Tech & AI Daily
Someone bought 30 WordPress plugins and silently planted backdoors in all of them. This is a textbook supply chain attack at scale and a reminder that plugin acquisition is a real, underdefended attack vector affecting potentially millions of sites.
Servo 0.1.0 is now on crates.io, making Mozilla's Rust-based browser engine available as a proper library dependency for the first time. This is a quiet but meaningful milestone for Rust-native UI and anyone thinking about embeddable web rendering outside of the big browser duopoly.
Meta is dropping its first major model since the multi-billion-dollar bet on Alexandr Wang and Scale AI, positioning it directly against OpenAI and Anthropic. Whether the output actually justifies the hype or just refills the PR pipeline is still the open question.
Kyle Kingsbury (aphyr) published a sharp, unsettling post on safety theater, epistemic rot, and the widening gap between what AI labs say and what they do. If you trust his distributed systems track record, his read on safety culture is worth sitting with uncomfortably.
Reports of Copilot's removal were wishful thinking. Microsoft is renaming it, not retiring it, which tells you everything about their intent to keep AI sticky in Windows regardless of what users actually want.
Stanford's AI index surfaces a growing and measurable perception gap between people building AI and people living with it. The divergence on risk, pace, and benefit is widening fast and will become a serious policy and trust problem before long.
"Nothing Ever Happens" auto-buys No on all non-sports Polymarket events on the thesis that dramatic predictions rarely pan out. It is performing well, and the meme is more accurate than most professional forecasters want to admit.
A Substack roundup of this year's breach and incident timeline is genuinely alarming reading. The pace and scale of security incidents in 2026 so far suggests the threat surface is outrunning defenders by a wide margin.
An arXiv paper showing every elementary function can be derived from one binary operator is sitting at 777 on HN and deserves the attention. This is foundational math with real implications for symbolic computation and anyone thinking about how neural architectures represent mathematical structure. Not a weekend read but absolutely worth bookmarking.
GitHub released a first-party stacked diff workflow as a gh extension, bringing Graphite-style stacked PRs to everyone without a paid third-party service. If you work on larger codebases or want tighter incremental code review, try this immediately.
Cloudflare's new cf CLI consolidates the whole platform into one tool and includes a local explorer for browsing resources without touching the dashboard. A genuine quality of life win for anyone who actually lives in the Cloudflare ecosystem.
Subscribe and get Tech & AI Daily delivered to your inbox every morning.