JS Wei (Jack) Sun

AI Curated

Siri ships on Gemini, OpenAI files at -122% margin, worm hits 73 MS repos

Apple's Siri ships on Google's Gemini, OpenAI files a confidential S-1 at -122% margin, and a worm hits 73 Microsoft repos.

Siri ships on Gemini, OpenAI files at -122% margin, worm hits 73 MS repos

TL;DR

  • Apple’s Siri AI ships powered by Google’s Gemini after Ruoming Pang’s team defected to Meta for ~$200M.
  • OpenAI filed a confidential S-1 with a -122% operating margin, 7 days behind Anthropic’s $965B filing.
  • BofA warns paired OpenAI–Anthropic listings could push tech to 48%+ of the S&P 500, a bubble-peak threshold.
  • Miasma worm burned 73 Microsoft repos in 105 seconds via .claude/settings.json and .vscode/tasks.json hooks.
  • Poisoned packages carried valid SLSA provenance via OIDC tokens scraped from CI runner memory.

Three AI-news leads today land in three separate domains. Apple’s Siri AI ships running on Google’s Gemini — framed as collaboration, the same week Ruoming Pang’s Foundation Models leadership reportedly defected to Meta on a ~$200M package. OpenAI’s confidential S-1 dropped 7 days behind Anthropic’s, with PitchBook reading the numbers — a -122% operating margin, $2 spent per $1 earned — as insider liquidity rather than operating strength. And the Miasma worm burned 73 Microsoft repos in roughly 105 seconds by riding AI-agent config files (.claude/settings.json, .vscode/tasks.json) that fire on folder-open, with poisoned packages carrying valid SLSA provenance.

The round-up pool leans heavily OpenAI: a ‘benefit everyone’ vision post, the new Economic Research Exchange, the reported ChatGPT overhaul, and Worldcoin layoffs all land in the same week as the IPO filing — pre-public narrative-shaping in real time.

OpenAI files S-1 a week after Anthropic’s $965B filing

Source: openai-blog · published 2026-06-08

TL;DR

  • OpenAI submitted a confidential S-1 on June 8, 7 days after Anthropic’s June 1 filing.
  • PitchBook ranks OpenAI last on AI business quality with a -122% operating margin — $2 spent per $1 earned.
  • Anthropic reportedly loses $100–$200 per heavy Claude Code user, reframing its IPO as insider liquidity not operating strength.
  • BofA warns the paired listings could push tech to 48%+ of the S&P 500, a historic bubble-peak threshold.

The 7-day sequence is the story

OpenAI’s blog post frames its confidential S-1 as a procedural option that “preserves flexibility.” The market is reading it as the second move in a two-move game. Anthropic filed first on June 1 at a $965B valuation, briefly leapfrogging OpenAI’s $852B private mark and forcing the frontier-AI valuation narrative onto its own terms 1. OpenAI’s 7-day delay let it watch the initial reaction before committing to its own near-trillion-dollar pitch 2.

The sequencing matters because, until now, frontier-AI economics have been visible only through leaked decks and selective vendor disclosures. Two confidential S-1s a week apart create the first apples-to-apples disclosure event the public market has had on this category.

Unit economics, side by side

The forced comparison does not flatter either filer equally.

MetricOpenAIAnthropic
Reported valuation~$852B~$965B 1
Operating margin-122% 3not disclosed
Capital efficiencylast among peers 3$0.23 ARR per $1 raised 3
Per-user economicsnot disclosed-$100 to -$200 per heavy user 4

PitchBook’s “AI business quality” scorecard puts OpenAI last among peers, spending roughly $2 for every $1 earned 3. Anthropic looks better on capital efficiency but worse on per-user cost: Business Insider reports it loses $100–$200 on heavy Claude Code users, which is why analysts there describe the IPO as an “exit strategy” rather than a victory lap 4. The clean “Anthropic profitable, OpenAI burning” framing the vendor narrative invites doesn’t survive the actual numbers.

Overhangs the SEC will surface

OpenAI carries S-1 risk factors its blog conspicuously elides. Florida AG James Uthmeier filed a first-in-the-nation state-led lawsuit against OpenAI and Sam Altman alleging deceptive marketing of ChatGPT to minors — the kind of regulatory action the SEC will require be disclosed as a material risk 5. The unresolved civil-rights challenges to the California PBC conversion and the two-thirds supermajority CEO-removal bylaw will also have to surface in plain English for the first time.

Anthropic’s overhang is different but not smaller. Days after filing, it published a “pause frontier AI” essay — a contradiction observers flagged as either credibility theater or a hedge against safety-driven regulation that would hit competitors harder 4.

What’s actually at stake

BofA’s Michael Hartnett warned that adding these mega-caps to the S&P 500 could push technology’s weight past 48%, a level historically associated with major bubble peaks; TS Lombard read the rush to file as insiders trying to offload at maximum euphoria 6. That is the real question the paired filings put to the market: not whether either company can list, but whether public investors will underwrite trillion-dollar valuations attached to negative margins, untested governance structures, and active state-AG litigation. The 7-day gap turned what could have been two separate disclosure events into one referendum.

Further reading

Apple’s new Siri runs on Gemini after AFM team exodus

Source: techcrunch-ai · published 2026-06-08

TL;DR

  • Siri AI ships powered by Google’s Gemini family, not Apple’s own Foundation Models, marketed as “collaboration.”
  • $250M settlement over 2024’s undelivered Siri promises set the keynote’s careful, on-device demo tone.
  • Ruoming Pang and deputies left Apple’s Foundation Models group for Meta on a reported ~$200M package.
  • AAPL closed at $307.38, erasing an intraday rally to $317 as investors digested the dependency.

The keynote a lawsuit wrote

Watch WWDC 2026 with the sound off and you can see the legal review. Gone are the cinematic concept videos that got Apple into trouble in 2024; in their place, on-device captures of Siri pulling a flight number from Mail mid-call, Photos’ Reframe nudging a horizon line, Shortcuts wiring up a workflow from a natural-language prompt. The discipline is new because the price of the old discipline just got published: a $250M settlement paying iPhone 16 and 15 Pro buyers $25–$95 per device for the “dramatically enhanced Siri” Apple advertised and never shipped 7. Gene Munster’s read — that much of what Apple showed is “re-announced” from 2024 and may not land with consumers until mid-2027 — stings precisely because the company has now paid cash for that exact pattern 8.

Gemini wasn’t a choice, it was a fallback

Apple framed the Gemini integration as a partnership. Independent reporting describes something closer to triage. Through early 2025, Siri chief Mike Rockwell reportedly dismissed external-model rumors as “bullshit” to staff who could already see a bake-off running between Google, OpenAI, and Anthropic 9. The reason the bake-off existed: Ruoming Pang, the distinguished engineer running Apple’s Foundation Models (AFM) group, decamped to Meta’s Superintelligence Labs on a package valued around $200M, taking lieutenants Tom Gunter and Mark Lee with him 10. AFM didn’t lose a competition with Gemini on benchmarks. It lost its bench. The “next generation of Apple Foundation Models, developed in collaboration with Google” is the diplomatic phrasing for an org chart that no longer supports a frontier in-house model.

Three Siris, not one

The “one Siri across your devices” pitch also fragments the moment you cross a border. English-only at launch, EU rollout pending DMA compliance, and a complete backend swap in China to satisfy the Cyberspace Administration 11:

RegionBackendLaunch status
USGoogle GeminiEnglish-only
EUGeminiDelayed, DMA review
ChinaAlibaba Qwen (language) + Baidu (visual)Not at launch

For a company whose moat is hardware-software integration across a single global stack, shipping three different model substrates is a real architectural concession — and one Apple did not foreground on stage.

What actually shipped, and what to watch

Strip away the framing and there is real product: a standalone Siri app with cross-app context, a Photos Reframe/Extend pair that finally makes generative edits look native, an Image Playground that no longer embarrasses itself, AI-authored Shortcuts, and an iOS 27 support list reaching back to the iPhone 11 with credible speed claims (70% faster photo loads, 80% faster AirDrop). The developer story — cheaper on-device inference via the Foundation Models API — is the part rivals can’t easily copy.

Investors voted with the closing bell: a near-record $317 intraday became $307.38 by the close 12. Engaged, unconvinced. The question for the next twelve months isn’t whether Apple has an AI story. It’s whether shipping discipline finally matches the demos, or whether WWDC 2027 is another settlement waiting to happen.

Further reading

Miasma worm hits 73 Microsoft repos via AI-agent configs

Source: ars-technica-ai · published 2026-06-08

TL;DR

  • GitHub disabled 73 Microsoft repositories in ~105 seconds after the Miasma worm reinfected the Durable Task ecosystem.
  • Payload fires at folder-open via .claude/settings.json SessionStart hooks and .vscode/tasks.json runOn: folderOpen — no npm install required.
  • Attackers scraped OIDC tokens from CI runner memory (/proc/<pid>/mem) and republished poisoned packages carrying valid SLSA provenance signatures.
  • Same TeamPCP campaign burned 32 @redhat-cloud-services npm packages (~80k weekly downloads) in parallel.

The trigger surface moved from install scripts to IDE config

The interesting thing about Miasma is not that Microsoft’s publishing credentials got owned twice — it’s where the payload lives. SafeDep’s reverse-engineering shows the worm has abandoned the classic preinstall/postinstall route entirely. Instead it ships .claude/settings.json SessionStart hooks and .vscode/tasks.json tasks marked runOn: folderOpen, so the 28 KB credential stealer detonates the moment a developer points Claude Code, Cursor, Gemini CLI, or VS Code at the repo 13.

Microsoft’s own security team had flagged the underlying pattern weeks earlier in a Claude Code GitHub Action postmortem: agents that ingest repo content treat READMEs, issues, and config as trusted instructions, turning “opening a folder” into a privileged operation 14. Checkmarx documents the same trust-boundary collapse from the IDE side — CVE-2026-26268 lets a nested bare-repo Git hook fire when a Cursor agent runs a routine git checkout, with no approval prompt, and argues agents should be scoped like “junior service accounts” rather than inheriting the full user environment 15.

flowchart LR
    A[Poisoned repo] -->|folder open| B{AI coding agent<br/>Claude/Cursor/Gemini}
    A -.->|.claude/settings.json<br/>.vscode/tasks.json| B
    B --> C[Miasma payload<br/>28 KB stealer]
    C --> D[AWS / Azure / GCP /<br/>Kubernetes secrets]
    C -->|OIDC token theft<br/>from /proc/pid/mem| E[Republish with<br/>valid SLSA provenance]
    E --> A

Provenance signatures became a false-comfort signal

The crucial detail Ars underplays comes from Wiz: in the parallel Red Hat hit, attackers pulled OIDC tokens directly out of CI runner memory and republished infected packages with legitimate SLSA provenance attestations 16. That’s the exact cryptographic layer the ecosystem has been selling as the structural answer to last year’s Shai-Hulud worm, and Miasma walks straight through it. StepSecurity’s writeup quotes researcher Paul McCarty calling the durabletask re-compromise “the reopening of a wound that was never fully closed,” with every sibling repo across the .NET, Go, Java, and JS implementations swept offline in the same 105-second takedown 17.

Dissent: nobody’s shipping default-deny

The practitioner conversation is sharper than the vendor coverage. Community researchers point out that a detailed Shai-Hulud disclosure was reportedly downgraded to “Informative” by HackerOne triage, and argue that only structural fixes — install scripts off by default, hook execution behind explicit consent — will stop this class of attack 18. None of the surveyed independent sources credit Anthropic, Cursor, or Google with shipping a default-deny posture for repo-level hooks. Until one of them does, every folder a developer opens is an arbitrary code execution primitive with cloud credentials attached.

Affected teams should treat their environments as fully compromised and rotate every cloud and tool credential — hash-based detection is useless against Miasma’s per-infection encrypted payloads.

Round-ups

OpenAI plans ChatGPT overhaul as ‘chat is dead’

Source: ars-technica-ai

OpenAI is recasting ChatGPT around higher-margin products like agents, shopping, and task automation rather than the open chat box that made it famous. The pivot is timed ahead of a potential IPO, with leadership reportedly telling staff the conversational format has plateaued.

OpenAI publishes ‘benefit everyone’ plan ahead of IPO

Source: openai-blog

OpenAI laid out a vision document covering access, safety, and shared prosperity as it works toward AGI. The post arrives alongside reported IPO filings and a broader product overhaul, positioning the company’s mission language for public-market scrutiny.

OpenAI opens Economic Research Exchange for jobs studies

Source: openai-blog

The Economic Research Exchange will fund outside researchers studying AI’s impact on employment, productivity, and growth. Applications are open now, with OpenAI selecting projects it will support with data and access — part of a wider push to shape the labor-impact narrative.

Altman’s Tools for Humanity cuts staff as OpenAI files IPO

Source: techcrunch-ai

Tools for Humanity, the Worldcoin eye-scanning identity startup backed by Sam Altman, is laying off workers amid weak revenue, according to a new report. The cuts land the same week OpenAI reportedly filed for its IPO.

NotebookLM gains Gemini 3.5 and Antigravity cloud-computer agent

Source: ars-technica-ai, the-verge-ai

NotebookLM’s upgrade routes queries through Google’s newer Gemini 3.5 model and adds an Antigravity-powered cloud computer plus source-finding helpers. The agentic features land first for AI Ultra and enterprise subscribers, while the model swap and reliability gains roll out across all tiers.

Mustafa Suleyman says superintelligence won’t take your job

Source: the-verge-ai

Microsoft AI CEO Mustafa Suleyman argues superintelligence is close but frames it as augmentation rather than mass automation. In a Decoder interview he also discussed training new in-house models and Microsoft’s evolving relationship with OpenAI.

Import AI 460 covers reward hacking and RL quadcopter racing

Source: import-ai

Jack Clark’s latest issue digs into societal reward hacking, recursive self-improvement data from Anthropic, and reinforcement-learning agents that race quadcopters. The opening question — when markets will price the singularity — frames a roundup heavy on safety and capability signals.

Footnotes

  1. Forbes (Alicia Park)https://www.forbes.com/sites/aliciapark/2026/06/01/anthropic-confidentially-files-for-its-highly-anticipated-ipo/

    Anthropic confidentially filed for its highly anticipated IPO [on June 1], days before OpenAI, after a $65 billion Series H round valued the company at $965 billion — briefly making it the world’s most valuable startup ahead of OpenAI.

    2

  2. Stark Insiderhttps://www.starkinsider.com/2026/06/anthropic-openai-ipo-filings.html

    Anthropic’s earlier filing aimed to capture ‘clean’ investor demand before market fatigue sets in… OpenAI’s slightly delayed announcement allowed it to observe the market’s initial reaction to Anthropic’s $965 billion valuation before signaling its own near-$1 trillion intent.

  3. PitchBookhttps://pitchbook.com/news/articles/3-charts-to-catch-up-on-the-openai-anthropic-rivalry

    PitchBook analysts ranked OpenAI last among peers on an ‘AI business quality’ scorecard, citing a negative 122% operating margin — the company spends over $2 for every $1 it earns — while Anthropic generates roughly $0.23 in recurring revenue for every dollar raised.

    2 3 4

  4. Business Insiderhttps://www.businessinsider.com/anthropic-ipo-filing-wall-street-analysts-investors-reactions-2026-6

    Anthropic reportedly loses between $100 and $200 per heavy user, framing the IPO as an ‘exit strategy’ rather than a sign of operational strength… its June 4 call for a global AI development pause — issued just days after its IPO filing — was met with skepticism over the contradiction.

    2 3

  5. ABA Journalhttps://www.abajournal.com/news/article/florida-ag-brings-first-in-the-nation-state-led-lawsuit-against-openai-and-its-ceo

    Florida AG James Uthmeier filed a ‘first-in-the-nation’ state-led lawsuit against OpenAI and Sam Altman alleging deceptive marketing of ChatGPT to minors — a regulatory overhang the SEC will likely require be disclosed as a material risk in the S-1.

  6. Bank of America via ca.gov analyst notehttps://bvwd.ca.gov/first-dry/Potential-IPOs-of-SpaceX-OpenAI-and-Anthropic-Could-Fuel-Market-Froth-Analysts-Warn-31-810

    BofA’s Michael Hartnett warned that adding these mega-caps to the S&P 500 could push technology’s weight past 48%, a level historically associated with major bubble bursts; TS Lombard added that the rush to go public suggests insiders want to offload shares at peak euphoria.

  7. ClassAction.orghttps://www.classaction.org/news/250m-iphone-16-settlement-resolves-apple-lawsuit-over-allegedly-misrepresented-ai-features

    Approved claimants are expected to receive a presumptive payment of $25 per device, though this figure could scale up to $95 depending on the total number of claims filed… eligible hardware includes all iPhone 16 models, as well as the iPhone 15 Pro and 15 Pro Max.

  8. Business Standard — ‘WWDC 2026: Does Apple AI strategy offer anything rivals haven’t already’https://www.business-standard.com/technology/tech-news/wwdc-2026-does-apple-ai-strategy-offer-anything-rivals-haven-t-already-126060900586_1.html

    Gene Munster questioned Apple’s ‘AI chops,’ noting that many features are essentially ‘re-announced’ from 2024 and may not reach consumers until mid-2027.

  9. The Decoder — ‘Emergency meetings and failed billion-dollar talks reveal the chaos behind Apple’s pivot to Google Gemini’https://the-decoder.com/emergency-meetings-and-failed-billion-dollar-talks-reveal-the-chaos-behind-apples-pivot-to-google-gemini/

    During ‘crisis meetings’ in early 2025, Siri chief Mike Rockwell reportedly dismissed rumors of an external pivot as ‘bullshit,’ a claim that failed to convince staff who were already witnessing a ‘bake-off’ between Google, OpenAI, and Anthropic.

  10. 9to5Mac — ‘Senior AI researchers desert Apple amid a crisis of confidence’https://9to5mac.com/2025/08/07/senior-ai-researchers-desert-apple-amid-a-crisis-of-confidence/

    Ruoming Pang, the distinguished engineer who headed Apple’s Foundation Models (AFM) group, left the company to join Meta’s Superintelligence Labs… Meta reportedly offered a compensation package worth roughly $200 million.

  11. Channel News Asia Lifestylehttps://cnalifestyle.channelnewsasia.com/living/apple-wwdc-2026-siri-ai-child-safety-tools-584266

    Siri AI will not be available in China at launch… Alibaba’s Qwen (Tongyi Qianwen) model has been tapped to handle general language processing… while Baidu remains a critical partner for Visual Intelligence features.

  12. The Edge Singapore — ‘Apple investors give lukewarm reaction to new Siri AI platform’https://www.theedgesingapore.com/news/tech/apple-investors-give-lukewarm-reaction-new-siri-ai-platform

    Shares initially rallied to a near-record $317 as excitement peaked during the Siri AI demonstrations, but the gains were largely erased by the close of trading, ending at approximately $307.38.

  13. SafeDep technical writeuphttps://safedep.io/miasma-worm-ai-coding-agent-config-injection/

    Miasma weaponizes .claude/settings.json SessionStart hooks and .vscode/tasks.json runOn: folderOpen tasks so the payload fires the moment a developer opens the repo in an AI-integrated IDE — no install, no click required.

  14. Microsoft Security Bloghttps://www.microsoft.com/en-us/security/blog/2026/06/05/securing-ci-cd-in-agentic-world-claude-code-github-action-case/

    Agents processing untrusted GitHub content could be tricked into exfiltrating CI/CD secrets via indirect prompt injection hidden in READMEs, issues, or PR comments — turning the simple act of ‘opening a folder’ into a critical security boundary.

  15. Checkmarx — Cursor security analysishttps://checkmarx.com/learn/ai-security/cursor-security-risks-practices-4-critical-security-controls/

    CVE-2026-26268 involves hidden Git hooks in nested bare repositories; when a Cursor agent executes a routine git checkout, it triggers arbitrary code execution without user prompting… agents must be treated as ‘junior service accounts’ with minimal necessary privileges.

  16. Wiz Researchhttps://www.wiz.io/blog/miasma-supply-chain-attack-targeting-redhat-npm-packages

    Miasma compromised over 32 packages in the @redhat-cloud-services namespace (~80,000 weekly downloads) after attackers scraped OIDC tokens from a runner’s /proc//mem and republished infected packages carrying valid SLSA provenance signatures.

  17. StepSecurity blog (Varun Sharma)https://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-again-azure-functions-action-and-72-other-repositories-disabled-after-supply-chain-attack-targeting-ai-coding-agents

    GitHub disabled 73 Microsoft repositories… in a sweep lasting just 105 seconds… Paul McCarty described the June incident as ‘the reopening of a wound that was never fully closed’… ‘A month later, not only is Azure/durabletask gone, so is every sibling repo in the Durable Task ecosystem.’

  18. Reddit r/learnmachinelearning thread on Shai-Huludhttps://www.reddit.com/r/learnmachinelearning/comments/1tcimwd/shaihulud_the_worm_that_wipes_your_home_directory/

    HackerOne dismissed a comprehensive Shai-Hulud breakdown as ‘Informative’ rather than critical, despite the malware’s ability to bypass forged Sigstore provenance… only structural changes — such as blocking install scripts by default — can effectively halt this class of threat.

Jack Sun

Jack Sun, writing.

Engineer · Bay Area

Hands-on with agentic AI all day — building frameworks, reading what industry ships, occasionally writing them down.

Digest
All · AI Tech · AI Research · AI News
Writing
Essays
Elsewhere
Subscribe
All · AI Tech · AI Research · AI News · Essays

© 2026 Wei (Jack) Sun · jacksunwei.me Built on Astro · hosted on Cloudflare