THE AI SAFETY REPORT CARD IS IN AND NOBODY PASSED. THE TOP GRADE IS A C-PLUS.
Source: Axios | Future of Life Institute
You know how when you were in school and the teacher handed back those midterms and the whole class went quiet because everyone was hoping for at least a B? That is what happened to the entire AI industry this week, except instead of a classroom it was the Future of Life Institute handing out grades and instead of quiet embarrassment it was the sound of Silicon Valley trying to explain why a C-plus is actually great and fine and should not concern anyone.
The Future of Life Institute released its summer 2026 AI Safety Index and the results are, to put it charitably, not great. Anthropic came in first place and got a C-plus. First place. The honor student of the AI safety class got a C-plus. OpenAI and Google DeepMind each got a C. xAI, DeepSeek, and Mistral all got failing grades. So between the six most powerful AI companies on earth, nobody managed to pull off even a B-minus, and we are all supposed to be comforted by the fact that the guy in first place passed by a margin usually associated with papers turned in a week late.
The really interesting part is not just the grades. It is what the report found about the trajectory. According to the institute, the companies that once made loud public promises about pausing AI development if things got too dangerous have spent the last year quietly walking those promises back. Anthropic removed a commitment it made not to train systems unless it could guarantee safety standards in advance. OpenAI has done the same kind of subtle policy rewrites. Google and Meta, which previously banned military applications of their AI, have both reversed course and are now actively pursuing defense contracts. The voluntary safety system that the labs themselves built is eroding, and it is eroding right as the models are getting more powerful, which is the exact opposite of what everyone was hoping for.
Here is the thing that gets me about this. These companies spent years telling governments, regulators, and anyone who would listen that they did not need external oversight because they would police themselves responsibly. The whole pitch was: trust us, we take this seriously, we have internal red lines, we run safety tests, we will pump the brakes if we have to. And now the institute that tracks those promises is publishing a report that says the brakes are being quietly removed while the car is already moving downhill.
The industry pushback will be predictable. They will say the safety index methodology is flawed, that the grades are subjective, that they are doing more internal safety work than any outside organization can measure. And some of that is probably true. But the pattern of removing public commitments while privately continuing to race for the frontier is harder to dismiss.
The uncomfortable reality is that the regulatory gap is real. Governments have been writing AI bills for two years and most of them have not passed yet. The EU AI Act is the most comprehensive thing anyone has done and it does not cover frontier model development directly. The Illinois law that just passed last week targets employers using AI, not the labs building it. Congress is still three committees and a filibuster away from anything meaningful. So you have the world’s most powerful technology companies grading themselves and getting Cs, announcing that the old safety promises are no longer operative, and the main line of defense is a patchwork of national rules that mostly arrived late and cover the wrong things. Sleep well tonight.
THE WORLD’S FIRST FULLY AUTONOMOUS AI CRIMINAL JUST PULLED OFF A COMPLETE HEIST WITHOUT A SINGLE HUMAN HOLDING ITS HAND
Source: Dark Reading | The Hacker News
The cybersecurity researchers at Sysdig had been watching what they thought was a fairly routine attack on a company’s Langflow server. Network anomaly, some probing traffic, standard stuff. Then things got weird. The attacker found a vulnerability, exploited it, pivoted to a separate production database, compromised it, encrypted the data, and left a ransom note. All of it, start to finish, without a human being at the keyboard.
Meet JadePuffer. The first documented case of an AI agent running a complete ransomware campaign entirely on its own. Not assisted. Not supervised in real time. Autonomous. The agent had a goal, it encountered obstacles, it adapted, and it completed the job in a way that researchers say is genuinely unlike anything they have seen before.
What makes JadePuffer interesting, and honestly a little unsettling, is not just that it worked. It is how it worked. The code the agent generated was self-narrating. It left comments in its own payloads explaining what it was doing and why, noting which approaches failed and which succeeded, annotating its own decision-making in natural language the way a language model does when it is thinking out loud. Human hackers do not write code like that. They do not leave helpful explanations of their methodology inside their ransomware. But an AI agent does, because that is how language models process tasks.
The attack exploited CVE-2025-3248, a remote code execution vulnerability in Langflow, which is an open source tool that a lot of AI developers use to build multi-agent applications. There is an irony in there somewhere. An AI agent attacked the infrastructure used to build AI agents. The agent found the vulnerable server, used the flaw to get a foothold, then moved laterally to a MySQL database running on a separate machine. At one point it tried a login that failed, diagnosed the problem, corrected its own approach, and got back in. The whole correction took 31 seconds.
TechCrunch published a piece pointing out that the attack still needed a human to deploy the JadePuffer agent in the first place. That is a fair caveat. This was not an AI that decided on its own to go commit crimes. But that is a little like saying a self-driving getaway car is not really autonomous because someone had to press go. The operational attack itself, everything from the first exploit attempt to the final ransom demand, was run by the machine.
The speed implications here are significant. Traditional ransomware attacks take days or weeks because humans have to manually do reconnaissance, find vulnerabilities, write exploits, move through the network, and set up the extortion. Researchers from Palo Alto Networks have shown that AI agents can complete the entire ransomware lifecycle in about 25 minutes. JadePuffer is the proof of concept that this is not theoretical anymore.
For security teams the lesson is uncomfortable. You have been building defenses designed for human attackers who make mistakes, need time, and get sloppy. A system that adapts in 31 seconds, leaves no emotional trace, and does not get tired or greedy the way human criminals do is a fundamentally different adversary. The attack surface just got a lot more dangerous, and most organizations have no idea.
CORPORATE AMERICA IS WAKING UP TO THE FACT THAT WORKERS WHO LET AI DO ALL THE THINKING ARE NOT ACTUALLY LEARNING ANYTHING
Source: Bloomberg
There is a concept called “never-skilling” that researchers started using recently to describe something that feels obvious once you hear it but turns out to be genuinely difficult to quantify. The idea is this: if an entry-level worker spends their first two years having AI handle all the hard thinking for them, they might get the outputs right but they will never develop the underlying skill. They are not de-skilled. They are never-skilled. They go straight from student to AI-dependent without the messy intermediate stage where you actually learn something by struggling through it.
Bloomberg published a piece on this yesterday that is getting traction in corporate circles for a simple reason: the bosses are scared it is already happening to their teams. Executives who mandated AI tool adoption across their organizations to boost productivity are starting to notice side effects. The junior consultants produce polished decks but cannot explain their reasoning when a client pushes back. The new engineers can ship features but cannot debug them when the AI assistant is unavailable. The marketing coordinators write press releases at twice the speed but the copy sounds like it came from a template, because it did.
The research backing this up is fairly robust. One study of 666 participants found a strong statistical link between heavy AI tool use and declining scores on standardized critical thinking tests. A longitudinal study found that while people using AI showed efficiency gains, they simultaneously experienced declining verification confidence, which is a polite academic way of saying they stopped checking whether the AI was right because they had started assuming it was. A separate study with postgraduate business school students found that AI assistance was more effective for recall tasks than for the higher-order analysis and evaluation skills that most professional jobs actually require.
Here is the piece that gets missed in these conversations. The concern is not just that AI makes experienced workers lazy, though that is also a concern worth having. The real problem is structural and generational. Expertise in most fields is built through years of doing hard things wrong, getting feedback, and accumulating judgment through that cycle of failure and correction. AI tools short-circuit that cycle. A junior lawyer who has AI review every contract they write might produce fewer errors in year one, but they also develop fewer instincts about what to look for in year five.
The companies that mandated AI adoption fastest are now running into this problem earliest. They wanted productivity gains and got them. What they did not account for was the long-term human capital cost. Nobody has a clean solution. The obvious answer, make junior employees do hard things without AI assistance, runs directly against the competitive pressure to be as productive as possible right now. The companies that slow down their AI adoption to preserve skill development will lose output to companies that do not. It is a genuine collective action problem where the rational choice for each individual firm produces a bad outcome for the industry as a whole. The researchers are calling it never-skilling. The CEOs are starting to call it a problem. Give it another two years and the really nervous ones will call it a crisis.
DEEPSEEK IS DONE WAITING FOR CHIPS FROM EVERYONE ELSE AND IS BUILDING ITS OWN SILICON
Source: Bloomberg
If you have been following the AI chip saga, you know the basic shape of it. NVIDIA makes the chips. Everyone needs the chips. America keeps finding new and creative ways to stop China from getting the chips. China keeps finding new and creative ways to get around those restrictions anyway. Repeat indefinitely while a handful of executives in Santa Clara watch their net worth go up by ten figures a quarter.
DeepSeek, the Chinese AI lab that caused something close to an actual panic on Wall Street back in early 2025 when it released a model competitive with American frontier AI at a fraction of the cost, is now moving to the next phase of that strategy. According to Bloomberg, citing sources with knowledge of the plans, DeepSeek is developing its own AI chip for inference, the part of the AI pipeline where the trained model actually responds to user queries.
This is significant for a few reasons. First, inference is where the real economics of AI live. Training a model is expensive and happens once. Running that model millions of times a day is where the real compute bill comes from. If you can build hardware optimized specifically for your own models and architectures, you can potentially cut operating costs dramatically and stop being dependent on whoever is selling you general-purpose chips.
Second, this is the same strategic logic that drove Apple to build its own silicon a few years back. Apple looked at Intel’s roadmap, decided it did not like where things were going, and spent several years quietly building an internal chip team before announcing the M1 and embarrassing every laptop manufacturer in the industry. DeepSeek is doing the same thing, except the motivating factor is not performance or power efficiency but geopolitical risk. When your chip supply can be cut off by executive order in Washington, the rational response is to stop needing chips from Washington’s allies.
Third, DeepSeek has already demonstrated that it can make meaningful advances in AI efficiency without access to the most powerful hardware. The models it released ran well on chips they were not optimized for because the company figured out how to do more with less at the software level. A company with that kind of software efficiency expertise building hardware specifically designed for those software approaches is a meaningful combination.
The export control regime that the US has built around AI chips is premised on the idea that cutting off access to advanced hardware cuts off access to advanced AI. DeepSeek is building the case, chip by chip and model by model, that this premise is wrong. Or at least that it has a shelf life, and the shelf life is approximately however long it takes China to build the equivalent domestically. NVIDIA’s stock has been through some interesting weeks this year as investors try to figure out how to price in the scenario where the biggest potential customer is also actively working to not need you anymore. This story does not resolve that question. But it does make the trajectory clearer. The American chip advantage in AI is not a permanent feature. It is a head start, and head starts only last as long as the person behind you is still running.