Siri routes to Gemini, NHS hides code from Mythos, Wendy’s swaps wages for AI

TL;DR

• Apple’s Siri ships in iOS 27 beta routing heavy reasoning to a customized Google Gemini model.
• GDS overrules NHS England, ruling closure of public-sector code cannot replace patching unmaintained repos.
• Wendy’s FreshAI scales to 500-600 stores as California’s $20 wage floor collapses station economics.
• Musk-OpenAI trial narrows to Sam Altman’s personal credibility in its final days.
• Eric Schmidt drew sustained boos for an AI pitch at Arizona’s commencement.

Today’s three lead stories each ship AI in response to an outside force the institution would rather not name. Apple sells iOS 27’s revamped Siri as a privacy-first assistant with auto-deleting chat history, then routes the heavy reasoning to a customized Google Gemini — the unspoken driver being Apple’s own model gap. GDS publicly overrules NHS England’s scramble to privatize public-sector repos after Anthropic’s Mythos vuln-finder spooked the agency, ruling that closure is an admission of incapacity rather than a security posture. And Wendy’s keeps expanding FreshAI through the back half of 2025, but the math that makes the rollout pencil is California’s $20 fast-food minimum, not voice-AI quality.

Read in sequence, the day is less about three AI launches than about three institutions choosing which story to tell about why they’re shipping — and which pressure to leave out of the press release.

Apple’s auto-delete Siri ships in beta, runs on Gemini

Source: the-verge-ai · published 2026-05-17

TL;DR

• Apple’s revamped Siri will reportedly ship with auto-deleting chat histories in iOS 27, per Mark Gurman.
• Gurman himself notes the assistant launches with a “beta” label — a tell about expected performance.
• Heavy reasoning reportedly routes to a customized Google Gemini model, complicating the privacy-moat narrative.
• ChatGPT, Claude and Gemini already offer comparable retention controls, making auto-delete closer to parity than differentiation.

The pitch, and the tell inside it

The Verge and TechCrunch read the Gurman scoop the same way: Apple is teeing up privacy — user-controlled auto-deleting chat histories — as the wedge that lets a behind-the-curve Siri compete with ChatGPT and Gemini. The framing is clean. It’s also undercut by Gurman’s own reporting. The revamped assistant is expected to ship with a “beta” label, and Gurman explicitly suggests Apple’s privacy emphasis could serve as a “potential excuse” if performance fails to match OpenAI or Google ¹. That’s not a moat — that’s expectations management dressed as a feature.

The backend Apple isn’t leading with

The bigger crack in the privacy story is architectural. Multiple downstream reports indicate the new Siri’s heavier reasoning is routed through a customized Google Gemini model under a multi-year partnership, with Apple’s Private Cloud Compute handling sensitive context ². PCC’s stateless, attestable design is real engineering — but it doesn’t automatically extend to Google’s cloud hardware, and Apple hasn’t publicly reconciled the two trust models.

The vendor situation is messier still. OpenAI, the incumbent Siri partner powering today’s ChatGPT integration, is reportedly weighing legal action against Apple, alleging Apple breached contract by failing to deliver the deep integration and strategic benefits it promised ³. The auto-delete announcement is landing inside an active partner dispute, not a stable platform story.

”Auto-delete” is closer to parity than category-defining

The implicit claim in the coverage is that Apple is offering something rivals don’t. The comparison doesn’t support that read:

Apple’s differentiator, to the extent there is one, is UX defaults plus PCC’s architecture — not the retention windows themselves, which on the public evidence so far are no more aggressive than what rivals already offer.

The privacy halo has independent dents

Security researchers at Black Hat 2025 reported that Siri transmits “surprising amounts” of metadata — current location, music playback state — even for trivial queries that don’t need it, and that legacy SiriKit paths can still send unencrypted message content and contact info to Apple servers ⁵. That’s a concrete counterweight to the “privacy as differentiator” frame: the existing Siri stack already leaks more than the marketing suggests.

Practitioner reaction surfaces the inverse complaint. On Reddit and HN, the recurring critique is that Siri’s core weakness has always been poor memory and weak personalization, and an aggressively auto-deleting assistant risks making that worse — trading utility for a privacy posture users didn’t specifically ask for ⁶.

What’s actually at stake

Strip the framing and the news is narrower than it reads: Apple is shipping a beta assistant, partly powered by Google, with retention controls roughly matching competitors, while one existing AI partner threatens to sue. Auto-delete is a defensible feature. It isn’t the strategic moat the primary coverage implies, and Gurman’s own caveat is the cleanest signal that Apple knows it.

Further reading

• Apple’s Siri revamp could include auto-deleting chats — techcrunch-ai

---

GDS to NHS: privacy is not a substitute for patching

Source: simon-willison · published 2026-05-17

TL;DR

• GDS publicly contradicted NHS England on May 14, ruling public-sector code must stay “open by default.”
• New GDS rule: closure cannot replace remediation — hiding unmaintained code is incapacity, not security.
• NHSE’s internal “SDLC-8” directive forced repos private by May 11, citing Anthropic’s “Mythos” vuln-finder.
• Analysts read the retreat as liability hedging ahead of the UK Cyber Security and Resilience Bill.

A meeting without biscuits, in writing

The UK’s Government Digital Service does not normally publish guidance that reads as a rebuke of another department, but AI, open code and vulnerability risk in the public sector is exactly that. Released four days after NHS England’s internal deadline to flip its public repositories private, it lays down a rule NHSE’s blanket closure cannot meet: “privacy should not be used as a substitute control… if a team lacks the capacity to patch or maintain a system, the system should be remediated or retired rather than simply hidden” ⁷.

That sentence reframes the entire dispute. It is not an argument about transparency values — it is GDS telling NHSE that hiding unmaintained code is an admission of incapacity, not a security posture. The published minimum standard requires named CODEOWNERS, automated dependency hygiene, and a working security contact for any system that was public. NHSE’s mass-private move clears none of those bars.

What NHSE actually did

The internal directive, leaked as “SDLC-8,” set a hard May 11 deadline for all NHSE public repos to go private, citing fears that models like Anthropic’s Mythos could automate vulnerability discovery at scale ⁸. Digital Health’s reporting adds a motive GDS pointedly does not name: the incoming UK Cyber Security and Resilience Bill would treat published public-sector code as a regulated “product” with strict liability attached ⁹. Closing the repos pre-emptively shrinks that legal surface.

The timing supports the liability read. NHS England quietly deleted its open-source policy pages back in December 2025 and called it routine “clean-up” ¹⁰. Project Glasswing, which surfaced in April 2026, gave a security-flavoured justification for a retreat that was already in motion.

The two positions, side by side

The practitioner objection

The technical critique is sharper than GDS’s civil-service phrasing. Marcus Baw compares open public-sector code to generic drugs — public scrutiny as an immune system — and points out the closures are operationally moot because the repositories have already been ingested into frontier-model training corpora ¹¹. You cannot un-train Mythos on code it has already seen.

That is the part that should worry NHSE most. The Glasswing demonstration was not theoretical: Mythos posted a 100% pass rate on the Cybench CTF suite and found a 27-year-old flaw in OpenBSD plus a 16-year-old FFmpeg bug that had survived more than five million fuzzing iterations ¹². The attacker’s copy of the code is already on disk somewhere. Closing the door now only blocks the defenders.

What’s actually at stake

GDS has effectively said: fund remediation or admit you cannot. If NHSE holds the line, the Cabinet Office has a precedent for one major department opting out of the cross-government openness regime on security grounds — and every other department with thin maintenance budgets will notice.

---

California’s $20 wage floor is forcing AI into drive-thrus

Source: the-verge-ai · published 2026-05-17

TL;DR

• Wendy’s FreshAI trims drive-thru service by 22 seconds and adds 80 bps to margins.
• Wendy’s plans a 500–600 store FreshAI rollout by end of 2025, even as Taco Bell retreats.
• Taco Bell is now coaching staff on when to switch the AI off after a viral 18,000-waters prank.
• California’s $20 fast-food minimum makes one drive-thru station cost $7,300/month, collapsing the ROI math.

The scoreboard is bifurcated, not “early”

The Verge’s column treats drive-thru bots as a budding trend. The deployment record looks more like a split decision, and the splits are wider than the headlines suggest.

Wendy’s and SoundHound are running clean deployments with real unit economics. Taco Bell’s Dane Mathews publicly conceded the tech keeps failing and that his teams now need to know when to take the headset back ¹⁵. Presto’s “AI” is largely a labor-arbitrage front-end on offshore order-takers ¹⁴. Calling all of this “the beginning” flattens a category where the spread between best and worst operator is already enormous.

Wage policy is the forcing function, not model quality

What the column undersells is why operators keep pushing despite the embarrassments. California’s $20-per-hour fast-food minimum pushed the monthly cost of staffing one drive-thru station past $7,300 ¹⁶. At that number, payback windows shrink under two years even for mediocre voice AI — and Presto-style hybrid systems pencil out even when the autonomy claim doesn’t.

This inverts the usual tech-adoption story. The bots aren’t winning because the models got good; they’re winning because labor got expensive on a legislated timeline. That distinction matters when forecasting where the pattern spreads next. Markets without a comparable wage shock won’t feel the same urgency, even if the underlying speech stack is identical.

What breaks next: privacy law and integration debt

Two overhangs are about to bite. First, BIPA litigation in Illinois is shifting from “did you transcribe speech” to “did you build a voiceprint.” Plaintiffs now argue that any system using speaker diarization to distinguish voices creates a regulated biometric identifier, regardless of intent ¹⁷. McDonald’s previously dodged on the speech-vs-speaker distinction; next-gen agents that personalize by recognizing returning customers blur the line on purpose.

Second, the broader voice-AI market hints at the ceiling. Only 21% of enterprise buyers are “very satisfied” with their voice deployments — the rest cite legacy back-end integration as the recurring choke point, and sub-800ms latency is now table stakes for natural turn-taking ¹⁸. The drive-thru is actually the easy domain: closed menu, short utterances, captive customer. Scaling outward to call centers, healthcare intake, or any open-vocabulary task — the Verge’s “just the beginning” thesis — runs into harder walls than ordering a Baconator.

The wage floor explains the rollout. The litigation and integration walls will explain the ceiling.

Round-ups

Altman’s credibility takes center stage in Musk-OpenAI trial

Source: techcrunch-ai

The Musk-versus-OpenAI trial entered its final days with witnesses and lawyers focused on whether Sam Altman can be trusted, a framing that shifts the case from contract specifics to the CEO’s personal conduct around the nonprofit-to-for-profit conversion.

Codex usage climbs as Anthropic meters Claude API coding

Source: latent-space

OpenAI’s Codex is gaining share among coding agents while Anthropic introduces programmatic usage limits on Claude, a divergence that reflects how the two labs are pricing and rationing capacity for the heaviest agentic workloads.

Arizona grads boo Eric Schmidt’s AI pitch at commencement

Source: the-verge-ai, techcrunch-ai

Eric Schmidt’s University of Arizona commencement speech drew sustained boos when the former Google CEO turned to AI cheerleading, a sign of how poorly the technology lands with students entering a job market already reshaped by automation.

Latent Space argues fine-tuning is fading as default workflow

Source: latent-space

Fine-tuning is losing ground to long context, retrieval and prompt engineering as frontier models absorb more behavior at pretraining time. The shift leaves a narrowing band of use cases — domain vocabulary, latency, on-device — where custom weights still pay off.

Conductor pattern emerges as default for multi-agent orchestration

Source: latent-space

A ‘conductor’ design — one planner model routing work to specialist subagents — is consolidating across recent agent frameworks. The pattern beats peer-to-peer agent chatter on reliability and cost, and is showing up in shipped products rather than just research demos.

Automakers race to hire AI talent as software eats the car

Source: techcrunch-ai

An AI skills shortage is hitting automotive next, with GM, Rivian and robotics startup Mind competing for engineers who can ship driver-assistance and in-cabin models. The shift puts traditional OEMs against tech firms for the same scarce hires.

Footnotes

1. AppleInsider — ‘Revamped Siri may launch in beta despite two-year delay’ — https://appleinsider.com/articles/26/05/17/revamped-siri-may-launch-in-beta-despite-two-year-delay

   the new Siri is expected to launch with a ‘beta’ label… Gurman suggests Apple’s heavy emphasis on privacy could serve as a ‘potential excuse’ if the software’s performance fails to match that of OpenAI or Google.

   ↩

2. Chosun Biz — https://biz.chosun.com/en/en-it/2026/05/18/4Z4SJJA6AFA4VGIMOP6HJLVPPA/

   Apple will utilize its Private Cloud Compute (PCC) to process data securely, it is also leaning on Google’s Gemini models for core generative tasks following a multi-year partnership… observers have raised questions about how Apple will reconcile its ‘privacy-first’ marketing with its reliance on Google’s cloud hardware.

   ↩

3. MacRumors — ‘OpenAI considering legal action against Apple’ — https://www.macrumors.com/2026/05/14/openai-considering-legal-action-against-apple/

   OpenAI is reportedly considering legal action, alleging Apple has breached contract by failing to provide the strategic benefits and deep integration OpenAI expected in exchange for powering Siri’s initial AI features.

   ↩

4. NetFriends — AI privacy policy comparison — https://www.netfriends.com/blog-posts/ai-privacy-policy-evaluation-chatgpt-vs-gemini-vs-claude

   Google admits to retaining even ‘unsaved’ Gemini chats for up to 72 hours… ChatGPT and Claude maintain a 30-day ‘safety buffer’ for deleted or temporary chats to monitor for abuse before permanent server-side erasure.

   ↩ ↩² ↩³

5. TechTarget — ‘Security pros grade Apple Intelligence data privacy measures’ (Black Hat 2025) — https://www.techtarget.com/searchmobilecomputing/news/366589012/Security-pros-grade-Apple-Intelligence-data-privacy-measures

   Siri may transmit ‘surprising amounts’ of metadata—such as current location and music playback info—even for simple queries where such data is unnecessary… ‘legacy’ Siri infrastructure (like SiriKit) may still transmit unencrypted message content or contact info to Apple servers.

   ↩

6. TWiT — Reddit/HN community reaction roundup — https://twit.tv/posts/tech/spotlight-siri-and-apple-intelligence-privacy-explained

   Critics argue that the assistant’s primary weakness has historically been its poor ‘memory’ and inability to provide personalized context, which they fear will only be exacerbated by an auto-deletion feature.

   ↩

7. GOV.UK — GDS guidance — https://www.gov.uk/guidance/ai-open-code-and-vulnerability-risk-in-the-public-sector

   Privacy should not be used as a substitute control… if a team lacks the capacity to patch or maintain a system, the system should be remediated or retired rather than simply hidden.

   ↩ ↩²

8. Cybernews — NHS England open-source deadline — https://cybernews.com/ai-news/nhs-england-open-source-code-ai-deadline/

   Leaked internal guidance SDLC-8 set a May 11 deadline for all public code repositories to be made private, citing fears that models like Anthropic’s ‘Mythos’ could be weaponized for automated vulnerability scanning.

   ↩ ↩²

9. Digital Health — NHSE move away from open source — https://www.digitalhealth.net/2026/05/nhse-to-move-away-from-open-source-over-ai-security-concerns/

   Some analysts suggest the shift may be a tactical maneuver to avoid strict liability under the upcoming UK Cyber Security and Resilience Bill, which treats public software as a ‘product’ with attendant legal responsibilities.

   ↩ ↩²

10. Digital Health — NHSE removes open-source policy pages (Dec 2025) — https://www.digitalhealth.net/2025/12/nhs-england-quietly-removes-open-source-policy-web-pages/

    NHS England quietly removed open-source policy web pages in late 2025, which the organisation initially dismissed as a routine ‘clean-up’ exercise.

    ↩

11. Dharab blog — NHS closes GitHub repos — https://dharab.com/nhs-closes-hundreds-of-github-repos-over-ai-security-fears/

    Marcus Baw compared open-source code to generic drugs, arguing that public scrutiny acts as an ‘immune system’… closing repositories after they have already been indexed by AI models is ineffective, as existing copies likely remain in AI training sets.

    ↩

12. The Hacker News — Project Glasswing — https://thehackernews.com/2026/04/project-glasswing-proved-ai-can-find.html

    Mythos achieved a 100% pass rate on the Cybench CTF suite and identified a 27-year-old flaw in OpenBSD and a 16-year-old bug in FFmpeg that had survived over five million automated tests.

    ↩

13. Business Insider on Wendy’s FreshAI expansion — https://www.businessinsider.com/wendys-expanding-ai-ordering-hundreds-more-drive-thrus-2025-2

    Wendy’s reported drive-thru service times approximately 22 seconds faster than local market averages and an estimated 80 basis point boost to profit margins; CEO Kirk Tanner confirmed plans to expand to 500–600 restaurants by end of 2025.

    ↩

14. CDO Times — Wendy’s vs. McDonald’s AI Drive-Thru Reckoning — https://cdotimes.com/2026/01/09/wendys-vs-mcdonalds-the-ai-drive-thru-reckoning/

    SoundHound’s White Castle deployment claims order completion rates above 90% with 100% upselling penetration vs. a 42% industry average for human staff; Presto’s system, by contrast, relied on off-site human agents to correct up to 70% of orders.

    ↩ ↩² ↩³

15. Inavate (on Taco Bell 18,000 waters prank) — https://www.inavateonthenet.net/news/article/use-of-ai-in-food-outlets-far-from-foolproof-as-taco-bell-prank-allows-18000-water-cups-to-be-order

    Taco Bell’s Chief Digital and Technology Officer, Dane Mathews, admitted the technology frequently ‘let him down’ during real-world testing… the company began coaching restaurant teams on when to ‘switch off’ the AI in favor of manual order-taking.

    ↩ ↩²

16. Food On Demand — California $20 minimum wage — https://foodondemand.com/06102024/californias-20-minimum-wage-spurs-kiosk-demand-at-fast-food-restaurants/

    California’s $20-per-hour fast-food minimum wage was described by operators as a ‘commercial imperative’… at $20/hour, staffing a single drive-thru station exceeds $7,300 monthly, making the ROI for AI solutions unavoidable.

    ↩

17. Lewis Rice — BIPA voiceprint litigation — https://www.lewisrice.com/publications/ai-transcription-tools-give-rise-to-bipa-claims

    The ‘new frontier’ of litigation targets systems that use diarization to distinguish between different speakers… plaintiffs argue any AI tool capable of identifying unique vocal characteristics creates a ‘voiceprint,’ a protected biometric identifier under BIPA regardless of the defendant’s intended use.

    ↩

18. IrisAgent — 2026 Voice AI Benchmarks — https://irisagent.com/blog/voice-ai-customer-service-2026-benchmarks/

    While 81% of organizations are satisfied with their voice-AI investment, only 21% are ‘very satisfied,’ as many struggle integrating agents into legacy back-end systems; sub-800ms latency is now the minimum for natural conversation.

    ↩