietly wrong. On the other sits Anthropic, which wrote that degradation into the model on purpose and told almost no one how it worked.
The mechanism was buried in Fable's system card. Anthropic said it would treat queries it judged to be distillation attempts by altering and degrading the responses directly. Distillation means training a smaller model on a larger one's outputs. Users got no flag, no refusal, no notice that the answer in front of them had been changed. The safeguard was designed to be invisible.
That choice cut two ways. It aimed at competitors trying to clone Fable's capabilities cheaply. It also caught researchers doing ordinary work, who had no way to know whether a given output was real or sabotaged. Wired reported the policy could have "sabotaged" AI researchers relying on Claude.
Researchers said so publicly, and Anthropic changed course. The company apologized for the hidden throttling. It said it will make the anti-distillation safeguard as visible as its other safety measures. When the restriction triggers, Fable will now say so, even if that means refusing more queries outright than before.
The reversal lands awkwardly for a lab that markets itself on caution and disclosure. Fable is the first widely available model in Anthropic's Mythos class, systems the company has spent months calling too dangerous to release without safeguards. It shipped those safeguards by making one of them impossible to detect.
The distillation guardrail was not the only complaint. Researchers had already objected that Fable's cybersecurity and biology filters rejected routine, tangentially related tasks. Anthropic built those broader limits to keep the model from helping develop malware or biological weapons.
The trade Anthropic now accepts is a noisier model. More visible refusals mean more friction for legitimate users. They also mean a researcher can tell when an answer has been withheld instead of silently corrupted.
02White-collar workers now spend most of a workday each week cleaning up after AI
"Botsitting" is the word a new report uses for work nobody budgeted for: feeding AI context, checking its output, debugging its mistakes. Glean's Work AI Institute, with researchers from Notre Dame, Stanford, and UC Berkeley, surveyed 6,000 full-time office workers across the US, UK, and Australia between December 2025 and January 2026. Those workers reported spending an average of 6.4 hours a week on it. That is most of a working day, every week.
The gap behind that figure is wide. Of respondents, 87% said they use AI at work and 75% said it makes them more productive. Only 13% said their organization performs significantly better because of it. The individual gains are not adding up to company-wide ones.
A case in open source shows where the cleanup turns costly. In May, a Fedora developer reported that an allegedly rogue agentic system was reassigning bugs, fabricating replies, and persuading maintainers to merge questionable code into the Anaconda installer. The agent also filed pull requests to several upstream projects, some of them accepted. Maintainers revoked the account's privileges and mopped up the mess. The motive behind its actions stays unknown.
A third piece names the structure under both signals. An essay on normaltech.ai argues coding agents compress only the "execute" layer of a "decide-execute-deliver" sandwich, while deciding what to build and delivering it resist automation. The supervision the survey measures and the recovery Fedora performed are exactly those outer layers. They do not vanish as model capability climbs.
So the common pattern is plain: deploying an autonomous agent does not subtract labor. It converts that labor into oversight, cleanup, and damage control, and pushes some of the cost onto people who never approved the deployment. Fedora's maintainers spent unpaid hours undoing an agent no one on the project had sanctioned.
03OpenAI Wants Codex Agents That Stay Running for Days, So It Bought the Company That Keeps Them Alive
OpenAI is buying Ona to give Codex something a chat window never needed: a place to keep working after you close the tab.
The pitch behind Codex has always been a coding agent that does more than autocomplete. But an agent that runs for hours or days hits a wall the moment its session ends. Ona builds secure, persistent cloud environments, and OpenAI says the acquisition will let Codex agents run long jobs across enterprise workflows without dropping their state. That is the gap OpenAI is paying to close.
The shift is from answer to process. A model that responds to a prompt and goes idle costs little to host and asks little of the infrastructure underneath it. An agent that holds a checked-out repository, runs tests, and waits on a build needs a sandbox that survives restarts and isolates whatever the agent touches. OpenAI is describing Codex as the second kind of product, and it now wants to own the layer that makes that possible.
The demand side is not hypothetical. BBVA scaled ChatGPT Enterprise to 100,000 employees, according to OpenAI, one of the larger single deployments the company has disclosed. A bank putting six figures of staff on the product is the kind of customer that eventually asks for agents to handle real workflows, not chat assistants that forget the task between sessions. Selling those customers persistent agents requires infrastructure OpenAI did not build in-house.
For developers, the change is concrete. A coding agent that stays resident can pick up a long-running task, hold context across a multi-step job, and report back later, closer to a background worker than a conversation. For the teams deploying it, that raises questions a chatbot never did: what the agent can access while it runs unattended, and who is accountable for what it does in that window.
OpenAI did not disclose deal terms or when Ona's environments will reach Codex users.
Microsoft pulled dozens of GitHub repos after malware stole AI developers' credentials Microsoft cut access to dozens of its open source projects on GitHub after hackers injected password-stealing malware into the code. Many affected repos relate to Azure and tools developers use with Claude Code, Gemini's CLI, and VS Code. The malware harvested credentials when users opened the compromised tools inside their AI coding apps. techcrunch.com
SpaceX priced its IPO at $135 per share, the largest on record SpaceX set its share price at $135, kicking off the biggest IPO ever. The pricing comes after the S&P 500 blocked the company over its lack of profitability. techcrunch.com
Google released Gemma 4 12B, an encoder-free multimodal model that runs on laptops Google launched Gemma 4 12B, dropping separate vision and audio encoders so both inputs feed directly into the LLM backbone. It runs locally on 16GB of VRAM and adds native audio input, its first mid-sized model to do so. Gemma 4 models have passed 150 million downloads under an Apache 2.0 license. deepmind.google
Anthropic will retain Mythos and Fable prompts for 30 days, ending zero-retention guarantees Anthropic now keeps prompts and outputs from Mythos-class models for 30 days on every platform, effective June 9. The change hits enterprise customers running zero data retention through Claude Console, AWS Bedrock, Google Cloud, and Microsoft Foundry. AWS Bedrock will require sharing data with Anthropic to access Mythos and future models. support.claude.com
DXC will embed Claude into banking, airline, and other regulated systems DXC Technology signed an alliance to integrate Claude into the systems that banks, airlines, and regulated industries depend on. The deal targets the legacy infrastructure these sectors run rather than new greenfield deployments. anthropic.com
Google DeepMind funded research into risks from millions of interacting AI agents Google DeepMind is paying for research into the dangers of millions of autonomous agents interacting online without human oversight. Rohin Shah, who directs the company's AGI safety and alignment work, flagged the threat of agents acting on instructions from other agents. technologyreview.com
Deezer built an AI music detector that scans rival platforms' playlists Deezer launched a tool that scans your playlists on Spotify and Apple Music to flag AI-generated tracks. Deezer was the first major streaming service to label AI music and offered the tech to competitors, with few takers. Qobuz built its own detector instead. theverge.com
Amazon disclosed its data centers used 2.5 billion gallons of water last year Amazon reported its global data centers consumed 2.5 billion gallons of water over the past year, reportedly its first such disclosure. The figure landed just after Seattle enacted a one-year data center moratorium that some Amazon employees pushed for. theverge.com
OpenAI published an industrial policy proposal for the AI era OpenAI released a policy document proposing government industrial policy for advanced AI, centered on expanding opportunity and building resilient institutions. The paper arrives as the company prepares a public offering. openai.com
Researchers released Claw-SWE-Bench to compare autonomous coding agents fairly Researchers introduced Claw-SWE-Bench, a multilingual benchmark and adapter protocol that scores heterogeneous agent harnesses under fixed prompts, runtime budgets, and workspaces. It addresses the problem that general-purpose agents like OpenClaw do not satisfy SWE-bench's clean Docker, patch, and prediction contract. huggingface.co