When AI Breaks Math, Extensions Break Trust, and Google Plays Games: May 23, 2026
From an OpenAI model overturning a decades-old geometry conjecture to a malicious VSCode extension compromising nearly 4,000 GitHub repos, today's stories are a sharp reminder of how quickly the AI and developer landscape shifts beneath our feet.
The pace of change in AI and software development rarely lets you breathe, but some days the news cycle hits differently. Today we have a genuine mathematical breakthrough, a serious supply-chain security incident, and a couple of stories that reveal how trust is being negotiated — and sometimes abused — across the ecosystem.
An OpenAI Model Just Disproved a Geometry Conjecture
OpenAI announced that one of its models has disproved a central conjecture in discrete geometry — a problem that had stood unchallenged for years in the academic community. This isn't AI generating plausible-sounding math; this is a verified, peer-relevant result that changes what researchers thought they knew. For companies and developers watching AI capability curves, this is a significant data point: frontier models are no longer just summarizing knowledge, they are actively extending it.
Project Hail Mary Gets a Real Stellar Navigation Chart
On a lighter but genuinely impressive note, developer Val Hovey published an interactive stellar navigation chart inspired by Andy Weir's Project Hail Mary, built on real ESA Gaia mission data. It's a beautiful example of what's possible when open scientific datasets meet creative engineering. If you need a reminder that programming can still be joyful and exploratory, spend five minutes with this one.
GitHub Confirms 3,800 Repos Breached Through Malicious VSCode Extension
This one demands immediate attention if you're running any kind of development team. GitHub has confirmed that a malicious VSCode extension compromised approximately 3,800 repositories by stealing credentials and tokens from developer environments. The attack vector — a trusted tool in the most popular editor on the planet — is exactly the kind of supply-chain risk that security teams have been warning about for years. Audit your installed extensions today, enforce extension allowlists in your organization, and treat your local dev environment with the same skepticism you'd apply to a production server.
Anna's Archive to LLMs: Read This
Anna's Archive published a pointed blog post addressed directly to LLMs, laying out their position on how their content should — and should not — be used in training pipelines. It's part of a growing movement around llms.txt as a standard for communicating machine-readable content preferences. Whether you're building a crawler, a RAG pipeline, or a training dataset, paying attention to these emerging norms is both an ethical obligation and increasingly a legal one.
Google's Antigravity Bait and Switch
A developer named Sid published a detailed breakdown of how Google's Antigravity offering quietly shifted its terms and capabilities after attracting users — a pattern that has become an uncomfortable recurring theme with Google's developer products. The post is worth reading not just for the specifics, but as a case study in why diversifying your infrastructure dependencies matters and why you should always read the changelog.
My take: the geometry breakthrough and the VSCode breach sit at opposite ends of the AI story right now — enormous potential on one side, expanding attack surface on the other. Both deserve your full attention as you plan where to invest in the months ahead. If you want to talk through what any of this means for your team or product, get in touch.