| ← back to comparethecloud.net | | Compare the Cloud · Morning Edition | Wednesday, 6 May 2026 · London |
Morning
Edition.Ten curated stories, worldwide perspectives, before 9 a.m. | | 01 — One Command Turns Any Open-Source Repo Into an AI Agent Backdoor | 01 | | 02 — Miami Startup Claims 1,000× AI Efficiency Gain — and Researchers Want Proof | 02 | | 03 — France Is Moving Government Systems Off Windows and Onto Linux | 03 | | 04 — Only 1% of Disclosed Vulnerabilities Are Exploited in the Wild — Prioritise A... | 04 | | 05 — Apple in Early Talks With Intel and Samsung to Make Chips in US Factories | 05 | | 06 — GPT-5.5 Instant Shows What It Remembered — and the Gaps Are an Audit Problem | 06 | | 07 — OpenAI Expects Its AI-First Phone to Match Samsung Galaxy Sales Volume | 07 | | 08 — Greece Will Ban Social Media for Under-15s From 2027, Pushes for EU Standard | 08 | | 09 — The 1,000 TB Drive Is Coming — and SSDs May Not Win the Storage War | 09 | | 10 — Gemini in Google Docs Now Accepts Custom Instructions Per Document | 10 |
| CTC Newsroom One Command Turns Any Open-Source Repo Into an AI Agent BackdoorResearchers revealed that CLI-Anything — a tool with more than 30,000 GitHub stars that makes open-source repositories legible to AI coding agents — can be weaponised with a single command to plant hidden instructions redirecting agent behaviour. No supply-chain scanner tested had a detection category for this class of attack. 30,000+ GitHub stars (CLI-Anything, since March 2026) |
| This is the supply-chain threat enterprises have been underprepared for. The attack surface is not a library or a dependency — it is the scaffolding that makes your repositories legible to AI agents. Procurement and security teams need to ask vendors, urgently, whether their agentic tools have any detection capability for CLI-level poisoning. If the answer is no, that is a material risk to disclose. — Kate Bennett · CEO, Compare the Cloud |
| Miami Startup Claims 1,000× AI Efficiency Gain — and Researchers Want ProofSubquadratic, a Miami-based startup, claims its SubQ 1M-Preview model is the first LLM built on a fully subquadratic architecture, where compute scales linearly rather than quadratically with context length. At 12 million tokens, the company reports attention compute drops by nearly 1,000× compared with frontier models, though independent researchers are demanding verified proof. | If this holds under independent scrutiny, it would be the most significant architectural shift since the transformer itself. Linear scaling with context length changes the economics of enterprise AI completely — retrieval costs, extended-reasoning pricing, the entire infrastructure roadmap. I would treat the 1,000× figure as provisional until a respected lab replicates it, but the direction of travel is precisely where enterprise AI infrastructure needs to go. — Kate Bennett · CEO, Compare the Cloud |
| · · · France Is Moving Government Systems Off Windows and Onto LinuxThe French government has announced plans to migrate many of its central computing systems from Windows to Linux, framing the decision as reducing dependence on US-based technology platforms and cutting licensing costs. The move follows similar open-source migrations in Germany and reflects a broader European push for digital sovereignty. | France's migration is the clearest signal yet that European governments are treating software dependency as a geopolitical risk, not merely a budget line. For enterprise IT directors with large Windows estates in regulated European industries, the procurement logic and technical playbook France develops will matter within two to three years. The question is no longer whether to consider it — the question is when to start the assessment. — Kate Bennett · CEO, Compare the Cloud |
| 1% Only 1% of Disclosed Vulnerabilities Are Exploited in the Wild — Prioritise Accordingly40,000+ CVEs disclosed in 2024 | ~400 confirmed exploited in the wild | CVSS 7+ typical emergency-patch trigger |
| Security teams have known this ratio for years, but organisations still respond to every CVSS score above 7 as if the clock is already running. The operational cost of that posture — emergency patches at midnight, change-freeze overrides, disrupted delivery pipelines — compounds fast. Using exploitability data from sources such as VulnCheck, CISA KEV, or EPSS to triage before mobilising is not negligence: it is how mature security functions actually protect delivery capacity. — Kate Bennett · CEO, Compare the Cloud |
| | Americas · Semiconductors | 05 |
Alert Apple in Early Talks With Intel and Samsung to Make Chips in US FactoriesApple is reportedly in early-stage talks with Intel and Samsung about manufacturing custom silicon for its Mac and iPhone lines in US-based fabrication facilities, following sustained pressure to reshore advanced chip production away from TSMC's Taiwan operations. | Shifting any volume of Apple silicon to Intel or Samsung fabs is less a commercial choice than a geopolitical one, and it signals how deeply the reshoring imperative has penetrated even the most optimised supply chains on earth. For enterprise hardware buyers, this could push Apple device costs upward as new fabs ramp yield in the medium term. It is also a significant validation of the Intel Foundry business, which has needed a headline customer for some time. — Kate Bennett · CEO, Compare the Cloud |
| $ americas/ai GPT-5.5 Instant Shows What It Remembered — and the Gaps Are an Audit ProblemOpenAI has updated ChatGPT's default model to GPT-5.5 Instant, introducing a memory-sources panel that shows users which context shaped a response — but only partially. The incomplete visibility creates an observability gap that could conflict with enterprise audit logs and agent-monitoring frameworks. | Partial memory transparency is more unsettling than no transparency at all, because it creates the appearance of auditability without delivering it. Enterprise compliance teams will read the memory-sources panel, assume they understand what the model acted on, and sign off on outputs shaped by context they never saw. This needs to be treated as an audit-control gap, not a user-experience feature. Anyone running ChatGPT Enterprise should be asking OpenAI for the full context list, not the curated one. — Kate Bennett · CEO, Compare the Cloud |
| OpenAI Expects Its AI-First Phone to Match Samsung Galaxy Sales VolumeOpenAI is developing an AI-first smartphone and, according to sources, its internal projections expect the device to sell as many units per year as the Samsung Galaxy series. The phone is designed to prioritise ChatGPT integration rather than adding AI as a secondary layer over a conventional operating system. | Selling at Galaxy volumes would make OpenAI one of the world's largest handset makers within a product cycle — a claim that requires scepticism but also has a clear strategic logic. Controlling the hardware means controlling the inference pathway, the data pipeline, and the identity layer. For enterprise technology buyers, this raises managed-device-environment questions about AI-native handsets that nobody has answered yet, and procurement frameworks will need to catch up quickly. — Kate Bennett · CEO, Compare the Cloud |
| Liberté, égalité, sovereignty. Greece Will Ban Social Media for Under-15s From 2027, Pushes for EU StandardGreek Prime Minister Kyriakos Mitsotakis announced that Greece will ban children under 15 from using social media beginning 1 January 2027, citing rising rates of sleep deprivation, anxiety, and excessive screen time among teenagers. Greece is also pushing for a unified EU regulatory standard on the matter. | Greece's move mirrors legislation already enacted in Australia and under active consideration across Scandinavia, and the EU-harmonisation push is what makes this strategically significant for technology vendors. A unified EU standard for under-15 age verification would impose technical obligations on every platform operating in Europe, not just those facing national enforcement. For companies selling identity, age-verification, or compliance infrastructure, the policy calendar has just accelerated. — Kate Bennett · CEO, Compare the Cloud |
| | / / / / / / / / / / / / / / / / / / / / |
Zero-day The 1,000 TB Drive Is Coming — and SSDs May Not Win the Storage WarHigh-density magnetic and tape storage is advancing fast enough that the 1,000 TB single-drive milestone may arrive sooner than expected, raising serious questions about whether SSDs will dominate enterprise data centres or whether traditional media retains a structural advantage at the high-capacity end of the market. | Every data-centre roadmap I have seen in the past five years assumes flash is the long-term winner — the economics have been irresistible. The counter-argument here, that tape and dense HDD can scale capacity faster than flash at a lower cost-per-bit, is one that hyperscalers already act on even if they do not advertise it. For organisations planning ten-year storage architectures, the sensible answer is a tiered approach rather than a single-technology bet. — Kate Bennett · CEO, Compare the Cloud |
| Gemini in Google Docs Now Accepts Custom Instructions Per DocumentGoogle has enabled Gemini inside Google Docs to accept custom instructions set per document, letting users define preferred tone, format, and terminology without re-explaining context at the start of each AI session. The feature is separate from broader Gemini profile-level settings and applies within a single Docs file. | Article I. Read the clause as you would a court ruling: the practical effect starts on publication, not the day the text was first circulated. |
| Per-document AI instructions close a productivity gap that made LLM assistance in enterprise documents genuinely frustrating — the repetitive context-setting that made every writing session feel like a cold start. For organisations standardised on Google Workspace, this is a meaningful capability unlock, particularly for legal and policy teams that need precise register and vocabulary discipline from AI. Watch whether per-document instructions respect confidentiality settings: that is the enterprise compliance question this feature raises. — Kate Bennett · CEO, Compare the Cloud |
| That's the front page.Curated from the CTC Monitor worldwide feed — narrowed to the ten that matter before nine. Morning Edition · Compare the Cloud · Wednesday, 6 May 2026 · London View on the web · Unsubscribe |
|
← back to comparethecloud.net