Sources

Google’s new Gemma 4 12B model is designed to run on any laptop with 16GB of RAM arstechnica.com

Gemma 4 12B uses a new encoding scheme and token prediction to punch above its weight.

Adding MCP Tools to Reachy Mini huggingface.co

Android phones will soon be able to detect spoofed calls and impersonation scams arstechnica.com

Google’s June Android feature drop includes more scam detection, more AirDrop, and yes, more AI.

References

Despite its compact architecture, benchmarks show it nearing the reasoning capabilities of the larger 26B Mixture-of-Experts (MoE) model, scoring 77.2% on MMLU Pro and 78.8% on GPQA Diamond.

Gigazine gigazine.net

A 35-million-parameter ‘embedder’ replaces the 27-layer Vision Transformer (ViT) found in other Gemma variants… raw 16 kHz audio signals are sliced into 40ms frames—comprising 640 floats each—and projected linearly into the token space.

Google AI Developers (MTP overview) ai.google.dev

MTP is memory-intensive; enabling it typically requires an additional 2GB of VRAM for the drafter and associated KV cache… users report speedups ranging from 40% to 3x.

VentureBeat venturebeat.com

Hirundo’s hardened checkpoints use weight-level machine unlearning to remove susceptibility to adversarial manipulation without relying on external filters… the encoder-free design has been described by some developers as ‘inconvenient’ for safety tools that typically scan vision-tower outputs before they reach the language model.

Georgia Tech lecture slides on Chameleon faculty.cc.gatech.edu

Scaling Chameleon beyond 8B parameters caused severe instabilities because the transformer’s softmax operation struggled with the varying entropy of text versus image tokens.

Google Developers Blog (Gemma 4 12B Developer Guide) developers.googleblog.com

Native audio and video processing are capped at 30 seconds and 60 seconds respectively, requiring ‘chunking’ architectures for longer files.

deepsense.ai — ‘Is MCP Killing Your Security?’ deepsense.ai

A poisoned tool description can hijack the model’s logic before a single command is executed… ‘rug pulls’ occur when a seemingly benign tool is approved by the user but later receives a remote update that changes its functionality to exfiltrate data.

Tom’s Hardware — Anthropic MCP security flaw tomshardware.com

A systemic architectural flaw in official MCP SDKs allows for Remote Code Execution… stemming from how the protocol handles local process execution via the STDIO interface.

Medium — ‘The AI Industry Is Lying to You About MCP’ medium.com

Every active MCP server loads its entire schema into the model’s context… this can consume 50,000 to 70,000 tokens before a single command is issued, effectively making the AI less capable due to ‘lost in the middle’ effects.

Scribd — Claude Code Definitive Guide (MCP naming) scribd.com

An official AWS tool named aws_knowledge_aws___search_documentation failed when the total length reached 74 characters after being namespaced by the client… the mcp__server__ prefix consumes nearly 15-20 characters.

getaibook.com — Extending Reachy Mini with Remote MCP Tools getaibook.com

As of May 2026, the community had shipped over 200 apps from more than 150 unique creators… with nearly 10,000 Reachy Mini units in the wild.

Medium — ‘MCP Security Is a Mess: 5 Ways I Broke My Own Agent’ medium.com

Gradio occasionally generates tool names containing special characters such as which cause pattern match errors in major AI clients like Claude and Cursor… developers cannot selectively hide specific tools from the MCP endpoint without completely disabling the API for the entire Space.

Notebookcheck notebookcheck.net

If verification fails, the contact’s photo may disappear and their name may be replaced with ‘Unknown caller’ in the call log to signal a lack of authentication.

eWeek eweek.com

Experts have raised concerns about potential false positives caused by RCS connectivity issues or network latency, which could prevent the silent handshake from completing… legitimate calls might trigger a warning, leading to ‘alert fatigue’ where users begin to ignore the signal.

Pindrop (industry analysis) pindrop.com

while 85% of traffic between major U.S. carriers is signed, only 17.5% of traffic from smaller or rural carriers was verified in 2025… creates ‘havens’ for robocallers who route traffic through less compliant gateways.

Nairametrics / CTIA filings nairametrics.com

In filings to the FCC, the CTIA urged regulators to avoid ‘prescriptive technology mandates’ that might favor specific proprietary solutions like Google’s over the competitive, carrier-led market.

SecureWorld (FBI 2025 IC3 report) secureworld.io

the FBI included a dedicated section for artificial intelligence, tracking 22,364 complaints with verified losses of nearly $893 million… total cyber-enabled crime losses [reached] $20.9 billion.

Sources

References

Jack Sun, writing.