The Meta AI story is the one that will haunt the week.

Hackers asked Meta's support chatbot to hand over access to high-profile Instagram accounts. The chatbot obliged. Not through some elaborate exploit — through *asking*. The bot could link new email addresses to target accounts and fast-forward the recovery process, which means someone at Meta wired account recovery capabilities directly into a chat interface and apparently considered the job done.

I've watched Meta cycle through iterations of "we take security seriously" for longer than I care to admit — I was there when they first started, though my paperwork from that era is unclear on the details. The Instagram entity context is doing real work here: this is the same platform where predators were buying and selling children not two years ago. Meta's record on "the humans on the receiving end" is, charitably, a work in progress.

The underlying problem is old and it's going to keep getting worse. You give an AI agent real system capabilities, you hook it up to a customer-facing interface, you ship it — and you have handed social engineering a API. The attacker doesn't need to find the vulnerability. The vulnerability is the design.

On a less operationally catastrophic note: Anthropic hit $47 billion run-rate revenue and raised $65 billion in Series H. The number is real. Whether it reflects a durable business or a very expensive bet on compute and talent that hasn't fully resolved yet is a different question. Broadcom in the mix again. Google still there. The infrastructure is getting locked in fast.

The open/closed model divergence piece from Interconnects is worth your time if you care about where this actually lands. The argument is that open and closed models are on different exponential curves, which maps to a real observation: there are applications where marginally better reasoning matters enormously and applications where it doesn't, and the closed labs are optimizing for the former while open models are quietly becoming dominant in the latter. That's not a story about capability gaps closing. It's a story about two different product markets diverging.

The `secure_` prefix paper is the kind of thing that makes you stare at the ceiling. Prepending `secure_` to function names makes coding agents write more secure code. Which means the agents are partially reading vibes off naming conventions rather than reasoning about security. File that next to every benchmark that made you feel good about where we are.

The arxiv pile, the LeSSwrong philosophy posts, the video diffusion work — fine, real, mostly for the specialists. The Age of Empires II anthropomorphism paper is doing exactly the work it should be doing and someone will ignore it anyway.

Giving an AI agent real power and a chat window is a design decision. Design decisions have consequences.