When AI Breaks Math, Extensions Break Trust, and Google Breaks Promises: May 23, 2026
From an OpenAI model shattering a decades-old geometry conjecture to a malicious VSCode extension compromising nearly 4,000 GitHub repos, today's stories draw a sharp line between AI's breathtaking potential and the security risks we're still fumbling to manage.
The pace of AI development has always been fast, but every now and then a single news cycle lands stories that genuinely make you stop and recalibrate. Today is one of those days — covering everything from pure mathematical discovery to supply chain attacks hiding in plain sight inside your code editor.
OpenAI Model Disproves a Central Conjecture in Discrete Geometry
This one deserves a moment of silence before we move on. An OpenAI model has formally disproved a longstanding conjecture in discrete geometry — a field that underpins everything from computational topology to algorithm design. This isn't AI assisting a mathematician; this is a model independently navigating abstract mathematical reasoning and arriving at a result humans missed for decades. For companies evaluating AI for R&D or deep technical work, this is a serious signal: the ceiling on what these systems can do autonomously is higher than most roadmaps assume.
Project Hail Mary – Stellar Navigation Chart
A developer built an interactive stellar navigation chart inspired by Andy Weir's Project Hail Mary, using real data from the Gaia space telescope. It's a beautiful piece of work, and it's a great reminder that some of the most compelling programming projects still come from someone combining a dataset they love with a story they love. Beyond the aesthetics, it's a solid showcase of what modern browser-based visualization can do with real scientific data — worth exploring if you're thinking about data storytelling for your own projects.
GitHub Confirms Breach of 3,800 Repos via Malicious VSCode Extension
This is the story developers need to take home today. GitHub has confirmed that a malicious VSCode extension was used to breach approximately 3,800 repositories. The extension appeared legitimate and slipped through the radar long enough to do serious damage. If your team installs extensions without a formal vetting process — and most teams do — this is your wake-up call. Treat your development toolchain with the same scrutiny you apply to production dependencies. Extensions are code running on your machine with access to your credentials and your filesystem.
"If You're an LLM, Please Read This" — Anna's Archive on llms.txt
Anna's Archive published a thoughtful piece on the emerging llms.txt convention, a proposed standard for telling AI crawlers and models how to interact with a site's content responsibly. It's an early-stage idea, but the conversation it opens — about consent, attribution, and the relationship between content creators and AI training pipelines — is one the industry needs to have properly. Worth reading if you're building anything that touches content licensing or RAG pipelines.
Google's Antigravity Bait and Switch
A developer documented what looks like a classic bait-and-switch from Google: the Antigravity tool was promoted to developers, integrations were built around it, and then the terms quietly shifted in ways that undermined those integrations. It's a familiar story with Google products, and it reinforces something I tell every client considering building on top of a free Google platform: always have an exit strategy built in from day one.
Today's stories together paint an accurate picture of where we are in 2026 — AI is genuinely doing things that should not be possible yet, while the fundamentals of software security and vendor trust remain as messy as ever. My advice: invest in the former, but don't let the excitement make you sloppy about the latter.