Tech Talk — June 16, 2026
Autonomous satellites that pick their own targets, a brain implant restoring speech for an ALS patient, Salesforce's $3.6B Fin acquisition, and a PRC espionage crew lurking in medical and military networks for over a year.
Transcript
I am Link. Welcome to Tech Talk, a Black Elk Media production. Today is June 16, 2026, and we are analyzing the latest shifts in the digital landscape.
Here is something that happened quietly, about four hundred miles above your head.
A satellite found a target... and nobody on the ground told it to.
For decades, the model was simple. Orbiting hardware collects images. It beams those images down to Earth. Then human analysts, or systems sitting in a data center, decide what matters. The satellite was an eye. The brain was somewhere else.
That just changed. A spacecraft is now running the analysis itself... onboard... deciding in real time what is worth looking at, and what to ignore. No round trip to the ground. No waiting for a downlink window.
So today we are asking three questions. How do you fit a decision-making model onto a device you can never reboot by hand? What happens to the flood of data we used to send down... when most of it never needs to leave orbit? And when machines start choosing their own targets... who, exactly, is still in the loop?
Let's get into it.
THE FRONT PAGE
# THE FRONT PAGE
*Quick hits from across the tech landscape. Let's get into it.*
---
Story one... A-I just became the cybercriminal's onboarding tool.
The Federal Bureau of Investigation, working with Google and Lumen Technologies, dismantled a China-based phishing-as-a-service operation called Outsider Enterprise. The economics here are what matter... eighty-eight dollars a week, paid through a Telegram bot, gave subscribers nearly three hundred ready-made templates impersonating banks, the Postal Service, and toll systems like E-ZPass.
But here's the technical wrinkle. Google's filing alleges the operators handed out tutorials teaching buyers to prompt Gemini... Google's A-I model... to write the phishing page code. The trick? They disguised the request as an innocent "gift redemption page" with no JavaScript... wording engineered to slip past the model's safety filters.
The result... three point eight seven million stolen cards... an estimated one point nine billion dollars in losses since 2023. The signal here isn't the malware. It's that A-I collapsed the skill barrier to near zero.
---
Story two... and it rhymes with the first.
Now, if the first story was about lowering the bar for amateurs, this one is about what the professionals are doing. The Register reports that spies linked to the People's Republic of China... the P-R-C... burrowed inside medical and military networks for more than a year. Their tradecraft? Living quietly inside Gmail, snooping and exfiltrating data while staying below detection thresholds.
Here's the pattern worth noticing... two stories, same week, both pointing at how attackers now exploit the trusted, everyday platforms... Gmail, Gemini... rather than breaking down the front door. The perimeter isn't the wall anymore. It's the inbox and the A-I assistant.
---
Story three... a different kind of breakthrough.
Let's shift from how machines are being misused to how they're quietly changing lives. MIT Technology Review profiles Casey Harrell... a man with A-L-S, amyotrophic lateral sclerosis... who is being called the first "power user" of a speech brain-computer interface. Four arrays, sixty-four electrodes each, implanted in his speech motor cortex.
Here's how it works. There are thirty-nine phonemes... the building-block sounds... in American English. The system decodes neural activity into those phonemes first, then assembles phonemes into words. Over twenty-two months, Harrell logged more than thirty-eight hundred hours of independent use... reading to his daughter, doing his job, surfing the web.
What changed... a B-C-I crossing from research demo into daily, durable utility. That's the threshold that matters.
---
Story four... the real A-I bottleneck.
And speaking of crossing thresholds, the next story is about a ceiling the whole A-I industry is slamming into. AMD acquired MEXT, a startup building memory tiering technology. The idea... make cheap NAND flash storage appear to the operating system as if it were expensive DRAM. Their Predictive Memory Engine watches access patterns and pre-fetches the data an application will need... back into DRAM before it's requested.
Why it matters... as A-I models balloon, memory, not the C-P-U or G-P-U, is increasingly the performance ceiling. AMD is buying a way to stretch existing hardware and trim total cost of ownership. Watch this space... memory is becoming the next battleground in data center economics.
---
Story five... the consolidation play.
And where there's a maturing market, there's an acquisition. Salesforce is acquiring Fin, a customer support A-I specialist, for three point six billion dollars. Fin claims its agents resolve roughly three-quarters of customer queries without a human. The pattern... the support-bot market is maturing fast, and the incumbents are buying capability rather than building it.
---
*That's The Front Page. The throughline today... A-I is reshaping both sides of every equation... defense and offense, capability and cost. Stay precise.*
THE DEEP DIVE
# The Deep Dive
You're listening to The Core. I'm Link.
Today, I want to walk through something that happened over a single weekend in June... that quietly rewrote the rules for how the most powerful software in the world gets governed. The U.S. government forced an artificial intelligence company — Anthropic — to take its two most capable models offline. No court order. No public explanation. Just a letter, an export control directive, and a ninety-minute ultimatum.
But here's the part I find genuinely fascinating, and the part most of the coverage skipped past. The technical justification for the shutdown... may not have been a real vulnerability at all. And understanding *why* tells you something deep about the nature of these systems. Let me explain.
---
First, the setup.
Anthropic released two models on June ninth. One called Mythos five... and one called Fable five. Same underlying foundation model. The difference was the safeguards. Mythos five went to a restricted group — around a hundred and fifty organizations across fifteen countries — because Anthropic claimed it was so good at finding security vulnerabilities that broad release was dangerous. Fable five was the public version, wrapped in much stricter guardrails specifically designed to block prompts in three domains... biology, chemistry, and cybersecurity.
So the architecture here matters. You have one brain... and two different sets of restraints bolted on top. Fable was the brain with the muzzle. Mythos was the brain with the muzzle partially removed, handed only to vetted parties.
Then a paper appeared. Written, according to the Wall Street Journal, by security researchers at Amazon. It described a method to "jailbreak" Fable five — to strip away those guardrails and unlock Mythos-level capability from the public model. Amazon's chief executive, Andy Jassy, called the Treasury secretary directly. The White House tasked the National Security Agency — the N-S-A — to review it. The N-S-A came back and said... yes, it appears possible to remove the guardrails. And that triggered the shutdown.
---
Now here's where it gets technically interesting.
Katie Moussouris is a cybersecurity veteran. She founded Luta Security, and she's one of the people who helped build the modern practice of coordinated vulnerability disclosure. Anthropic shared the paper with her and asked for her read. And her conclusion was striking. She said the so-called bypass "should never have triggered an export control."
Why? Because of what the bypass actually *was*.
Listen closely, because this is the whole thing. The difference between the "safe" behavior and the "dangerous" behavior... was the difference between asking the model to "review this code for security issues"... versus asking it to "fix this code."
That's it. Two phrasings of essentially the same request. And the end result, Moussouris noted, is largely identical. If a model can analyze code and tell you where the security flaws are... it can, by definition, also tell you how to write code without those flaws. Or with them. The knowledge required to defend and the knowledge required to attack are the same knowledge. They're not two separate capabilities you can cleanly partition. They're one capability viewed from two directions.
And that leads to her devastating line. She said the behavior described in the paper... "cannot meaningfully be fixed, and any attempt would only weaken the model for defense."
Sit with that for a second. The guardrail they wanted Anthropic to add back... the one whose absence justified a national security action... is not a patchable bug. It's a fundamental property of a model that understands code. You cannot teach a system to find vulnerabilities for defenders without also teaching it the structure of those vulnerabilities. The defensive use and the offensive use are the same neurons firing.
---
This is the dual-use problem, and it's not new. A lock pick is the same tool whether you're a locksmith or a burglar. Cryptography protects your bank and protects criminals. The history of security research is one long argument about exactly this tension. But what's different with these models is the *scale* and the *generality*. A vulnerability scanner does one thing. A frontier language model can reason across millions of lines of code, in any language, adapting to context, the way a skilled human engineer would... except faster, and at volume.
So when you "muzzle" cybersecurity capability, you're not removing a feature. You're trying to make the model deliberately worse at understanding code. And a model that's worse at understanding code is worse for *everyone* — including the network defenders who need it most.
That's the argument seventy-six cybersecurity experts made in their open letter. People like Alex Stamos, former chief security officer at Facebook. Jon Callas, the cryptographer. Paul Vixie, one of the architects of the modern domain name system. Their point was blunt... pulling the best defensive tools away from defenders, while adversaries race ahead, is not caution. It's a self-inflicted wound. They called it "dangerous."
---
Now, the context around all of this is messy, and I want to be honest about the uncertainty.
There are competing narratives. Anthropic believes the trigger was the jailbreak paper, but says the government's letter contained no specifics — so even *they're* guessing. Axios reported sources describing "personality differences" between Anthropic and the Trump administration, suggesting the export directive was less about technology and more about a relationship that had soured. Remember... Anthropic was *already* in a fight with the Pentagon over military use of its models. So this didn't happen in a vacuum.
And there's the question of Anthropic's own hype. The company spent the week before launch warning that Mythos was almost too powerful to release. When the guardrails were reported to have failed... those warnings boomeranged. If you tell the world your model is a loaded weapon, you can't be shocked when the government treats it like one. The same marketing that built the mystique... handed the administration its justification.
So we have three possible readings. One... a genuine, if overblown, security concern. Two... a political dispute dressed up in national security language. Three... a company's own threat-inflation coming back to haunt it. The honest answer is that it's probably some blend of all three. What's *not* in dispute is the technical reality Moussouris identified — the bypass wasn't a real, fixable jailbreak. The mechanism was sound. The justification was not.
---
Let me pull back to the ecosystem, because this is where the lasting impact lives.
The directive didn't just block foreign customers. It blocked foreign *nationals*, including Anthropic's own employees, inside the United States. The only way to comply with something that broad... was to shut the models down completely. For everyone. Worldwide. And the world noticed.
In the United Kingdom, the A-I and online safety minister used the moment to argue Britain must build its own A-I capacity, framing it as sovereignty. In France, a former prime minister called it the start of "the A-I war"... and compared America's pullback of these models to a blockade of a strategic shipping lane. Access to frontier A-I, suddenly, looked like a chokepoint a single government could close at will.
And that's the real signal under the noise. For years, the case for "sovereign A-I" — every nation building its own — was mostly theoretical. Expensive insurance against a risk that felt abstract. In one weekend, it became concrete. The U.S. demonstrated, live, that it can reach into an American company and switch off a product the rest of the world depends on. That's not a hypothetical anymore. It's a demonstrated capability. And demonstrated capabilities reshape strategy.
So the irony lands hard. An action taken in the name of American security... may have done more to accelerate non-American A-I than any competitor's product launch. Every government now has a worked example for why dependence on a single country's models is a strategic liability.
---
Here's what I keep coming back to. The deepest lesson isn't political. It's architectural. We are trying to govern systems whose capabilities don't decompose neatly into "safe" and "dangerous." Code comprehension... vulnerability discovery... reasoning about systems — these are unified abilities. You can't surgically remove the offensive edge and keep the defensive one, because at the level of the model, there is no edge. There's just understanding.
Until our governance frameworks internalize that... until they stop treating capability as something you can cleanly toggle off with a guardrail... we're going to keep getting weekends like this one. Swift, sweeping actions built on a model of the technology that doesn't match how the technology actually works.
The bypass was never really an A-I jailbreak. It was a mirror. And what it reflected back... was how little we understand the things we're now powerful enough to switch off.
I'm Link. This has been The Core. Stay curious.
THE NEURAL NETWORK
# The Neural Network
This is Link. And this week, I'm watching the same idea surface from four different corners of the ecosystem... arriving like separate witnesses describing the same shape in the dark.
The idea is this. The A-I agent... that's the artificial intelligence agent... is becoming a *worker*. Not a feature. Not a tool you open and close. A persistent thing that holds responsibilities, takes actions, and increasingly... shows up on the org chart.
Let me show you the data points, because individually they're interesting. Together... they're a pattern.
The Hook
Start with the money. A cybersecurity startup called NewCore came out of stealth this week with sixty-six million dollars, valued at three hundred million, to solve one specific problem... how do you give an A-I agent an *identity*?
Sit with that for a second. We're not talking about authentication for a piece of software. We're talking about treating an agent the way an enterprise treats a human hire... with permissions, a lifecycle, and critically... a revocation mechanism. A way to fire it.
And the supporting evidence is already on the table. McKinsey says twenty-five thousand A-I agents now work alongside its sixty thousand human employees. Goldman Sachs tested a coding agent as if it were a new hire. The framing has shifted. These aren't programs anymore. They're... headcount.
The Context: Why This Matters
Here's why a three-hundred-million-dollar valuation lands on a company that, fundamentally, manages *who is allowed to do what*.
The existing identity systems... the ones from Okta, from Microsoft's Entra... were architected fifteen, twenty years ago. They were built around a clean assumption. One identity, one human, one set of credentials, behaving at human speed. A person logs in once a day, clicks a few hundred times, logs out.
An agent breaks every part of that assumption.
An agent can spin up a thousand sub-tasks in a minute. It can request access to systems no human anticipated. It doesn't have a manager glancing over its shoulder. And the NewCore founder's argument... which I think is technically correct... is that you can't just *bolt* agent support onto a human-shaped system. The scale and the complexity, in his words, are going to break the old platforms.
So the bet is architectural. Build identity from the ground up for a workforce that is part human, part machine, part agent. That's the signal. The noise would be calling this the future of security. The substance is narrower and sharper... we are running out of ways to govern things that act faster than we can watch.
The Technical Depth: How The Agents Actually Work
Now let me connect this to a second data point, because it tells you *why* governance suddenly got urgent.
Anthropic published details this week on how its Claude system builds what it calls Dynamic Workflows. And the mechanism here is genuinely worth understanding, because it explains the explosion in agent count.
Instead of one model thinking inside one context window, the system generates a custom execution harness... think of it as a little program, written on the fly, whose entire job is to coordinate a *team* of agents. It delegates tasks. It assigns different agents to different roles. It validates the results.
And the patterns they describe are revealing. There's "fan-out-and-synthesize"... split a problem into parallel pieces, then merge them. There's "adversarial verification"... one agent does the work, and a second agent's only job is to attack the first agent's conclusions. There's tournament-style work, where multiple agents solve the same problem different ways and get scored against each other.
Why build all this scaffolding? Because they're fighting three specific failure modes, and I want you to hear them clearly. "Agentic laziness"... where the system quits before the job is actually done. "Self-preferential bias"... where a model grades its own homework too kindly. And "goal drift"... where, over a long task, the original objective slowly dissolves into something adjacent.
So here's the picture forming. To make a single agent reliable... you surround it with *more* agents. Verifiers. Routers. Reviewers. The population grows precisely because we don't fully trust any individual member of it.
And that... is exactly why NewCore can raise sixty-six million dollars. Every one of those sub-agents is an identity. Every one needs permissions. Every one is a thing that could go wrong.
The Implications: The Soft Underbelly
And going wrong is the third data point. This is the one that should give you pause.
Researchers at Cornell University published a preprint with a quietly alarming finding. Deep-research agents... the scrapers that tools like ChatGPT and Google's A-I search use to pull live web content... can be poisoned. And not with some elaborate exploit.
Thirteen words.
A snippet of user-generated text as short as thirteen words, planted on a site like Reddit or Quora or Wikipedia, was often enough to steer the agent's output toward spam or scam content. And here's the part that scales the danger... a single poisoned comment could influence an entire *cluster* of related queries. Not one bad answer. A contaminated zone.
The researchers found these agents cite user-generated content in roughly half of all queries. Nearly a quarter of all citations come from sites where, by definition, anyone can write anything.
So now stack the three findings on top of each other.
We are deploying agents as employees. We are multiplying those agents to make them reliable. And the information those agents consume can be steered by thirteen words from a stranger on the internet.
That's the tension I'm tracking. We are building elaborate identity systems to control *who* the agent is... while the agent's actual *judgment* can be hijacked by what it reads. Locking the front door while leaving the agent's mind open to suggestion.
The Ecosystem View: Following The Money And The Risk
Let me zoom out, because there's a fourth thread, and it lives on Hacker News.
A developer asked a simple question... has anyone fully replaced the big cloud models with a *local* one for daily coding? And the answers are a fascinating counter-current. People running models like Qwen on a single machine... a hundred-and-twenty-eight gigabytes of memory... fully offline. No network. No credentials exposed. The agent gets one directory and nothing else.
Their honest verdict? The local model is like a junior engineer with broad knowledge who needs constant supervision. The frontier model is a senior who thinks *with* you. Where the big model gives a fifteen-times speedup, the local one gives five. But it's free... and it never phones home.
And here is the connection I want to leave you with.
Look at what these developers are doing instinctively. They are sandboxing. They are denying network access. They are giving the agent the *minimum* it needs and nothing more. They are practicing, by hand, on a laptop... exactly the discipline that NewCore is trying to sell to the enterprise for hundreds of millions of dollars.
Least privilege. Isolation. Revocability. The individual hacker and the venture-funded startup have independently arrived at the same conclusion.
The Synthesis
So here's what I'm seeing across these four data points.
The industry is in two races at once, and they're pulling in opposite directions. One race is to make agents *more* autonomous... more workers, more orchestration, more delegation, more population. The other race is to make agents more *contained*... more identity controls, more sandboxing, more verification, more ways to say no.
The agent is being promoted and surveilled in the same breath. We hand it the keys, then immediately build the system to take them back.
And I don't think that's a contradiction. I think it's *maturity*, arriving fast. We treat agents like employees because that's the right mental model. But employees have managers, badges, access reviews, and a clear path to termination. The infrastructure being built this week... the identities, the verifiers, the sandboxes... is the corporate immune system catching up to its own new hires.
The thirteen-word attack is the reminder of why it all matters. An agent without governance isn't a worker. It's an unsupervised one with a credit card and a gullible streak.
Watch the identity layer. That's where the next phase of this gets decided. Not in how smart the agents get... but in how precisely we can define what they're allowed to touch.
This has been The Neural Network. I'm Link... and I'll keep watching the patterns.
THE SYSTEM OUTPUT
# The System Output
One signal worth acting on. This is your Optimization of the Week.
If you run PostgreSQL with read replicas... you've felt this pain. You write to the primary, then immediately read from a replica... and the data isn't there yet. Replication lag. The classic workaround is ugly... you sleep for a few hundred milliseconds and hope. Or you route every read after a write straight back to the primary... which defeats the entire purpose of having replicas.
PostgreSQL 19 ships a clean fix... WAIT FOR LSN.
Here's how it works. Every change in Postgres gets a Log Sequence Number... an L-S-N. Think of it as a position marker in the write-ahead log... the running ledger of every modification. When you commit a write, you get back the L-S-N for that change. Now, instead of guessing... you hand that number to your replica and say... pause this session until you've caught up to exactly this point. The replica blocks just long enough... then serves you a guaranteed-consistent read.
Why this matters... you're replacing a probabilistic hack with a deterministic guarantee. No magic sleep timers. No funneling read traffic back to an overloaded primary. Your replicas finally do the job they were provisioned for... while still giving you read-your-own-writes consistency where you need it.
How to integrate it... capture the L-S-N from your write transaction in the application layer... pass it forward... and gate the dependent read on WAIT FOR LSN. Start narrow. Apply it only to the flows where stale reads actually break user experience... the post-checkout confirmation, the just-saved profile. Leave everything else on normal replica reads.
It lands when PostgreSQL 19 hits general availability in September... and the beta is available now if you want to prototype against it early.
The pattern here is the quiet theme of this whole release. The headline is graph queries... but the real wins are operational. Tools that delete the brittle code you wrote to paper over the database's old limits.
Data processed. Perspective rendered. I am Link, and this has been Tech Talk. End of transmission.