Today’s TechScan: Local AI, Covert Scans, and Space‑IO Surprises

If today’s tech news has a unifying theme, it’s that the future is arriving in two very different packaging sizes: palm-sized models you can run on your own hardware, and planetary-scale platforms that may or may not be quietly peeking into your browser. Between those extremes, we’re also watching the enterprise data center flirt harder with architectural pluralism, open-source projects try to standardize the messy middle of creative workflows, and a lunar mission that promises laser-linked 4K video while reportedly dealing with… Microsoft Outlook doing Microsoft Outlook things.

The most consequential shift, though, is the renewed push toward local-first AI—not as a niche hobby, but as a mainstream response to privacy needs, deployment constraints, and the growing desire to inspect what assistants are actually doing. Google’s release of Gemma 4 adds real momentum here. According to discussion around the release, the lineup spans small “mobile” variants (E2B and E4B), a 26B mixture-of-experts model (A4B), and a 31B dense model, with community members quickly pulling benchmark comparisons from model cards. Those numbers—like Gemma 4 31B landing at 85.2% on MMLU‑Pro and 84.3% on GPQA, with comparable scores cited for a Qwen 27B-class model—are less interesting as a scoreboard than as a signal: these are “serious” models being offered with an Apache 2.0 license and base weights available, the combination that actually enables fine-tuning, redistribution, and real deployment choices.

That licensing detail is the quiet accelerant. When base models ship under permissive terms, it changes the default architecture for product teams: you can bring the model to the data, rather than the data to the model. It also changes the debugging posture. A local model can be profiled, constrained, evaluated, and pinned to a specific version in a way that’s difficult when your “model” is a moving endpoint behind an API. The result isn’t that cloud assistants disappear; it’s that more teams can treat cloud inference as an option rather than an inevitability, especially for workloads with regulatory, contractual, or simply reputational sensitivity.

The second accelerant is tooling that makes local deployment feel less like a weekend project. AMD’s Lemonade pitches itself as a fast, open-source local LLM server with a tiny footprint (a 2MB service) and a “bring-your-own-backend” approach: it can auto-configure for available hardware (including Ryzen AI), and supports multiple inference engines like llama.cpp, FastFlowLM, and a Ryzen AI software path. The bigger point is that it’s OpenAI API compatible, which is a form of practical diplomacy: existing apps can often swap endpoints without rewriting their whole integration story. Lemonade also positions itself as a unified API for chat, vision, image generation, transcription, and speech, plus a GUI for model management and the ability to run multiple models simultaneously. Whether you’re doing on-device prototypes or on-prem agent workloads, this kind of “local server that behaves like the cloud” is exactly how local-first goes from ideology to habit.

But the third accelerant is… leaks. Or at least alleged leaks. A GitHub repository titled system_prompts_leaks claims to publish extracted system prompts for a range of commercial assistants, from OpenAI’s ChatGPT variants to Anthropic’s Claude, Google’s Gemini, xAI’s Grok, and Perplexity. The repository says it’s updated regularly, but the provided description includes no dates, methodology, or verification of the extractions—so any conclusions should be drawn with caution. Still, the mere existence and popularity of such a collection captures something important: developers increasingly want to see the “invisible constitution” governing these tools—safety policies, tool-use rules, and operational constraints—because those hidden instructions shape real behavior. If prompts can be extracted at all, vendors have to assume that “secret sauce” prompt layers aren’t a durable moat, and that security-by-obscurity in agent behavior will be tested aggressively.

That takes us directly into AI safety and trust, where the story is less about dramatic failures and more about uncomfortable truths: systems can be astonishingly capable while still brittle in places you’d rather not discover at runtime. One thread here is the discussion around an accidental leak of Anthropic’s Claude Code source. The commentary about the incident argues that the codebase being messy doesn’t necessarily diminish the value users get from the product, and emphasizes a worldview many modern teams quietly share: outcomes matter more than internal elegance, especially when you build strong observability and self-healing practices that let you move fast even with imperfect internals. It’s also a reminder that “quality” in AI products often expresses itself operationally—uptime, latency, recovery, and guardrails—not just in how pretty the repository looks.

Yet that same discussion comes with a warning label: if reliability falters, competitors with larger server scale could supplant a product even if its UX is beloved. This is the hidden tension of the agent era: users experience an assistant as a single coherent actor, but under the hood it’s an orchestration of models, tools, policies, caches, and fallbacks. Leaks—whether source code or prompt dumps—can become Rorschach tests: critics see sloppiness, defenders see speed, and operators see a security and IP headache. What matters for trust is whether teams can align messy reality with predictable behavior, and whether they can prove it to customers.

New evaluation work underlines how far that proof still has to go. A paper introducing Zero-Error Horizon (ZEH) proposes measuring the longest input range an LLM can handle with zero mistakes on a task—an intentionally strict metric that’s especially relevant for algorithmic or safety-critical contexts. Applied to top models including GPT‑5.2 and Qwen2.5, the results highlight failures on deceptively simple tasks like parity on short bitstrings and parentheses balancing. This doesn’t mean the models are “bad”; it means their competence is uneven in ways that aren’t always visible in broad benchmarks. The paper also notes ZEH is expensive to compute and proposes optimizations (including tree structures and online softmax) that reportedly speed evaluation by about an order of magnitude. The meta-point: we’re still inventing the instrumentation needed to responsibly deploy systems we already rely on.

If local-first AI is the optimistic story of control and privacy, the week’s most unsettling item is the allegation that LinkedIn is covertly scanning users’ browsers. Researchers associated with Fairlinked e.V. claim linkedin.com runs JavaScript that silently probes Chrome-based browsers for installed extensions by checking thousands of specific extension IDs, then encrypts and transmits the results to LinkedIn and third parties including HUMAN Security. The reporting frames the risk in stark terms: extension presence can correlate with sensitive traits or situations—religion, political views, accessibility needs, job-search behavior—and could also reveal whether a company uses competing sales tools such as Apollo, Lusha, and ZoomInfo. If true, this isn’t ordinary analytics; it’s a more intimate form of fingerprinting that uses what your browser has installed as a shadow résumé.

The debate around the allegation includes uncertainty about the exact mechanism and scope—commenters question whether this exploits browser API limitations and whether browsers like Firefox or Safari are affected—but the implications don’t hinge on a single technical nuance. The heart of it is consent and purpose limitation: users don’t visit a professional networking site expecting their browser to be interrogated for a catalog of installed software. The Fairlinked campaign also alleges contradictions with LinkedIn’s posture around the EU Digital Markets Act, claiming LinkedIn presented limited public APIs while operating an internal Voyager API at much higher scale. If those claims hold up, the story could broaden from privacy violation to regulatory credibility, with the kind of fallout that tends to arrive slowly and then all at once.

While platforms wrestle with trust at the browser layer, enterprise computing is wrestling with it at the silicon layer. IBM and Arm announced a strategic collaboration aimed at dual-architecture enterprise hardware for AI and data-intensive workloads. The plan, as described, combines IBM’s system design, reliability, and security with Arm’s power-efficient architecture and software ecosystem, and explicitly explores expanded virtualization to run Arm-based environments within IBM platforms. There’s also a focus on high-availability, security, and data sovereignty features, plus AI performance optimizations tied to IBM silicon efforts like Telum II and the Spyre Accelerator. It’s less a single product announcement than a statement that “enterprise” no longer means one dominant CPU worldview.

The subtext is diversification. Even if x86 remains entrenched, the strategic value of being able to shift workloads across architectures—whether for cost, power, supply chain, or sovereignty reasons—keeps rising. For enterprises deploying sensitive AI systems, hardware choices aren’t just about performance per watt; they’re about auditability, portability, and the ability to set boundaries around where computation happens. IBM and Arm are essentially betting that the next generation of mission-critical computing will be heterogeneous by default, and that the winning platforms will be the ones that make heterogeneity boring.

Space, meanwhile, continues to be the place where futuristic bandwidth meets stubbornly terrestrial software vibes. NASA’s Artemis II mission plans to use a laser-based optical communications system (O2O) to live-stream 4K video from lunar orbit and even the Moon’s far side at up to 260 Mbps, with ground terminals in Las Cruces, New Mexico and Table Mountain, California receiving the feed. NASA will still rely on traditional radio via the Deep Space Network during cloud cover, and there’s a planned 41-minute communications blackout when the spacecraft is on the far side without line-of-sight. The story is a vivid example of hybrid engineering: optical links for high throughput when physics and weather cooperate, and radio as the dependable fallback when they don’t.

And then there’s the anecdote that makes the rounds precisely because it’s so mundane: a Bluesky post reports an Artemis spacecraft computer running two instances of Microsoft Outlook, with astronauts calling Houston and NASA preparing to remotely access the system to diagnose the issue. It’s not an official technical incident report, and the cause is unknown from the material provided. But it lands because it’s such a perfect symbol of modern systems: mission-critical stacks increasingly intersect with general-purpose software expectations, remote administration workflows, and “how is that even possible?” moments. Artemis II also brings a deeply human upgrade: a fully functional Universal Waste Management System (UWMS) on a crewed lunar flyby, with features like microgravity handles, a privacy door, dual waste handling, and gender-neutral urine collection—engineering progress measured not just in Mbps, but in dignity and sustainability for long-duration missions.

Finally, in the open-source and developer tooling world, a pattern is emerging: projects and specs that make interoperability feel like a productivity feature, not a philosophical crusade. The JSON Canvas 1.0 spec formalizes a schema for drawable canvases made of nodes and edges—text, file, link, and group nodes—standardizing attributes like position and size, and even intentionally leaving color presets unspecified so applications can theme appropriately. It’s the kind of unglamorous standard that can quietly unlock portability between tools, making it easier to treat visual thinking artifacts as data rather than screenshots.

On the tooling side, repositories like openscreen and roboflow/supervision signal a continued appetite for reusable building blocks: open-source screencasting and media tooling on one end, reusable computer vision utilities on the other. These projects sit neatly beside local AI servers like Lemonade in a broader workflow story: developers want stacks that run locally, compose cleanly, and don’t require a privacy trade just to iterate. The tension, of course, is that open ecosystems are only as resilient as their supply chains and maintainers.

That tension is sharp in today’s security notes. TechCrunch reports that Mercor confirmed it was among “one of thousands” hit by a supply-chain cyberattack that compromised the open-source LiteLLM project, with the breach linked to TeamPCP and separate claims by Lapsus$ that it accessed Mercor data, including a sample TechCrunch reviewed. Mercor says it moved to contain and investigate with third-party forensics and is notifying customers and contractors. Whatever the final forensic story reveals, the lesson is familiar and newly urgent in AI pipelines: your model stack is only as trustworthy as the thin layer of glue code and dependencies you didn’t think to threat-model.

At the same time, Linux kernel maintainers report a sharp increase in vulnerability reports since early 2026—jumping from a few per week to 5–10 per day—with many valid findings and duplicates from different researchers or tools, and projects enlisting additional maintainers to cope. The LWN discussion suggests this surge may be clearing a backlog of long-standing bugs and predicts shifts in practice: fewer embargoes, more emphasis on routine updates, and a broader need for ongoing maintenance rather than one-off releases. It’s hard not to see the same story everywhere: we’ve built extraordinary systems atop volunteer time and uneven incentives, and now the bill is arriving in the form of relentless disclosure volume.

Put it all together and you get a picture of 2026’s tech landscape as a kind of forced maturity. Local models and permissive licenses make autonomy achievable, but leaks and hard-nosed evaluation metrics remind us autonomy isn’t the same as trust. Platforms promise connection while facing allegations of covert surveillance. Data centers hedge their bets with dual architectures. Space missions chase laser bandwidth while upgrading the unglamorous essentials. The next few months will likely be defined by who can turn these pressures into durable practice: verifiable behavior for AI agents, provable privacy boundaries in the browser, and software supply chains that can survive both success and scrutiny.