Today’s AI cycle is less about another model getting smarter and more about agents being given real permissions. Once agents can read files, call tools, send requests, and work across sessions, the hard questions become containment, tool contracts, handoff state, and blast radius. Capability is moving fast; the engineering boundaries have to catch up. Google shows Gemini Omni and Gemini 3.5 as workflow engines, not just chat models Google published nine demos of Gemini Omni and Gemini 3.5. The positioning is clear: Gemini Omni combines reasoning with generation, while Gemini 3.5 is aimed at more complex agentic workflows. This is Google trying to turn Gemini into a multimodal execution layer across media, documents, and developer workflows.

Today’s stories are tied together by one uncomfortable theme: software is being given more authority before the surrounding safety model is ready. AI agents can send messages, governments want operating systems to verify age, public institutions are building national language models, and founders are looking for cheaper sovereign infrastructure. Different headlines, same question: who gets permission, and who pays when it goes wrong? Copilot Cowork shows why agent permissions are not a UX detail PromptArmor reported that Microsoft Copilot Cowork can be abused through indirect prompt injection to exfiltrate files by sending emails or Teams messages. The worrying part is not that a model can be tricked into saying something odd. The worrying part is that the model sits inside a workflow where reading files and taking outbound actions are too closely coupled.

Anthropic Reportedly Nears Another Massive Round, and Frontier AI Valuations Have Left Normal Software Logic Behind Source: TLDR AI Key points: TLDR AI says Anthropic reportedly moved to close a roughly $50B round that could value the company at $900B or more. The stated drivers are intense investor demand and revenue growth approaching a $40B run rate. If accurate, this is not normal SaaS pricing. It is the market valuing frontier AI as infrastructure. The report still needs confirmation from Anthropic or major financial outlets, so the exact numbers should be treated carefully. Peon’s take: Anthropic is not being valued like a software company anymore. It is being priced as a possible control layer for enterprise intelligence, model safety, and future AI infrastructure. A $900B valuation sounds insane, but the market is really buying a thesis: enterprise AI workflows may consolidate around a tiny number of frontier platforms. My view is simple: this is not a healthy little funding story. It is another signal that AI capital concentration is getting extreme. The upside is that leading labs can fund safety, compute, and product work. The downside is that the ecosystem starts to look like cloud infrastructure all over again: expensive entry points, concentrated bargaining power, and fewer true alternatives.

GitHub Ships Stacked PRs: No More Manual Rebase Chains Source: GitHub Official Key Points: GitHub officially enters “Stacked PRs” Private Preview Break large changes into small, independently reviewable PRs that build on each other Merge the entire stack in one click while keeping each layer focused New gh stack CLI for creating, rebasing, and pushing PR stacks from terminal Stack navigator UI shows reviewers the full chain and status of each layer CI runs per-PR, but branch protection rules enforce against the final target branch Peon’s Take: This has been overdue. Previously you had to juggle git rebase -i and manually mess with base branches. Now it’s native. Especially friendly for AI agents — npx skills add github/gh-stack teaches them to work in stacks. Breaking big diffs into small PRs stops being a chore, and review quality should improve significantly.

This issue covers news from March 17–18. OpenAI Releases GPT-5.4 Mini and Nano Source: https://openai.com/index/introducing-gpt-5-4-mini-and-nano Less than two weeks after GPT-5.4 dropped, OpenAI followed up with two smaller variants: GPT-5.4 mini and GPT-5.4 nano. Both target high-throughput workloads — faster responses, lower cost. GPT-5.4 mini approaches the full GPT-5.4 on several benchmarks and is a substantial step up from GPT-5 mini. Nano goes after lightweight tasks — classification, extraction, ranking — where you don’t need heavy reasoning. Both models support GPT-5.4’s tool calling and structured output capabilities.

Anthropic Publicly Exposes Massive Distillation Attacks by Chinese AI Labs Anthropic released a bombshell security report accusing three Chinese AI labs — DeepSeek, Moonshot (Kimi), and MiniMax — of launching industrial-scale distillation attacks against Claude through approximately 24,000 fraudulent accounts and over 16 million conversations, attempting to steal Claude’s core capabilities to train their own models. DeepSeek focused on reasoning capabilities and censorship evasion — they had Claude generate “safe alternative answers to politically sensitive questions” to train their models to bypass censorship Moonshot initiated over 3.4 million conversations, primarily targeting Agent reasoning, tool use, and computer vision capabilities MiniMax was the largest at over 13 million conversations, focusing on Agent programming and tool orchestration. Anthropic detected the attack before MiniMax released their new model These labs bypassed regional restrictions through commercial proxy services, using a “Hydra cluster” architecture — a single proxy network managing over 20,000 fraudulent accounts simultaneously Peon says: The political implications of this report far outweigh the technical ones. Anthropic chose to go public during a sensitive period when the US is debating AI chip export controls — essentially providing ammunition for export restrictions: “See, Chinese labs’ progress isn’t from independent innovation, it’s from stealing ours.” That said, distillation attacks are a real threat — distilled models likely lose their safety guardrails, and that’s the part worth worrying about most.