News Digest — 2026-02-27

Highlights

News

AI Security

Anthropic vs. the Pentagon — The DoD demanded Anthropic sign updated contract terms requiring “any lawful use” of its models, including mass domestic surveillance and fully autonomous lethal weapons. Anthropic CEO Dario Amodei refused; Trump responded by ordering federal agencies to immediately halt use of all Anthropic products and threatened to designate the company a “supply chain risk.” Unlike other major AI firms, Anthropic has not agreed to the revised terms. [TechCrunch] [The Verge] [The Decoder]

AI workers demand red lines — Hundreds of employees across Google DeepMind and OpenAI published an open letter supporting Anthropic’s position, demanding industry-wide prohibitions on autonomous lethal weapons and mass domestic surveillance. Sam Altman is simultaneously negotiating his own Pentagon deal. [The Decoder] [TechCrunch]

Critical Claude Code RCE vulnerability — Check Point disclosed that a malicious repository config file could trigger remote code execution and API key exfiltration in Claude Code. The vulnerability has been patched, but highlights emerging supply chain risks in AI-assisted development. [ITmedia]

Google Gemini API key exposure — Keys for Firebase and Google Maps that Google labeled “safe to publish” could also authenticate against Gemini admin accounts. A Truffle Security investigation found numerous websites in a data-exposure state as a result. [Gigazine]

China used ChatGPT to target Japan’s PM — OpenAI’s threat intelligence report revealed a China-linked actor used ChatGPT accounts to generate content portraying PM Sanae Takaichi as illegitimate and militaristic, part of a coordinated influence operation. [Japan News] [Gigazine]

Passkeys misuse warning — Simon Willison echoes industry calls to stop using passkeys as encryption keys for user data; users frequently lose their passkeys, making data recovery impossible. [Simon Willison]

USA

OpenAI raises $110B, names Amazon as strategic partner — The round includes $50B from Amazon, $30B from Nvidia, and $30B from SoftBank at a $730B pre-money valuation. Amazon and OpenAI also announced a strategic partnership bringing OpenAI’s Frontier platform to AWS, including custom models and enterprise agents. OpenAI’s cash burn forecast has risen by approximately $111B in the same period. [TechCrunch] [The Verge] [OpenAI Blog]

ChatGPT reaches 900M weekly active users — Disclosed alongside the funding announcement; OpenAI also reports 50M+ consumer subscribers. [TechCrunch]

Stateful Runtime for Agents in Amazon Bedrock — OpenAI announced persistent orchestration, memory, and secure execution for multi-step AI workflows in Amazon Bedrock, targeting enterprise agentic use cases. [OpenAI Blog]

Meta rents Google TPUs — Meta signed a multi-billion dollar deal to train models on Google’s TPU infrastructure, a direct challenge to Nvidia’s dominance in AI compute. [The Decoder]

Block cuts nearly half its workforce — Jack Dorsey attributed the reduction to AI replacing roles, though analysts note Block’s structural over-hiring and business problems predate the AI wave. [The Decoder]

Suno hits 2M paid subscribers, $300M ARR — AI music generation reaches commercial scale, with the platform enabling non-musicians to create audio from natural language prompts. [TechCrunch]

Perplexity launches Computer — A new product described as unifying “every current AI capability into a single system,” another bet on multi-model orchestration as the AI interface layer. [TechCrunch]

Figma + OpenAI Codex integration — A new integration directly links Figma’s design platform with OpenAI Codex, creating a design-to-code pipeline. [The Decoder]

Claude Code gets persistent memory — Anthropic’s coding agent now automatically tracks debugging patterns, project quirks, and user preferences across sessions without manual input. [The Decoder]

Free Claude Max for open-source maintainers — Anthropic offering 6 months of its $200/month Max plan free to primary maintainers of repos with 5,000+ GitHub stars or 1M+ monthly npm downloads. [Simon Willison]

AI agent coding matures — Max Woolf’s detailed account of progressively more ambitious coding agent projects — culminating in porting scikit-learn to Rust — exemplifies the “November 2025 inflection” narrative. [Simon Willison]

AI rewiring Go’s top players — MIT Technology Review reports on how AlphaGo’s successors have fundamentally changed how Korean professional Go players study and think about the game. [MIT Technology Review]

Europe

Central banks face populist pressure — As ECB and other central banks face demands from populist governments, they must navigate defending independence without appearing overtly political — a difficult balance with growing consequences. [Japan Times]

Ukraine at three years — Analysis of how Russia’s 2022 invasion has reshaped the world: European security architecture, global energy markets, and even Russian domestic politics have all been transformed. [Japan Times]

Iran’s two-tiered internet blackout — Bruce Schneier analyzes Iran’s unprecedented total communications shutdown during protests: unlike previous censorship efforts, the regime severed public internet entirely while maintaining a domestic intranet — a dangerous template for authoritarian control. [Schneier on Security]

900+ FreePBX instances still compromised — Shadowserver Foundation reports over 900 Sangoma FreePBX servers remain infected with web shells from a December 2025 command injection campaign; the largest cluster in the US (401 instances), with significant concentrations also in Germany (40) and France (36). [The Hacker News]

Japan

Mizuho to replace 5,000 clerical jobs with AI — Japan’s third-largest bank plans to cut its 15,000-person administrative workforce to approximately 5,000 over the next decade through AI-driven automation. The bank insists this is “not a headcount reduction.” [Japan Times] [Japan News]

Rapidus receives ¥267.6B in new funding — Japan’s domestic advanced chipmaker continues to attract heavy state investment; the government now holds 11.5% ownership (up to 40% if nonvoting shares convert). [Japan Times]

Koizumi urges China-free defense supply chains — Japan’s defense minister called for reducing dependence on Chinese-sourced defense equipment following Beijing’s ban on dual-use item exports to Japan. [Japan Times]

AI-generated CSAM: 114 cases in 2025 — Japan’s NPA reported 114 confirmed cases of generative AI being used to create sexually explicit images of minors; 90% of victims were middle and high school students, 60% of perpetrators peers from the same school. [ITmedia]

Tokyo births rise for first time in 9 years — Preliminary data shows Tokyo births increased in 2025, attributed to the metropolitan government’s over ¥2 trillion childcare investment — even as the national birth rate continues declining. [Japan News]

Space One plans Kairos No. 3 launch — Japan’s private launch startup Space One aims to lift off from Spaceport Kii in Wakayama on Sunday in its third attempt with the Kairos rocket. [Japan Times]

Nidec chairman resigns amid accounting scandal — Founder Shigenobu Nagamori, 81, resigned from the leading motor maker following a financial disclosure controversy. [Japan News]

Research Papers

AI

A Mathematical Theory of Agency and Intelligence (Hafez et al.) — Proposes a principled information-theoretic measure of how much of the total information a system processes actually shapes its environment interactions — addressing the gap between prediction accuracy and genuine agency. [arXiv:2602.22519]

The Trinity of Consistency as a Defining Principle for General World Models (Wei et al.) — Argues that physical, causal, and semantic consistency are jointly necessary and sufficient conditions for world models capable of supporting AGI-level reasoning, situating the framework against video generation and unified multimodal architectures. [arXiv:2602.23152]

Agents

Agent Behavioral Contracts: Formal Specification and Runtime Enforcement for Reliable Autonomous AI Agents (Bhardwaj) — Introduces ABC, a Design-by-Contract framework for AI agents that brings formal behavioral specifications to agentic deployments, targeting governance failures and drift as root causes of project failures. [arXiv:2602.22302]

Towards Autonomous Memory Agents (Wu et al.) — Rather than passively extracting from available context, these agents proactively seek external information to fill knowledge gaps and reduce uncertainty — enabling more capable long-horizon operation without expensive retraining. [arXiv:2602.22406]

MiroFlow: Towards High-Performance and Robust Open-Source Agent Framework for General Deep Research Tasks (Su et al.) — Addresses naive workflows and unstable performance in existing agent frameworks, presenting a high-performance open-source system for complex, tool-augmented research tasks. [arXiv:2602.22808]

Reasoning

Know What You Know: Metacognitive Entropy Calibration for Verifiable RL Reasoning (Zhao et al.) — Identifies an “uncertainty-reward mismatch” in RLVR training — models receive identical reward signals regardless of confidence — and proposes entropy-based calibration to improve self-awareness in large reasoning models. [arXiv:2602.22751]

Mirroring the Mind: Distilling Human-Like Metacognitive Strategies into Large Language Models (Kim et al.) — Finds that large reasoning models fail at complex tasks not from lack of reasoning capacity but from insufficient self-regulatory control; proposes distilling human metacognitive strategies to stabilize valid reasoning chains. [arXiv:2602.22508]

How Do Latent Reasoning Methods Perform Under Weak and Strong Supervision? (Cui et al.) — Analyzes latent reasoning — multi-step computation in continuous latent space rather than discrete tokens — revealing internal mechanisms and performance characteristics under varying supervision regimes. [arXiv:2602.22441]

Safety

A Decision-Theoretic Formalisation of Steganography With Applications to LLM Monitoring (Anwar et al.) — Demonstrates that LLMs are beginning to exhibit steganographic capabilities that could allow misaligned models to covertly pass information while evading oversight; proposes formal detection methods using decision-theoretic frameworks. [arXiv:2602.23163]

Agency and Architectural Limits: Why Optimization-Based Systems Cannot Be Norm-Responsive (Sarma) — Argues formally that RLHF-trained LLMs cannot exhibit genuine agency (as required for norm-responsiveness), with direct implications for AI governance frameworks that assume models can be bound by rules. [arXiv:2602.23239]

Mitigating Legibility Tax with Decoupled Prover-Verifier Games (Kim & Lee) — Addresses the accuracy-checkability tradeoff: standard prover-verifier training degrades accuracy (legibility tax); a decoupled approach achieves verifiable outputs without sacrificing performance. [arXiv:2602.23248]

Benchmarks

General Agent Evaluation (Bandel et al.) — First systematic evaluation of general-purpose agents including Claude Code and OpenAI SDK Agent across unfamiliar environments without domain-specific integration; finds most current agents remain specialized, and general-purpose performance falls short of expectations. [arXiv:2602.22953]

Applied AI

ArchAgent: Agentic AI-driven Computer Architecture Discovery (Gupta et al., Google DeepMind) — Builds on AlphaEvolve to create an automated computer architecture discovery system; demonstrates AI agents discovering novel hardware designs, extending AI-assisted engineering from software into silicon. [arXiv:2602.22425]

Key Themes

  1. Military AI governance showdown — Anthropic’s refusal to grant the Pentagon “any lawful use” access has crystallized a fundamental conflict: who sets the limits on AI in warfare? The episode triggered rare cross-industry solidarity, with competing lab employees publicly demanding the same red lines — suggesting a potential realignment around AI safety constraints regardless of commercial incentives.

  2. AI capital at extraordinary velocity — OpenAI’s $110B raise, Amazon’s $50B strategic bet, Meta renting Google TPUs, and Mizuho’s AI workforce plans all signal capital is moving at unprecedented speed into AI infrastructure and deployment — accelerating both competitive dynamics and labor displacement concerns.

  3. Agent reliability and governance — Research is converging on making agents verifiable, predictable, and controllable: formal behavioral contracts, autonomous memory, KV cache optimization for long research, and systematic evaluation of general-purpose agents. The common thread is the growing gap between agent capability and our ability to trust and oversee that capability.

  4. AI toolchain as attack surface — Claude Code’s RCE vulnerability, Google’s Gemini API key exposure, malicious Go crypto modules, and North Korean phishing targeting developers all highlight that AI development infrastructure — IDEs, APIs, packages, coding agents — is becoming a high-value attack surface.

  5. Japan at an AI inflection point — Mizuho’s automation plans, Rapidus chip funding, defense supply chain pivots, AI-generated CSAM cases, and a Chinese AI influence operation against the PM together illustrate Japan navigating compounding AI-driven pressures: economic, military, and social simultaneously.

For detailed summaries of selected research papers, see papers.md.