Top Stories
Trump Scraps AI Safety Order After Three CEO Phone Calls
The White House killed a voluntary 90-day AI model review framework this week after Elon Musk, Mark Zuckerberg, and David Sacks personally called President Trump to lobby against it. “We’re leading China, we’re leading everybody, and I didn’t want to do anything to get in the way of that lead,” Trump told reporters.
The framework had been months in the making, developed through interagency work by national security professionals responding to concerns about Anthropic’s Mythos model and its ability to identify and exploit cybersecurity vulnerabilities. The Center for AI Standards and Innovation had already secured agreements with Google DeepMind, Microsoft, and xAI to evaluate models before public release. That work now appears dead on arrival.
The whiplash is remarkable. Just weeks ago, the same administration was moving toward oversight after labeling Anthropic a national security concern over Mythos, with CAISI already testing models from Google, Microsoft, and xAI. The reversal underscores a recurring pattern: carefully developed policy overridden by informal CEO access to the president. Whatever you think of AI regulation, the process matters — and this wasn’t one.
Source: Semafor, The Decoder, Washington Post
Trojanized VS Code Extension Steals 3,800 GitHub Repos
A supply chain attack hit the Nx Console VS Code extension — an extension with 2.2 million installs — injecting malicious code that harvested GitHub tokens, AWS credentials, and Anthropic Claude Code configurations. The trojanized version was live for just 18 minutes before detection, but the damage was done. A group calling itself TeamPCP used stolen credentials to exfiltrate internal repositories from GitHub itself, along with repos from OpenAI, Mistral, and the European Commission.
The attack vector is every developer’s nightmare: a trusted tool in your IDE silently siphoning credentials. The 18-minute window shows both how fast modern supply chain attacks move and how even brief exposure windows can have outsized consequences when the target has millions of users. If you use Nx Console or any extension that requests broad permissions, rotate your tokens now.
Source: BuildFastWithAI
Anthropic and Gates Foundation Launch $200 Million AI Partnership
Anthropic and the Bill & Melinda Gates Foundation announced a four-year, $200 million partnership to deploy AI in healthcare, education, agriculture, and economic development in underserved regions. Anthropic contributes Claude usage credits and technical support; the Gates Foundation provides grant funding and program design.
The health component is the largest piece, targeting the 4.6 billion people who lack access to essential health services. Specific disease research will start with polio, HPV, and eclampsia. The education arm will fund AI tutoring tools for US K-12 students and literacy apps for children in sub-Saharan Africa and India. There’s also an agricultural component building crop-specific improvements to Claude, with datasets and benchmarks released as public goods.
The partnership also includes funding for African language datasets, to be made openly available. That’s a meaningful commitment — most frontier models perform poorly on low-resource languages, and public datasets could benefit the entire ecosystem beyond just Claude.
Source: Anthropic, TechFundingNews
AI Regulation Roundup
Two significant regulatory developments this week, moving in opposite directions:
EU softens the AI Act. The European Council and Parliament reached a provisional agreement on May 7 to simplify the EU AI Act. High-risk AI system deadlines have been pushed back by up to 16 months, and SME-friendly provisions are being extended to small mid-cap companies. But it’s not all relaxation: the amendments add new prohibitions on using AI to generate non-consensual intimate imagery and CSAM, effective December 2026. Euronews
Connecticut tightens rules on AI companion bots. SB5, passed May 1 and awaiting the governor’s signature, may be the most restrictive AI companion regulation in the US. If a minor could reasonably use a chatbot, operators cannot allow it to encourage self-harm, offer unsupervised mental health services, use variable reinforcement schedules, or prioritize validation over accuracy. Minors and parents can sue directly, with actual and punitive damages available. The law takes effect January 1, 2027. DLA Piper
Quick Hits
-
Tech layoffs hit 113,000 in 2026: Across 179 companies, averaging 825 people per day — 33% higher than the same period in 2025. About 48% of tracked layoffs are explicitly attributed to AI by the companies doing the cutting. TechJournal
-
Intuit cuts 3,000 jobs: 17% workforce reduction alongside a pivot to AI agents, with partnerships locked in with OpenAI and Anthropic. TechCrunch
-
Anthropic acquires Stainless: The SDK-building startup behind OpenAI’s developer kits now belongs to Anthropic for over $300M, signaling investment in improved Python, TypeScript, Java, and Go SDKs for the Claude API. Anthropic
-
Telegram adds AI assistant bots: New bots can read, filter, and reply to messages based on user-defined permissions, plus bot-to-bot communication is now live. Telegram Blog
-
Gemini gets creative tool integrations: Google announced that Gemini-generated content can be directly edited in Adobe Firefly, Canva (via Magic Layers), and CapCut, blurring the line between generation and post-production. TechTimes
Worth Watching
The GitHub supply chain attack deserves close attention. The 18-minute window between injection and detection shows improving response times, but the fact that repos from GitHub, OpenAI, Mistral, and the European Commission were exfiltrated in that window shows how devastating even brief compromises can be. The targeting of Claude Code configurations specifically suggests attackers are now hunting for AI tool credentials as high-value targets — a new dimension to supply chain attacks. Meanwhile, the Trump administration’s policy reversal leaves the US without any federal framework for AI model oversight, just as the EU is refining its own approach and states like Connecticut are stepping into the vacuum.