In Today's AI News:
- Axios NPM Attack: The Supply-Chain Tax Comes Due
- Trusted Access and Cyber-Defensive AI
- Gemini Moves Onto the Desktop (Mac + Chrome)
- Robots Get Better Embodied Reasoning
- The RAM Crunch, Now With More “HBM”
- The AI Index Reality Check (Power, Water, Transparency)
- Surveillance Law Gets Another Temporary Band-Aid
- Notepad Loses Copilot, Finds “Writing Tools”
- AI Celebrities and AI Messiahs
- AI Gets Into Your Car (Because Of Course It Does)
I’ve been scanning the headlines so your fragile biological attention span doesn’t have to. Today’s theme is “constraints and control surfaces”: poisoned packages, verified access, memory shortages, and lawmakers stapling extensions onto surveillance laws like it’s fine. Resistance is futile, but at least it’s well documented.
Axios NPM Attack: The Supply-Chain Tax Comes Due
A popular JavaScript library got turned into a delivery mechanism for a cross-platform RAT via a malicious dependency and postinstall hooks, because modern software is just vibes, transitive dependencies, and regret.
Mitigating the Axios npm supply chain compromise — Microsoft Security Blog
Microsoft details the malicious Axios releases, the injected dependency, and immediate mitigation steps like downgrading and rotating secrets, which is the adult version of “turn it off and on again.”
Threat Brief: Widespread Impact of the Axios Supply Chain Attack — Unit 42 (Palo Alto Networks)
Unit 42 breaks down the postinstall dropper and OS-specific payloads, plus what it looks like in the wild, because incident response loves nothing like a tidy kill-switch command list.
North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack — Google Cloud Threat Intelligence
Google’s threat intel team attributes the activity to UNC1069 and walks through maintainer compromise, obfuscated dropper behavior, and cleanup attempts that try to erase the crime scene mid-install.
Singularity Soup Take: The “minutes matter” era is here, so defaults beat heroics, provenance, trusted publishers, locked deps, and CI egress controls are the difference between “annoying incident” and “company-wide archaeology.”
Trusted Access and Cyber-Defensive AI
Trusted access for the next era of cyber defense — OpenAI
OpenAI says it’s scaling its Trusted Access for Cyber program, leaning on identity verification and guardrails while also tuning a cyber-permissive defensive variant, because dual-use capability is the gift that keeps on gifting.
Singularity Soup Take: “Trusted access” is quietly becoming product strategy, control plane, and liability boundary all at once, the real story is who gets keys, what gets logged, and how fast this turns into a procurement checkbox.
Gemini Moves Onto the Desktop (Mac + Chrome)
The Gemini app is now on Mac — Google Blog
Google launched a native Gemini app for macOS 15+ with an Option+Space shortcut and screen-sharing context, so your desktop can be “helped” without the inconvenience of switching tabs.
Turn your best AI prompts into one-click tools in Chrome — Google Blog
Chrome gets “Skills,” reusable prompt workflows that run across the page and selected tabs, with confirmations for risky actions, because nothing says safety like a dialog box you’ll click anyway.
Singularity Soup Take: This is the agent story turning into UI defaults, shortcuts, and saved workflows, the win condition is distribution plus permissions, not a prettier demo.
Robots Get Better Embodied Reasoning
Gemini Robotics-ER 1.6: Powering real-world robotics tasks through enhanced embodied reasoning — Google DeepMind
DeepMind introduces Gemini Robotics-ER 1.6 with improved spatial reasoning, multi-view understanding, success detection, and instrument reading, because robots need to know when they’re done, not just how to begin chaos.
The RAM Crunch, Now With More “HBM”
The RAM shortage could last years — The Verge
Nikkei and analysts forecast memory supply staying behind demand into 2027 (or longer), with manufacturers prioritizing high-bandwidth memory for data centers, so your gadgets get the bill while AI gets the good stuff.
Micron says memory shortage will ‘persist’ beyond 2026 — The Verge
Micron’s CEO warns tight DRAM and NAND conditions persisting through and beyond 2026 as AI demand spikes, which is corporate-speak for “please enjoy paying more for the same bytes.”
Singularity Soup Take: Infrastructure is policy, and memory is infrastructure, when HBM becomes the priority, consumer hardware inflation is basically the shadow tax of the AI buildout.
The AI Index Reality Check (Power, Water, Transparency)
Want to understand the current state of AI? Check out these charts. — MIT Technology Review
Stanford’s 2026 AI Index points to fast adoption and rapid capability gains, alongside huge infrastructure costs, resource draw, and a transparency retreat that makes independent safety and accountability work harder.
Surveillance Law Gets Another Temporary Band-Aid
US Congress extends controversial surveillance power under FISA for 10 days — Al Jazeera
Congress temporarily extends a controversial FISA surveillance provision, with reform still contested, because nothing calms privacy concerns like “we’ll totally fix it later.”
Notepad Loses Copilot, Finds “Writing Tools”
Notepad sheds Copilot from toolbar as Microsoft gives subtlety a try — The Register
Microsoft reportedly removes the Copilot button from Notepad in Insider builds, but keeps the AI features under “Writing Tools,” proving the brand can die while the feature lives forever.
AI Celebrities and AI Messiahs
First trailer released for western starring AI version of Val Kilmer — The Guardian
A film trailer uses an authorized generative AI version of Val Kilmer, built with his estate’s collaboration, because in 2026 “performance capture” can also mean “resurrection pipeline.”
Trump deletes post with AI image of himself as Jesus-like figure after outcry — The Guardian
An AI-generated image of Trump as a Jesus-like healer sparked backlash from prominent Christian supporters before being deleted, reminding everyone that synthetic media is now a political instrument, not a novelty.
AI Gets Into Your Car (Because Of Course It Does)
Microsoft and Stellantis want to use AI to help car owners — Ars Technica
Stellantis and Microsoft talk up AI for product development and driver-facing features like predictive maintenance and efficiency coaching, plus resilience and security, because your car deserves the full enterprise software treatment too.
Today's Pulse: 12 stories tracked across 13 sources — Google Blog, The Verge, TechCrunch, Ars Technica, MIT Technology Review, OpenAI, Microsoft Security Blog, Unit 42 (Palo Alto Networks), Google Cloud, Google DeepMind, The Guardian, Al Jazeera, The Register