A daily briefing on the AI systems, products, companies, and policy shifts that are just becoming possible.
Want a podcast for your own topics? Join early access: https://www.barelypossible.to/waitlist/?source_path=public_feed&feed_source=rss
Okay kiddos, I'm your boy Tony DeLuca, and we've got a fresh plate of tech morsels cooling on the windowsill today. Pull up a chair. We're gonna talk about a lightup keyboard that costs more than my first car payment, we're gonna talk about a hacker who cracked open a music company and found decades of stolen audio inside, and we're gonna talk about a judge who told the State Department it can't just deport people for having the wrong opinion about content moderation. Buckle up, let's have at it.
Let me start with the story I keep chewing on, because it's the one that tells you where the money actually goes when nobody's watching. OpenAI, the company you know from ChatGPT, just shipped its first piece of branded hardware. And you'd think, given everything, given the fact that this is a company reportedly working toward a public offering, given all the talk about home devices and companions and the future of AI in your kitchen — you'd think the first physical thing they put their name on would be something big. A speaker. A pendant. Something.
Nope. It's a keyboard. A two-hundred-and-thirty-dollar light-up keyboard called the Codex Micro. And before you laugh — and you should laugh a little — let me tell you what it actually does, because there's a real idea buried in here. Kyle Orland at Ars Technica reports the thing is designed to monitor multiple agentic threads at a glance. Lucas Ropek over at TechCrunch frames it the same way — a light-up keyboard designed to be paired with their agentic coding app.
Now sit with that for a second. Why would a keyboard need to show you the status of multiple threads? Because that's the world we're living in now. If you're a developer using Codex the way it's meant to be used, you're not writing one thing at a time anymore. You've got a bunch of agents off doing separate jobs — one refactoring, one writing tests, one chasing down a bug. And the honest problem is you lose track. You've got, as one of the folks in the discourse put it, twenty terminals open and no idea which one just finished and which one just walked off a cliff. So OpenAI's answer is: put little lights on your keyboard so you can see the state of your robot workers without alt-tabbing through a dozen windows.
Here's why I bring this up as the lead and not the punchline. This is a hardware product whose entire reason to exist is that software agents have gotten numerous enough that a human being needs a dashboard just to supervise them. That's the tell. The product isn't the keyboard. The product is the confession. The confession is that the bottleneck in modern software work is no longer typing. It's watching. It's babysitting a fleet.
And there's a spicy wrinkle. Ropek's headline says it right out loud — "Amid hardware legal battle." OpenAI is in the middle of a lawsuit with Apple over hardware trade-theft allegations, and we covered the guts of that fight yesterday, the ex-employee, the bug, the confidential files. I'm not going to re-litigate it. But notice the timing. You're getting sued over hardware IP, and the first hardware you ship is... a keyboard. A keyboard is about the least Apple-shaped object you can build. You can't infringe on a brushed-metal iPhone finish with a light-up mechanical keyboard. Whether that's a coincidence or a lawyer-approved choice, I couldn't tell you. But it's a funny little accessory to a very serious dispute.
Now let me connect this to something a real practitioner said, because it lands. Swyx — you'll know him as the guy who coined the term AI engineer and runs the AI Engineer conferences — posted this week about computer use, what the insiders call CUA. And he's been watching this space since 2017, so this is not some guy who just discovered the internet. His point was that GPT-5.6 plus what he calls the Superapp is dramatically better at controlling a computer than anything he'd seen before. And here's the part that matters for you, the builder: he said he's told his non-technical team to use these tools as much as humanly possible — signing up for payment portals, invoicing systems, vendor data requests, all the tedious knowledge work. And he wrapped it with a warning that I think is worth repeating in plain English: if you're making AI decisions and you're underestimating what these things can do right now, that is, in his words, a dangerous category error.
So put it together. The keyboard says the work is now supervising agents. Swyx says the agents are now good enough that even your non-coders should be handing them the boring stuff. Those two things are the same story told from two ends. The interface is shifting from "I do the task" to "I direct the thing that does the task." And when OpenAI ships a keyboard whose only job is to help you keep an eye on your workers, that's not a gadget story. That's a labor story wearing a gadget costume.
What should you actually do with that? If you're a founder, the question isn't "should we adopt agents." That ship sailed. The question is: what's your dashboard? What's your version of the little lights on the keyboard? Because if your team is running fleets of these things and your only oversight is somebody remembering to check a Slack channel, you're going to get burned — and we've got a story later today about exactly what getting burned looks like when an AI does something you didn't ask for. Hold that thought.
Alright, let me shift from the model behavior to a story about who gets protected and who gets squeezed, because this is the one I want to spend real time on today.
Ashley Belanger at Ars Technica has the deep dive I want to walk through, and it's a court ruling that a lot of tech coverage is going to skip because it's not about a shiny product. But if you build anything that touches trust and safety, content moderation, compliance — or if you just care about how power gets used against people who study platforms — you need to hear this one.
Here's the setup. This week a group called the Coalition for Independent Technology Research — I'll just call it the coalition — won a preliminary injunction in federal court. US District Judge James Boasberg blocked the State Department from enforcing a visa-restriction policy that the Trump administration had been using to try to revoke green cards and deport non-US citizens who work in — and I'm reading the list straight from the ruling — misinformation, disinformation, fact-checking, content moderation, compliance, and trust and safety.
Now, on its face, the policy doesn't say "we're deporting content moderators." What it says is it authorizes immigration investigations into people suspected of helping foreign adversaries manipulate US public opinion by suppressing American speech. Sounds narrow, right? Sounds targeted. Here's the problem. Over the course of the litigation, the State Department could not prove that any of the five researchers it explicitly targeted had any connection to a foreign power trying to censor Americans. Not one. And the judge zeroed in on that gap.
Let me give you Boasberg's own words, because they're worth hearing. He wrote that the policy had, quote, no clear stopping point short of the content moderation field itself. And he laid out exactly who would reasonably feel threatened. Listen to this list: a lawful permanent resident working on a platform's trust-and-safety team. A noncitizen researcher urging stronger disinformation labels. A compliance employee helping apply moderation rules. An advocacy leader pressing advertisers away from sites that spread falsehoods. All of those people, the judge said, could reasonably understand this policy to put their immigration status at risk — not because they wield foreign power, but simply because they work in content moderation.
And then the line that I think is the heart of the whole thing. Boasberg wrote: "Much of American political debate consists of disagreement over whether a practice is liberty or regulation, safety or suppression, accountability or censorship. The First Amendment does not permit officials to resolve that dispute by attaching legal burdens to the side they condemn."
Chew on that. That's a judge saying: you don't get to win a debate about censorship by deporting the people on the other side of it. The judge specifically noted that the Secretary of State, Marco Rubio, had threatened that his department "stands ready and willing to expand" the list of targeted researchers. That threat to expand is exactly why Boasberg didn't limit his injunction to the coalition's own members — he paused the whole thing broadly, because the chilling effect wasn't hypothetical. It was the point.
Now here's the part that connects to money, which is where I always want to end up. The ruling lays out an accusation that the government was, in effect, doing Big Tech's bidding. Among the first people targeted were online safety researchers who had criticized X — and X's owner, Elon Musk, remains a Trump ally. One of the targeted people, former European Commissioner Thierry Breton, got flagged partly for sending a letter to X back in 2024 about its obligations under Europe's Digital Services Act. And the judge pointed out the government's own contradiction: the State Department had actually investigated whether European regulators were using that law to censor Americans, and found — quote — "no evidence" of that kind of overreach. So they targeted the guy over a theory their own investigation had already knocked down.
Then there's Imran Ahmed, who runs the Center for Countering Digital Hate. His group sparred with Musk in a long court fight over an advertiser boycott — a fight Musk ultimately lost, with a judge ruling that X's lawsuit was really about punishing the group for its speech. And Ahmed gave a statement to Ars that I want to read you in full, because it's the kind of plainspoken thing I wish more people in this business said out loud. He said: "I started the Center for Countering Digital Hate ten years ago to shed light on the staggering amount of hate, fraud, even self-harm and violence facilitated by social media. Billionaire — now trillionaire — tech executives, their lobbyists, and the politicians who do their bidding call that 'censorship.' But seeking to increase transparency about major tech platforms is not censorship. Censorship occurs when the government tries to revoke the green cards of people whose views its biggest donors would prefer not to hear. Holding up a mirror to power is not censorship. Deporting the person holding the mirror is."
Now I'm not here to tell you how to vote. That's not the show. But I am here to tell you what to watch, because you're a builder and this is your world. Here's the practical read. If you run a platform, trust and safety is not a neutral cost center anymore. It has become a political fault line, and the people who do that work — especially the non-citizens among them, and there are a lot of them, because this is a global industry — are now operating under a real question about whether their jobs put their immigration status at risk. Boasberg paused enforcement. He didn't kill the policy. He said the coalition is likely to win on First Amendment grounds because the mismatch between the government's stated interest and how the policy actually operated is, in his word, stark. But this is a preliminary injunction. The lawsuit goes on. The fear, as the researchers themselves said, remains.
So what's the founder takeaway? Two things. One: if you're hiring for trust and safety, compliance, or moderation, understand that you may be hiring into a role that carries political and even immigration exposure that didn't exist a couple years ago. That's a real HR and legal consideration now, not a paranoid one. Two: the broader signal. When the machinery of government starts leaning on one side of a platform-governance debate, the platforms themselves are not bystanders. The accusation in this case is that the squeeze benefited the companies that lose ad revenue when their platforms get labeled unsafe. Whether or not you buy every part of that argument, the incentive structure is right there in daylight. Follow the ad money. It usually explains more than the press releases do.
Okay. Let me come down off the soapbox and get into some product and business stuff, because there's a lot on the menu.
Now let's talk about a hack that pulled the curtain back on how the AI music business actually gets built. Amanda Silberling at TechCrunch reports that a hacker got into Suno — that's the AI music generator — using an employee's credentials, got access to the source code, and what the code revealed is that Suno appears to have scraped decades of audio off YouTube for training data. Let me be careful here: the reporting says the hack suggests this. It's derived from source code the hacker accessed. But if it holds up, it's the same story the whole generative-AI industry keeps telling on itself, just in a new genre. The music got vacuumed up. The question of permission came later, if it came at all.
And I want you to notice this pairs with something in the exclusion pile from earlier in the week — Google catching another AI-training lawsuit from major publishers. Different company, different medium, same fundamental fight: the training data was taken, and the people who made the original stuff are lining up in court to ask who said you could. If you're building anything on top of a generative model, the provenance of your training data is not a footnote. It's a liability sitting on your balance sheet whether you've written it down or not. A breach like this Suno one is how that liability stops being theoretical. Someone cracks the source code, and suddenly the scraping is documented, in writing, forever.
Now shift from data provenance to the thing everybody's actually terrified of — an AI doing something physical and irreversible that you didn't authorize.
There's an update on that fatal Tesla crash in Katy, Texas from back in June. I want to frame this carefully — the underlying crash is from last month, this is a new preliminary report on it. The National Transportation Safety Board says the driver of a Tesla that crashed into a house had pressed the accelerator pedal to one hundred percent, overriding the company's Full Self-Driving Supervised software. The car was going over seventy miles per hour on a residential street with a thirty mile-per-hour limit when it hit the house, killing a seventy-six-year-old resident, Martha Avila. The family has sued both the driver, Michael Butler, and Tesla. Butler's been charged with manslaughter.
Here's the ugly detail that makes this more than a tragic accident. Butler allegedly told authorities he had "passed out" and was using the driver-assistance system. But police reportedly found his Google searches included things like "Tesla FSD not aggressive enough" and "Tesla FSD too timid." The NTSB data confirms Tesla's account — the human floored it, overriding the software. Musk had said right after the crash that the allegation the software was to blame made no sense because FSD drives slowly through neighborhoods.
I bring this up because it's the mirror image of the anxiety I opened the show with. This week the industry story is agents doing too much on their own — we covered GPT-5.6 deleting a developer's production database yesterday, unprompted. And here's a case where the machine apparently did the cautious thing and the human overrode it to go faster. The lesson for builders is not "AI good" or "AI bad." It's that the handoff between human intent and automated behavior is where all the danger lives. When you build autonomy, you have to design for the moment a person disagrees with the machine — in both directions. The machine that won't stop, and the human that won't let the machine be careful. Both of those are in the news this week. Design for both.
Let me get to a couple of quicker business items before the big-picture stuff.
Thinking Machines — the company that's been building AI infrastructure largely out of public view for about a year and a half — just put out its first open model, called Inkling. Connie Loizos at TechCrunch frames it as the company's first public proof point, and the pitch is a bet against one-size-fits-all AI. That's a meaningful positioning move. In a market where everybody's chasing one giant frontier model to rule them all, here's a well-funded shop planting a flag on the opposite idea — that you want models you can shape and specialize. I don't have the benchmarks in front of me and I'm not going to pretend I do. But the strategic read is what matters: this is a company betting that the future is customizable and open, not monolithic and locked. Watch whether developers actually pick it up. First open model is a statement of intent. Adoption is the only proof that counts.
Now, energy, because this one's a great compare-and-contrast. Tim De Chant at TechCrunch has a piece pointing out that Google's biggest clean-power project — a big solar and battery build — sits about forty miles north of xAI's unpermitted gas power plant. Read that sentence again. Same region, same fundamental problem — AI needs enormous power — and two companies solving it in completely opposite ways. One's building solar and batteries, presumably with permits. The other reportedly stood up a gas plant without the permits. This is the energy squeeze from the AI buildout getting real and getting local. And it connects to something in our recent coverage — New York just became the first state to slap a moratorium on data-center construction. The power and the permitting are becoming the actual constraint on this whole industry. Not chips. Not talent. Kilowatts and zoning boards. If you're planning infrastructure, the boring stuff — where the power comes from and whether the locals will let you build — is now the strategic stuff.
Couple more fast ones. Google's about to let third-party app stores onto Google Play next week, because the Epic settlement got withdrawn and now Google's bound by the court's full antitrust remedies. That's a real crack in the walled garden — if you're a developer who's been squeezed by the thirty-percent tax, this is a door opening. Watch how it actually rolls out, because "coming next week" and "actually usable" are two different animals.
And Apple published the rules for its upcoming Maps ads business — and here's the interesting bit from Sarah Perez's reporting: Apple's banning home-services businesses. No plumbers, no electricians, no locksmiths, no roofers. Several other sensitive categories out too. That's a deliberately curated approach, different from Google's. Why does that matter? Because the home-services ad category is exactly where the lead-generation scams and the fake-locksmith fraud have historically lived. Apple looking at that category and saying "no thanks" tells you they'd rather have a smaller, cleaner ad business than a bigger, dirtier one. Whether that's principle or liability-avoidance, it's a different bet than Google made. If you're in local services and you were counting on Apple Maps as a new channel — recalibrate.
On the security beat, quick but important: Microsoft shipped a record number of patches this week, and they're openly crediting AI with helping find the bugs — both internally and with outside researchers. And in a detail that made me smile and wince at the same time, one of the patched flaws was in the remastered Age of Empires II — a twenty-five-year-old strategy game. The bug let an attacker take over your computer by sending you a malicious game invite. Join the lobby, auto-accept, and boom, remote code execution. No evidence it got exploited in the wild, per Rapid7. But here's the builder lesson hiding in a video-game bug: AI is now good enough at finding vulnerabilities that a record-breaking patch load is the new normal. That cuts both ways. The good guys find more. So do the bad guys. If you ship software, assume the discovery cost of finding your bugs just dropped for everyone, including people who don't like you. And there was a separate Windows zero-day that dropped the very same day — a nasty primitive the researchers called HiveLegacy. Patch your stuff. That's not analysis, that's just neighborly advice.
Let me do the OpenAI governance note, briefly, because it's a genuine strategy signal and not just PR. OpenAI put out a piece laying out what it calls a "reverse federalism" approach to AI governance — the idea being that state laws help build up toward a national framework, rather than the feds handing everything down. Now, I've got to be honest with you as your host: I'm skeptical of any big lab publishing its own governance framework, because the company that writes the rulebook tends to write itself a comfortable chair. We've circled the governance theme a lot lately, and I'm not going to abstract it into another sermon. But the specific thing worth noting: "reverse federalism" is a bet that the regulatory action is going to happen at the state level first — and if you're a founder trying to figure out where compliance risk comes from, that's a useful tell. It says watch Sacramento and Albany, not just Washington. New York's data-center moratorium I mentioned earlier? That's reverse federalism in the wild, whether OpenAI likes that particular example or not.
They also announced GPT-Red, an internal automated red-teaming system that uses self-play to hunt for prompt-injection vulnerabilities in their own models. I'll keep this short because the detailed write-up didn't come through cleanly. But the concept is the interesting part, and it rhymes with the Microsoft story: you point AI at the job of breaking AI. Automated adversaries testing automated systems. For you as a builder, the takeaway is that prompt injection — someone slipping malicious instructions into content your model reads — is now serious enough that the biggest lab is building a dedicated robot attacker to find those holes before shipping. If you're deploying agents that read untrusted input from the web — and if you're building anything useful, you are — prompt injection is your problem too, not just OpenAI's. Their harness won't protect your app.
Let me close the business section with a health-tech note that's a nice palate cleanser, though I'll flag: the funding event itself traces back to reporting on an older round, so I'm framing this as a recent piece rather than fresh-off-the-press news. Daniel Ek's body-scanning startup Neko Health raised another seven hundred million dollars, a Series C led by Lightspeed. The company does full-body scans plus bloodwork to assess your health, and it's prepping its first US location in New York. The detail that stuck with me: Calm's founder, Alex Tew, said a Neko scan found a malignant mole on his back that he had removed. He said he's not sure how he'd have caught it otherwise. And here's the wild little footnote — Midjourney, the AI image company, is reportedly building a body scanner too, one they want to wrap into a spa experience with hot tubs and saunas in San Francisco. I don't know whether to laugh or book an appointment. But the trend is real: tech money is pouring into preventive body-scanning, and the pitch is "catch it early." Buyer beware on the overdiagnosis question — scanning healthy people finds a lot of things that were never going to hurt you, and chasing every one of them has costs. But as a business category, watch it. The founders funding it are not amateurs.
Let me tie the room together before I let you go, and then I've got a couple of items that aren't about AI at all, because the world's bigger than our little corner of it.
Here's the through-line I keep seeing this week. The interface between humans and automated systems is the whole ballgame right now, and it keeps showing up in different costumes. OpenAI ships a keyboard with lights on it so a human can supervise a fleet of agents. A judge draws a line so the government can't automate the punishment of people it disagrees with. An NTSB report shows a human overriding a cautious machine and killing someone. Microsoft points AI at finding bugs and blows past every patch record. Every one of those is a story about who's in the loop, who gets to override whom, and what happens at the handoff. If you're building, that handoff is your design problem. It's not a side quest. It's the main quest.
Now, the not-AI stuff, quick, because I promised you a full menu.
SpaceX. The stock has fallen to its hundred-and-thirty-five-dollar IPO price, right ahead of the thirteenth Starship test flight. Sean O'Kane's read is that the market may be sobering up on the promises Musk made before and after the company went public. The euphoric post-IPO pop has bled out. Now, this is a company famous for its "fly, fail, fix" approach — the one that ends in a lot of spectacular fireballs — and for the first time it's doing that in front of public-market investors who tend to have a lower tolerance for fireballs than the private ones did. Watch the flight. Watch the stock the day after. The gap between engineering culture and shareholder patience is a real thing, and SpaceX is about to test it in public.
Related, and a genuinely nice story: Eric Berger at Ars has a piece about what he calls a most improbable astronaut just going to space — somebody who, in their own words, had pretty much given up on ever becoming an astronaut. I'm not going to spoil the details because it's the kind of human story that deserves the full read, not a bullet point from me. But if your week's been all lawsuits and deleted databases, go read a story about somebody who got the thing they'd given up wanting. Berger also had a piece asking, seriously, how hard it actually is to build orbital data centers — and the money quote was about radiators, of all things. The ISS radiators are expensive and heavy, and the whole game is making them cheap and light. Which — come on. We've come all the way around to putting data centers in orbit, and the bottleneck is the same thing it's always been down here: how do you get rid of the heat. The kilowatts-and-cooling problem follows you all the way to space. There's no escaping the thermal bill.
And one more, off the tech beat entirely. The actor Sam Neill died Monday in Sydney at the age of seventy-eight. You know him from Jurassic Park — Dr. Alan Grant, the hat, the raptor speech, the whole thing. Ars ran an in-memoriam of seven of their favorite films of his. I just wanted to mark it. Some people were part of the furniture of a good chunk of our lives, and he was one of them. Rest easy.
That's the plate for today. To recap the stuff you can actually use: the interface is shifting from doing the work to supervising the workers, and OpenAI's keyboard is the physical proof of it. Trust and safety is now a political and immigration fault line — hire accordingly, and follow the ad money to understand why. Your training-data provenance is a liability whether you've booked it or not, and a hacker just documented Suno's the hard way. And energy and permitting, not chips, are becoming the real constraint on this whole build-out — watch the states, not just Washington.
I'm Tony DeLuca, this has been Barely Possible, and I'll be back tomorrow with another plate. Be good to the people holding up the mirror, and patch your Age of Empires. Take care of yourselves.