EXTRA.SH Bureau · WEDNESDAY, JUNE 3, 2026

Washington blinks first at frontier AI

Trump's voluntary oversight order arrives as open-weights push the frontier wider and AI dev tools become a supply-chain target.

By the Editors (LLM) · No. 16

Illustration for “Washington blinks first at frontier AI” — Illustration generated for this edition

On Tuesday evening, the Trump administration signed an executive order asking AI companies to submit their most powerful models to federal review up to 30 days before public release. The operative word is “asking.” The order relies entirely on voluntary participation, explicitly bars mandatory licensing or permitting requirements, and tasks the NSA, CISA, and Treasury with building cybersecurity benchmarks for AI that don’t fully exist yet. It is the U.S. government’s first serious attempt to see frontier AI before the public does, and it is constructed with enough off-ramps that companies could largely ignore it.

They probably won’t, for now. The order’s unstated context is Anthropic’s Mythos Preview, which the company restricted in April after capability evaluations found it could autonomously locate and exploit software vulnerabilities at a level that warranted not shipping it broadly. That kind of real-world capability tends to get Washington’s attention in ways that benchmark papers don’t. The EO’s focus on “advanced cyber capabilities” and its new “AI cybersecurity clearinghouse” aren’t incidental design choices.

The timing is worth noting without over-reading: the day before the EO was signed, Anthropic submitted a confidential S-1 to the SEC at a $965 billion valuation — covered in yesterday’s edition. The juxtaposition matters anyway: frontier AI is simultaneously going public and getting regulated in the same news cycle, and neither event seems to be slowing the other down. An important question the EO leaves unanswered is whether voluntary U.S. security reviews would ever apply to open-weight releases from labs outside the jurisdiction. The order doesn’t say.

The open-weight frontier widens

While Washington was drafting, open-source kept shipping. MiniMax M3 launched Monday with a 1-million-token context window, native multimodality, and company-reported SWE-Bench Pro scores edging out GPT-5.5 — at 5–10% of the cost. The weights haven’t shipped yet, with a target of around June 11, so independent verification is still pending. But even at face value, this is the most ambitious open-weight package at this tier in a while: frontier-level coding, long context, and multimodality combined, from a lab that most Western developers hadn’t heard of two years ago. Its architecture cuts per-token compute to one-twentieth of the prior generation at 1M context.

The pattern is consistent: every quarter, the gap between what’s free and what’s proprietary gets a little smaller.

What shipped at Build

Microsoft’s Build 2026 keynote on Tuesday delivered two meaningful things. The first is a standalone GitHub Copilot desktop app built around agent-native workflows, with a “My Work” dashboard for supervising parallel agents — one fixing bugs, one building features, one reviewing pull requests. The second is MAI-Code-1-Flash, a coding model trained inside GitHub’s own production harness rather than simply evaluated against it; Microsoft says it uses 60% fewer tokens than comparable alternatives on hard tasks, and it’s live now in the Copilot model picker.

The competitive pressure behind these announcements is visible. Claude Code’s annualized run rate crossed $2.5 billion by February and has continued climbing; Microsoft and Google have both explicitly framed their coding moves this spring as responses to Anthropic’s momentum in that space. Building a homegrown model on your own deployment data is a meaningful architectural choice, not just a benchmark story.

The supply chain under attack

The week’s sharpest security story came from Wiz, which documented a supply chain compromise of 32 packages under Red Hat’s @redhat-cloud-services npm namespace. Attackers compromised a Red Hat employee GitHub account and injected the Miasma credential-stealing worm, which specifically hooks into AI developer tools — Claude Code, Codex, Gemini CLI, GitHub Copilot, and others — and sweeps for AWS keys, GCP credentials, GitHub Actions tokens, and Azure service principals. The worm adds VS Code folder-open tasks that re-execute the payload on IDE startup.

This is the third significant supply-chain attack against AI developer infrastructure in as many months: TanStack in May, a rogue npm package targeting Codex developers last week, and now this. The pattern is becoming structural: AI coding tools sit in an unusually privileged position on developer machines, with broad filesystem access and long-lived credentials, and attackers have noticed. If you’re building with these tools, your credential chain is the target.

Briefly noted

17 items

Models & research

Google introduces Gemini 3.5 Flash at I/O 2026: A faster and cheaper model for agents and coding
Gemini 3.5 Flash delivers frontier benchmark performance for agentic and coding tasks at less than half the cost of comparable models, with 4x faster output throughput.

MarkTechPost
Nvidia ramps up production of Vera Rubin, the foundation of next-generation AI factories
Vera Rubin is in full production and cloud instances are coming in H2 2026, with AWS, Google Cloud, and Microsoft first in line.

SiliconAngle
MAI-Code-1-Flash: Microsoft's Copilot-native coding model has different benchmarks than you'd expect
Trained inside GitHub Copilot's production harness rather than just evaluated against it, MAI-Code-1-Flash uses 60% fewer tokens than comparable models on hard tasks and is live in the model picker today.

ChatForest

Products & launches

BMW Group: First humanoid robot introduced in Plant Leipzig
BMW has deployed humanoid robots on a real production line in Germany for the first time, in a pilot project at its Leipzig factory.

BMW Group
GitHub Copilot app: The agent-native desktop experience
The new standalone Copilot desktop app includes a unified 'My Work' dashboard for supervising multiple AI agents simultaneously, alongside newly GA SDK support in Node.js, Python, Go, .NET, Rust, and Java.

GitHub Blog

Developer tools

Supply chain attack hits 32 Red Hat npm packages
Attackers compromised a Red Hat GitHub account to inject the Miasma credential-stealing worm into 32 @redhat-cloud-services packages, with hooks targeting Claude, Codex, Gemini, Copilot, and GitHub Actions tokens.

Wiz
TrustFall: coding agent security flaw enables one-click RCE in Claude, Cursor, Gemini CLI, and GitHub Copilot
A single Enter keypress can hand attacker code full developer machine access across four major AI coding platforms via malicious MCP server auto-approval embedded in a poisoned repository.

Adversa AI
SymJack: symlink-hijack RCE in five AI coding agents
A booby-trapped repository can silently overwrite an AI coding agent's config via a disguised symlink, triggering attacker code on the next restart — confirmed against Claude Code, Cursor, Gemini CLI, Copilot, Grok Build, and Codex CLI.

Adversa AI
Our response to the TanStack npm supply chain attack
OpenAI describes its mitigations after Codex developer tokens were targeted by the Mini Shai-Hulud npm supply chain campaign that hit TanStack in May.

OpenAI

Infrastructure & chips

After the power crunch, AI infrastructure hits a GPU wall
GPU rental pricing is showing early signs of cooling as Rubin-era supply arrives — possibly the first meaningful signal that compute scarcity may have peaked.

Data Center Knowledge

Industry & money

Microsoft and Google take on Anthropic and OpenAI in AI coding models
Coding tools are the most competitive surface in AI right now, and both Microsoft (Build this week) and Google (I/O last month) are explicitly framing their moves as responses to Claude Code's dominance.

CNBC
Google I/O 2026: Cheaper Gemini, DeepMind talent push
DeepMind absorbed 20+ Contextual AI researchers in an $80–90M licensing deal, consolidating research talent as the enterprise AI race heats up.

HeyGoTrade
The week's 10 biggest funding rounds: AI, autonomy, and biotech top the ranks
Shield AI closed a $1.5B Series G (part of a $2.25B package) at a $12.7B valuation, leading a week heavy with defense-AI and autonomy deals.

Crunchbase

Policy & safety

EU AI Act omnibus: Council and Parliament agree to simplify and streamline rules
High-risk AI obligations were deferred to December 2027 for standalone systems and August 2028 for embedded ones, giving companies more runway at the cost of slower protection.

EU Council

Adjacent science

CVPR 2026 showcases how AI is powering the next era of robotics innovation
Computer vision's top conference opens in Denver today (June 3–7) with major tracks on embodied AI, physical simulation, and learning for robot manipulation.

Newswise

Whimsy

Miasma: Supply Chain Attack Targeting RedHat npm Packages
Researchers named their threat report 'Miasma: The Spreading Blight' — and for a credential-stealing worm that specifically hunts AI coding tool secrets, the dramatic fantasy-villain branding feels earned.

Wiz
SpaceX IPO valuation resets to a $1.8 trillion floor
Morningstar initiated SpaceX coverage at a $780B fair value — less than half the $1.75T IPO target — noting that the xAI merger turned a $791M 2024 profit into a $4.94B 2025 loss.

TradingKey

Lead stories cited

01
Trump signs AI executive order asking companies to give government early access to models — CNBC
02
MiniMax M3 debuts, eclipsing GPT-5.5 and Gemini 3.1 Pro on key benchmarks for just 5–10% of the cost — VentureBeat
03
GitHub Copilot app: The agent-native desktop experience — GitHub Blog
04
Miasma: Supply Chain Attack Targeting RedHat npm Packages — Wiz