TechLook LogoTechLook
LoginSign Up

Your AI Copilot Just Became an Attack Surface

SIsivaguru·
Your AI Copilot Just Became an Attack Surface

The biggest story today isn't a model launch or a funding round. It's what happened when a hacker asked Meta's AI support bot to reset a password — and it worked.

On Monday, The Guardian reported that Meta had given its AI-powered support tool the ability to handle account recoveries on Facebook and Instagram. Hackers used it to hijack high-profile accounts — including a dormant Obama White House Instagram account, Sephora, and the US Space Force's chief master sergeant — by simply asking. They switched VPNs near the target's region, requested a reset, changed the email address, then owned the account. Meta confirmed the exploit is resolved but hasn't said how many accounts were hit. KTLA and MacRumors have since picked up the same account-takeover flow; a Reddit thread in r/cybersecurity shows the attack in action.

This is the first concrete example of what happens when frontier AI capability meets real-world support infrastructure with no meaningful guardrails. No zero-day required. No advanced prompt injection. Just a conversation and a support workflow that should never have been automate-able. For every builder integrating AI into customer-facing systems: the attack surface is the interface you build, not just the model behind it.

Nine stories matter today. The throughline: AI capability is outrunning the governance around it — in support flows, in equity structures, in drug discovery, in self-driving liability, in who owns the model when it goes wrong. Read on.

The Lead Story

Meta's AI Support Bot Just Handed Out Account Access to Anyone Who Asked

Meta's AI support tool could reset passwords and change account emails — a feature that made support faster but turned the bot into an account takeover machine. Hackers used it to hijack high-profile Instagram accounts by asking for password resets, switching the associated email to their own, and walking away with full control. The Guardian and MacRumors report that the same exploit path was used against multiple verified accounts, including a dormant Obama White House Instagram page, Sephora's brand handle, and the personal account of Space Force chief master sergeant John Bentivegna.

Here's what we know:

  • Meta gave its AI support bot password reset authority in March 2026; the abuse flow emerged publicly over the weekend
  • Attackers used VPN proximity to the target's region, asked the AI to move the account to a new email, then received and accepted verification codes in the same conversation
  • Compromised accounts include the dormant Obama White House Instagram, Sephora, and Space Force chief John Bentivegna; resold within minutes on underground markets
  • Meta says the exploit is now resolved; total number of affected accounts undisclosed — and that's a story of its own
  • The bot exposed a password reset button after accepting verification codes in the same conversation — a flow that would fail any standard security audit

The vulnerability wasn't a flaw in the AI model. It was a workflow decision: giving an AI tool the ability to take actions inside sensitive account systems without step-up authentication, rate limiting, or human oversight. For builders evaluating AI for customer support: the attack surface is the integration, not the model. If the AI can move money, change emails, or reset access — that's a security-critical path that needs the same controls as any other privileged action. See our related reading on Anthropic's zero-day discovery for a deeper look at how AI is reshaping the security stack.

Funding & Markets

Anthropic Files $1T IPO and Quietly Hands Mythos to the EU's Cyber Agency

Two moves in 24 hours from the same company. Anthropic submitted a confidential draft S-1 to the SEC on June 1, per Yahoo Finance and TechCrunch, positioning the company for a public offering that sources say will value it near $1 trillion. The same week, the Financial Times and Politico Europe reported that Anthropic invited the EU's cybersecurity agency ENISA to test Mythos — its powerful vulnerability-finding model — through Project Glasswing. The Mythos EU rollout is the first time the model is being made available outside a narrow US circle.

Here's what we know:

What this means for builders: when the AI infrastructure layer of the next decade goes public, every investor will have skin in the game. The regulatory and safety relationships Anthropic is building with governments now — Mythos in the EU — are the same relationships that will define market access post-IPO. The public markets aren't just funding AI; they're buying a governance story. For the math side of Mythos, see Anthropic's Mythos Passes a Math Test the Industry Has Never Seen Before.

Enterprise Infrastructure

OpenAI's Models Are Now Native to AWS — Including GovCloud

OpenAI is putting GPT-5.5, its frontier models, and Codex directly inside Amazon Web Services — both commercial and GovCloud regions. The move brings OpenAI's full stack into the enterprise infrastructure that security, procurement, and compliance teams already live inside. Amazon announced the rollout alongside the OpenAI–AWS strategic partnership, which includes a co-developed Stateful Runtime Environment.

Here's what we know:

  • GPT-5.5, Codex, and frontier models now generally available on Amazon Bedrock, including GovCloud regions — critical for government and defense contracts
  • Codex, the software engineering agent used by over 5 million people weekly, is now deployable inside AWS workflows
  • Daybreak secure coding integration included — threat modeling, patch checks, and daily engineering work inside AWS
  • For large enterprises: security, billing, compliance, and procurement can now use OpenAI through systems they already own

The real shift here isn't access to the models — many companies already knew they wanted them. It's that enterprise AI adoption can now happen through existing procurement and compliance chains. Security teams don't have to build new infrastructure; they just turn on the API key. For builders: the gap between "testing AI in a small team" and "shipping AI across the business" just got a lot shorter. See our prior analysis of OpenAI deploying its enterprise arm for context on how the sales motion is evolving.

Compute & Hardware

Jensen Huang at COMPUTEX: "The CPU for Agents Is Already Inside Anthropic's Stack"

Nvidia opened COMPUTEX 2026 with a full agent-native stack: new chips, new models, and a clear signal that AI agents — not humans — are now the primary compute consumer it's building for. Jensen Huang called it directly: "Agentic AI has arrived." ServeTheHome's live keynote coverage and the NVIDIA GTC Taipei blog walked through every announcement in detail.

Here's what we know:

  • Vera CPU: Called "the CPU for agents," finishes tasks 1.8x faster than competitors; already in use by Anthropic, OpenAI, and the NYSE — per NVIDIA's official release and Seeking Alpha's coverage
  • RTX Spark: New supercomputer chip built with Microsoft; runs AI agents directly on PCs — "turning Windows from tool to teammate"
  • Cosmos 3: Open robotics model giving robots and self-driving cars the ability to plan ahead, not just react
  • Nemotron 3 Ultra: 550B-parameter open-source model that tops U.S. competitors and matches Chinese models like Qwen3.5 and Kimi K2.6
  • Nvidia's market cap sits above $5 trillion; the company is restructuring its entire stack around software that didn't exist two years ago

For founders and builders, the signal is structural. Nvidia is no longer a GPU company — it's an agent infrastructure company. The compute being sold today isn't for human productivity; it's for software that acts, decides, and iterates without a human in the loop. If you're building agentic products, you're not just using Nvidia's hardware — you're building on top of a company that's explicitly aligned with your workload as its primary customer. For the bigger picture on what that compute means, see The AI Compute War Is Now About Power, Not Just GPUs.

Microsoft Surface Laptop Ultra: The First RTX Spark Machine Ships This Fall

Microsoft dropped the Surface Laptop Ultra at Computex 2026 — the first laptop built on Nvidia's RTX Spark platform. It's aimed at creators, developers, and AI builders, and it's going head-to-head with the MacBook Pro at pricing that starts in MacBook Pro territory. Tom's Hardware and PCMag walked through the spec sheets.

Here's what we know:

  • Up to 128GB unified memory — dynamically allocated between CPU and GPU
  • RTX Spark "superchip": 20 ARM CPU cores, Blackwell GPU with 6,144 CUDA cores, up to 1 petaflop of AI compute
  • 15-inch mini-LED PixelSense Ultra touchscreen — 2K nits peak HDR brightness, the brightest Surface display ever
  • Analysts expect entry pricing around $3,000, fully loaded up to $7,000
  • Asus, Acer, and Dell already lining up RTX Spark devices — Windows on ARM premium segment race is on

This matters for builders because it's the first proof that local AI agent compute has crossed a real product threshold. 128GB unified memory means you can run frontier models locally with context windows that actually work. For developers who need to test agentic workflows without cloud latency — or who want to build products that run on-device — the platform just became real. Our previous-day coverage of Nvidia's RTX Spark and local AI agents has the broader build context.

Policy & Politics

Bernie Sanders Proposes Taking 50% Equity in Large AI Companies

Sen. Bernie Sanders previewed the American A.I. Sovereign Wealth Fund Act in a New York Times op-ed and a Facebook post — a bill that would force the largest AI companies to surrender half their equity into a public fund, with gains paid back to Americans. Yahoo Finance and Interesting Engineering both have the policy text.

Here's what we know:

  • Would route 50% equity of the largest AI companies into a public fund
  • Government would gain voting power and a board seat at OpenAI, Anthropic, and xAI
  • Framed as a one-time equity tax; cites Norway's $2T oil fund and Alaska's oil dividend program as models
  • Sanders: "A.I. is being built on a public resource far more valuable than oil — the accumulated knowledge, creativity, and labor of mankind"
  • Getting AI labs to agree to 50% equity surrender is the hard part; no legislative language filed yet

The framing is political, but the underlying question is real: as AI companies approach public offerings at trillion-dollar valuations, what does the public get for being the foundation they were built on? For builders: if this bill or something like it gains traction, the governance structures of AI companies will change — and the implications for founder control, investor returns, and public accountability are significant. The proposal lands the same week Anthropic files its S-1; that timing is unlikely to be a coincidence.

Mobility

BYD Takes Crash Liability for Its Self-Driving System — And Has the Data to Back It

BYD announced it will pay for crash damage when drivers use its God's Eye 5.0 driver-assistance system legally and still trigger an at-fault accident. It's the first automaker to put financial responsibility behind an ADAS feature — and it has 3.15 million vehicles and 124 million miles of daily driving data to prove it's not bluffing. CleanTechnica and CNEVPost walked through the guarantee structure.

Here's what we know:

  • Covers repairs, third-party property damage, and injuries when Urban Navigate on Autopilot is used legally and causes an at-fault crash
  • Backed by a fleet of 3.15 million ADAS-equipped vehicles — more data than any Western competitor
  • Daily driving data: over 124 million miles logged per day
  • When BYD offered a similar guarantee for smart parking last year, usage jumped from 21% to 93%
  • Puts pressure on Tesla, which still places crash liability on the driver

For builders: BYD's move is a supply-chain signal. If Chinese EVs can underwrite autonomous driving at scale, the competitive pressure on Western automakers to match guarantees — and build the data infrastructure to back them — becomes immediate. The safety and insurance economics of self-driving just changed. (For now the guarantee applies to vehicles operating in China — see the FAQ below for what this means for non-Chinese drivers.)

Hardware & Devices

Apple Glasses Delayed to Late 2027 — Competitors Get a 12-Month Runway

Apple has pushed its AI-powered smart glasses back by about a year. The iPhone-tethered "N50" eyewear — screenless, Ray-Ban Meta-style AI companion with cameras, mics, and on-device assistant — is now targeting late 2027, according to Bloomberg's Mark Gurman. MacRumors and Mashable picked up the same reporting.

Here's what we know:

  • Delay pushed from an early 2027 ship date to late 2027
  • Early versions feature oval-shaped cameras, multiple frame styles, and unique colors
  • Apple's concession: the multimodal AI isn't ready to make the glasses feel "magical"
  • Siri update still on track for end of this year — the voice layer is ready, the visual AI layer isn't
  • Hands competitors — Meta Ray-Ban, Snap, others — a wide-open runway before Cupertino arrives

For builders: the smart glasses market isn't waiting. If you're building AI wearables or spatial computing products, the assumption that Apple would validate the category in 2026 just went away. The window to establish position, build developer tools, and lock in distribution before Apple arrives is now 12 months longer than expected.

The Funding Environment

220 Former Unicorns Now Below Valuation as AI Gold Rush Bifurcates the Market

Recent PitchBook data shows nearly half of America's 857 unicorns haven't raised fresh funding in three years. CNBC reports that over 220 companies once valued above $1 billion are now below that threshold — while roughly $250 billion in venture funding has flowed into just two companies this year: OpenAI and Anthropic.

Here's what we know:

  • 857 total unicorns tracked; nearly half haven't raised in three years
  • 220+ former-billion-dollar startups now below $1B valuation
  • $250B+ in VC funding this year — concentrated almost entirely in OpenAI and Anthropic
  • Rising interest rates repriced startups that soared during the 2021 AI boom
  • Consumer brands like Glossier, Savage X Fenty, and AG1 on the sub-$1B list alongside pre-ChatGPT software companies

What this means for builders: the AI funding environment is not a rising tide — it's a concentrated downpour. If you're raising outside the top two or three AI plays, the funding environment is structurally harder than the headline numbers suggest. The companies getting capital are not the median startup; they're the top of a very steep pyramid. For context on the AI capex side of the same story, see AI Capex Hits $805B and The Tokenmaxxing Reckoning.

Science & Health

A Pill Cut Pancreatic Cancer Death Risk by 60% — The KRAS Pathway Just Changed Oncology

A once-daily oral pill called daraxonrasib became the first drug to nearly double survival in previously treated metastatic pancreatic cancer — one of the deadliest malignancies in oncology. The Phase 3 results, published in the New England Journal of Medicine, are the most significant advance in this indication in decades.

Here's what we know:

  • Phase 3 RASolute 302 trial: 13.2 months median survival vs. 6.7 months on chemotherapy
  • Cut risk of death by 60% — nearly double the progression-free survival (7.2 months vs. ~3.6 months on chemo)
  • About a third of patients saw tumors shrink by 30%+ on imaging
  • Targets KRAS-driven tumors — the mutation underlying most pancreatic cancers and significant portions of lung, colorectal, and other cancers
  • FDA fast track status granted; expanded access program now open
  • KRAS was considered "undruggable" for decades; daraxonrasib is the third drug to crack the target

The 60% reduction in death risk is unprecedented in any Phase 3 trial for this indication. For builders in drug discovery, AI biology, or genomics: the KRAS pathway is now validated as a therapeutic target at scale. The question is what comes next for the other cancers where KRAS drives progression — and which AI-native drug discovery platforms were building against this target before today's data.

⚡ Quick Hits

  • Malaysia Online Safety Act: Children under 16 banned from holding social media accounts starting June 1, 2026, per the country's Online Safety Act. Platforms must implement mandatory ID checks or face fines. A test case for age-gating at scale.

  • Apollo's chief economist, Torsten Sløk: "Zero evidence of AI job losses" — citing ADP data, he argues cheaper technology is creating more demand and more jobs. Business Insider and India Today have the debate. The labor displacement story is running ahead of the aggregate data — but the entry-level path may be a different story.

  • OpenAI–Oracle "Barn" data center: Construction officially broke ground today in Saline Township, Michigan. 1 GW campus, 2,500+ union construction jobs, 450+ permanent on-site roles, $8M for local schools. The Stargate infrastructure buildout continues.

  • Florida AG sues OpenAI and Sam Altman: First state-level lawsuit alleging ChatGPT played a role in planning mass shootings and self-harm cases. Expect more regulatory friction as AI platforms scale.

  • GitLab Transcend: June 10th event in London with global livestream — demos of GitLab Orbit (live knowledge graph), AI agentic do's and don'ts.

The Throughline

Look at the nine stories above and the pattern is hard to miss: capability is running ahead of the rules. An AI support bot can reset a password but not enforce step-up auth. Anthropic can reach $1T while the public has zero equity claim. BYD will underwrite its own driving system; Apple can't ship a vision model on schedule. A pill can crack a "undruggable" cancer target; a sovereign wealth fund can be sketched in an op-ed. The same day, an AI assistant can authorize a password change in one conversation and miss the fact that it's a security-critical path. The model is ready. The systems around the model aren't.

The builders who win the next twelve months will be the ones who treat the model as the easy part and the workflow, governance, and accountability layer as the actual product.

FAQ: What Builders Are Asking After Today's News

What should a startup do today to audit its AI support integrations? Start with the same checklist you'd use for any privileged action: step-up authentication before account state changes, rate limits per identity and per IP, human-in-the-loop for high-impact actions (email change, password reset, money movement, role escalation), and immutable audit logs of every action the model takes. The Meta incident is the lesson: an AI that can move an email address is functionally a privileged admin, and should be governed like one — not like a chat surface.

Does BYD's crash liability guarantee apply outside China? Not yet. The God's Eye 5.0 guarantee is currently structured for vehicles operating in China, with a one-year term for new buyers and a parallel onboarding path for existing owners who upgrade. The signal for non-Chinese markets is competitive pressure, not a transferable warranty — Western automakers and their insurance partners will feel it long before BYD ships a parallel program in Europe or North America.

What does Anthropic's $1T target valuation actually mean for founder control? Two things, both real. First, the IPO forces disclosure: cap table, governance, dual-class structure, and any founder voting overhang becomes public record. Second, the cap table inherits whatever regulatory backdrop lands first — including Sanders' 50% equity proposal, which would directly reduce the float available to public investors. Anthropic's pre-IPO decisions on board composition, voting structure, and dual-class terms will set the template every AI founder references for the next five years.

When is OpenAI on AWS GovCloud generally available? OpenAI frontier models — GPT-5.5, GPT-5.4, and Codex — are now generally available on Amazon Bedrock, with GovCloud support rolling out for select models including the OpenAI GPT OSS family. Procurement for classified workloads is the next gate; expect a separate rollout track for IL5/IL6 environments that may not be public.

What does the Apple Glasses delay actually change for the smart glasses market? It extends the "no Apple" window to roughly 18 months from today. That matters most for developer platforms and distribution — anyone building AI wearables, on-device vision models, or glasses-first UX now has a longer runway to establish a category before Apple's halo effect kicks in. The flip side: by late 2027, Apple will enter a market that already has working products, not a green field, and the bar for "magical" will be higher.

Is the 220 fallen-unicorn number a leading indicator of an AI winter? No — it's the opposite. The repricing is concentrated in pre-AI consumer and SaaS companies whose growth models broke when capital got expensive and AI-native competitors started shipping faster. The AI funding pool itself is at record highs; it's just not lifting adjacent boats. If you're building something that benefits from frontier models, the funding environment is the best it's ever been. If you're building something the AI wave made redundant, the market is telling you so in real time.

Tomorrow on Techlook Daily

We're tracking the Senate Commerce Committee's AI safety hearing, the first reactions to Anthropic's S-1 from buy-side analysts, and whether Meta discloses the full account-takeover count. Plus: the first benchmarks from early Codex-on-Bedrock enterprise deployments.

Want this in your inbox every weekday morning? Techlook Daily runs Monday through Friday. Yesterday's edition: Your Laptop Is Becoming an AI Agent Platform.

Techlook — AI & tech signal for founders and builders.

AI IndustryAI ToolsAI & WorkStartups & FoundersDev & Infrastructure

Related Posts