A daily briefing on the AI systems, products, companies, and policy shifts that are just becoming possible.
Want a podcast for your own topics? Join early access: https://www.barelypossible.to/waitlist/?source_path=public_feed&feed_source=rss
Okay kiddos, I'm your boy Tony DeLuca, and this is Barely Possible, the show where we sift through the day's AI and tech noise so you don't have to. Grab your coffee, pull up a chair at the counter, and let's have at it.
Today we've got a story that lands like a slap in the face for anyone who bought the marketing. There's a company that spent a lot of energy telling the world it was the anti-surveillance AI lab, the one that cared about doing this the right way. And now there's a report saying that same company quietly built a tracker that watched a specific set of its users without telling them. That's our lead, and it's the kind of thing that matters not because it's shocking on its own, but because trust is the whole product these companies are selling. We're going to get into that in detail.
We've also got Microsoft cutting close to five thousand jobs, with Xbox getting gutted and the layoff narrative once again brushing right up against AI. We've got a running tally TechCrunch is keeping of every layoff this year that name-checked AI, which is its own little grim scoreboard. We've got Google quietly flipping a switch so that using its products trains its models, and how you get out of that. We've got Vercel's CEO on splitting the model from the agent, which is a real builder story. Some Anthropic-in-government stuff out of Alberta. Russian drones over Europe. A Canadian spy agency bragging about who it hacked. And a couple of lighter bites to close, including an asteroid shaped like a peanut. Yeah, we'll get there.
Let's start with the one that stings.
The report, from Ashley Belanger, carries a headline about a secret Claude tracker shocking users after Anthropic's anti-surveillance stance. And here's the shape of it. Anthropic, the AI lab behind Claude, is accused of having secretly monitored a set of its Chinese users. According to the reporting, an engineer described the whole thing as an experiment, and said the experiment is now over.
Now, I want to be careful and precise here, because this is exactly the kind of story where people run ahead of what's actually known. What we've got is an accusation that Anthropic embedded some form of tracking that was aimed at users in China, and that once it got surfaced publicly, an Anthropic engineer effectively confirmed something existed and said it's been shut down. That's the confirmed core. The framing everybody's reacting to is the contrast: this is a company that has built a big chunk of its brand identity around being the careful one, the safety one, the one that lectures the rest of the industry about surveillance and misuse. So when the accusation is that they were, quietly, doing surveillance of their own users, the hypocrisy angle writes itself.
Let me connect a thread here, because loyal listeners will remember this isn't coming out of nowhere. We covered, back at the top of the month, Anthropic accusing the major Chinese labs of distilling their models. There was that whole business about a network of fraudulent accounts generating tens of millions of interactions with Claude, all supposedly tracing back to Alibaba. And then just a couple of days ago on this show we talked about Alibaba turning around and banning its own employees from using Claude Code, classifying it as high-risk software with, in their words, backdoor risks.
So here's what's actually happening if you zoom out. Anthropic has been in a running cat-and-mouse fight with Chinese labs it believes are stealing the fruits of its expensive training runs. To catch that, you have to watch. You have to look at metadata, at patterns, at VPN usage, at who's connecting from where and what they're doing. That's how you build the case that says twenty-five thousand accounts and twenty-nine million conversations trace back to one company. But the tooling you build to catch a distillation attack is, functionally, surveillance tooling. And the moment it gets pointed at ordinary users, or the moment ordinary users find out it exists at all and that nobody told them, the story stops being about IP theft and starts being about trust.
That's the real lesson for you as a builder, and it's uncomfortable. Every anti-abuse system you construct is also a surveillance system wearing a different hat. The spam filter that reads everyone's messages. The fraud model that profiles every transaction. The bot-detection layer that fingerprints every session. You build it for the bad guys, and it works on everybody. And the difference between being the responsible platform and being the creepy platform is almost entirely about disclosure and consent. If you tell people what you're collecting and why, you're doing security. If you do the exact same thing quietly and get outed on Reddit, you're doing spyware. Same code. Same intentions, maybe. Totally different outcome, because the whole thing runs on whether people believe you.
And that's the part that should worry Anthropic more than any single incident. When your competitive pitch is essentially trust us, we're the careful ones, then a story like this doesn't just cost you a news cycle. It cuts into the exact asset you've been selling. Alibaba is already using the security-risk framing to justify walking away. You can bet other large customers, especially ones with any China exposure or any regulatory sensitivity, are reading this and asking their own hard questions about what else is being logged, what else is being watched, and who decided the disclosure wasn't necessary.
I'm not going to sit here and tell you Anthropic is uniquely villainous. In a cat-and-mouse game against state-adjacent distillation efforts, of course you're going to build monitoring. That's rational. But there's a version of building that monitoring where you're transparent about the fact that you fingerprint and analyze usage to prevent abuse, and there's a version where you run a quiet experiment and hope nobody notices. The engineer calling it an experiment tells you which version this was. Experiments have a way of ending abruptly the moment they hit daylight.
So watch two things going forward. One, whether Anthropic publishes anything resembling a real explanation of what the tracker did and what data it touched, versus letting it fade. Two, whether enterprise buyers start putting surveillance and logging clauses front and center in their AI contracts the way they already do for data-training clauses. Because that's how this ripples out to the rest of you. The next enterprise deal you try to close, your customer's security team may now have a checklist item that says: show us exactly what your provider monitors and prove it. That's the aftershock.
Alright. Let me shift from the trust story to the jobs story, because they rhyme more than you'd think, and both come down to what people are willing to believe.
Microsoft laid off nearly five thousand people. The reporting from Rebecca Bellan puts it at around forty-eight hundred roles, about two point one percent of the global workforce, announced on a Monday. And the hardest-hit areas are Xbox and commercial sales. Ars Technica's coverage from Kyle Orland zooms into the gaming side specifically: five studios closed, thirty-two hundred employees let go, roughly twenty percent of the gaming division, with Microsoft saying it'll refocus on its biggest franchises.
Now, here's where I want you to keep your skeptic's hat on, because the framing around this one is doing a lot of work. The layoffs are being described, in the coverage itself, as stoking fears of AI replacing jobs. And there's a real temptation to draw a straight line: Microsoft's all-in on AI, Microsoft cut five thousand jobs, therefore AI ate five thousand jobs. But look at where the axe actually fell. Xbox. Gaming studios. Commercial sales. That's not obviously an AI-automation story. That's a company that overexpanded its gaming ambitions, spent enormous money acquiring studios, and is now retrenching to its biggest money-making franchises. That's a portfolio decision. That's a company deciding it bought more game studios than it wanted to keep running.
Commercial sales getting hit is a little more interesting from an AI angle, because sales is one of those functions people keep insisting agents will streamline. But even there, be careful. A company under pressure to fund a hundred-billion-dollar AI capital buildout has every reason to trim headcount wherever it can and let the AI narrative do the PR work. Because here's the dirty little secret of the whole AI-layoffs discourse: blaming AI is a gift to executives. If you say we're cutting jobs because AI made these people redundant, you sound like a forward-looking leader riding the future. If you say we're cutting jobs because we overhired during the pandemic and our gaming bets didn't pan out, you sound like you screwed up. The AI framing launders a management failure into a technology triumph.
Which brings me to the running list. TechCrunch, with Rebecca Bellan and Connie Loizos, is maintaining a reverse-chronological tally of every major tech layoff in 2026 where the employer name-checked AI as a stated factor. And I actually think that list is more useful as a media artifact than as a labor-market measurement. Because what it's really tracking is which companies chose to blame AI. Not which jobs AI actually replaced. Those are different things, and the gap between them is where all the spin lives.
Here's the honest read for you as a founder. AI absolutely is starting to change headcount math. We've talked on this show about the solopreneur data, the census numbers, the businesses hitting a million in revenue faster with smaller teams. That's real, and it's mostly showing up at the small, nimble end of the spectrum, not in a big-company mass-replacement event. When a giant like Microsoft cuts five thousand people and gestures at AI, the more likely truth is that AI is providing cover for cuts that would've happened anyway, plus a modest genuine efficiency gain at the margins. Don't let the headline convince you the robots came for the Xbox studios. The market came for the Xbox studios. AI just showed up for the press conference.
And if you're building a company, the actionable version of this is: you get to hire fewer people to do more, yes, but don't confuse the leverage AI gives a lean startup with an excuse a big company uses to explain a retrenchment. Those are two very different stories wearing the same three letters.
Let me stay in the builder's chair for a minute, because there's a genuinely useful conversation happening about how you actually assemble AI products in production.
Vercel's CEO, Guillermo Rauch, sat down with TechCrunch's Russell Brandom to talk about what he calls the fight to split off models from agents. And the money quote is short but it's the whole thing: the reality is, when you're optimizing for production, you start looking at a price-performance. That's it. That's the shift.
Let me unpack what he's actually saying, because it matters for anyone shipping. For a while, the mental model was that you pick a frontier model, you build your agent around it, and the model and the agent are kind of fused. You're a GPT shop or a Claude shop or a Gemini shop, and your whole product is welded to that choice. What Rauch is describing is the maturing version of this, where the model becomes a swappable component and the agent, the harness, the orchestration, the thing that actually does the work, becomes the durable part you own. You decouple them. And once you decouple them, you can shop. For this task, a cheaper, faster model is good enough. For that task, you pay up for the frontier. You route based on price and performance, task by task, instead of marrying one model for everything.
This is the same instinct we heard from the Palantir camp a couple days back, the whole argument about owning your compute and your stack and not transferring your alpha to a third party. I'm not going to relitigate that guy's style. But the through-line is real: as this stuff goes into serious production, the people paying the bills stop caring about which model is the sexiest and start caring about which combination gets the job done at the lowest cost per acceptable result. Models become interchangeable parts. The value migrates to the layer above.
For you, practically, the takeaway is: don't hardwire your product to a single model's API as if it's load-bearing. Build the seam. Build the abstraction that lets you swap the underlying model when a cheaper one gets good enough or a pricing war breaks out. Because those pricing wars are coming, and the shops that architected for model-portability are going to be the ones that can actually capture the savings instead of being locked into whichever lab they got engaged to in 2025.
Now let me pivot to a story that's less flashy but that every single one of you should act on today, because it's about your own data.
Sarah Perez at TechCrunch has what she calls a belated PSA: if you use Google, you're training its AI, and here's how to opt out. The gist is that a recent change to Google's privacy settings lets the company store more of your data, including media, images, files, audio and video recordings, to improve its AI models. And the framing of it as belated is the tell. This is one of those changes that rolls out quietly, buried in a settings update, that most people never notice and never consent to in any meaningful way.
I want to connect this straight back to the Anthropic story, because it's the same nerve. When Anthropic gets outed for a quiet tracker, everyone's shocked and outraged. When Google flips a setting that starts hoovering your files and recordings into training data, it's a Tuesday and you get a how-to article about opting out. Same underlying move: collect quietly, disclose minimally, make the user do the work to say no. The only difference is one company had built a brand around not doing that, so it made news, and the other company we've all just kind of accepted does this constantly.
For you as a builder, there are two lessons stacked on top of each other. First, the housekeeping one: go check your own settings, and go check what your company's Google Workspace is set to, because if you're running your business on Google's tools, your business's files and recordings could be in scope. That's a real data-governance question, not a personal-privacy footnote. Second, the strategic one: this is the environment your customers now live in. Everybody's data is being quietly siphoned by somebody. Which means if you build a product and you're loud, clear, and honest about what you do and don't do with customer data, that's not just compliance, that's a wedge. In a world of quiet defaults and belated PSAs, transparency is a feature you can actually sell.
Alright, let me stay with Anthropic for a beat but flip to the flattering side of the ledger, because they had a good-news post out the same day.
Anthropic announced that the Government of Alberta is using Claude to find and fix cybersecurity vulnerabilities across government systems. That's the headline, and the source here is Anthropic's own newsroom, so read it as what it is, a customer-win announcement, not independent reporting. But it's a meaningful data point about where this stuff is actually getting deployed.
Government cybersecurity is one of those use cases that's almost purpose-built for what these models are good at right now. You've got sprawling legacy systems, more code and configuration than any team can manually audit, and a permanent shortage of skilled security people. Pointing a capable model at that haystack to surface vulnerabilities and propose fixes is exactly the kind of grind-work-at-scale task where AI earns its keep. This is the same category, honestly, as some of the offensive and defensive cyber stories we've been tracking, agents that can read a whole codebase and find the weak joints faster than a human reviewer.
The wrinkle, and I'd be lying if I didn't flag it, is the tension with our lead story. Alberta is trusting Anthropic's Claude to crawl through sensitive government systems and analyze their vulnerabilities, on the same day another report accuses Anthropic of quietly tracking users. Now, enterprise and government contracts have very different data terms than consumer usage, and Anthropic has been explicit elsewhere about not training on enterprise customer data. But it does underline the whole theme of today's show: this entire industry runs on trust, and trust is a thing you can spend faster than you earn it.
Let me get out of AI proper for a stretch, because there are a couple of security and geopolitics stories that matter for anyone thinking about the world their product ships into.
Jeremy Hsu at Ars Technica reports that the Kremlin is suspected of flying drones over Europe using what's called the Russian shadow fleet. The idea is that drone intruders that possibly launched from Russian ships showed that Europe isn't ready for this kind of thing. The shadow fleet, if you're not familiar, is the network of murky, often unregistered or reflagged vessels Russia's been using to dodge sanctions on oil and other goods. And now the suspicion is that those same ships may be doubling as mobile drone-launch platforms, sending unmanned aircraft over European territory.
Why does this belong on a tech show? Because it's the physical-world version of the exact same asymmetry we talk about in cyber. Cheap, deniable, distributed attack tools against expensive, centralized, slow-to-adapt defenses. A drone that costs a few thousand dollars, launched from a ship you can't easily prove is hostile, over airspace defended by systems designed for fighter jets and missiles, not swarms of small cheap flying things. Europe, per the reporting, isn't ready. And the broader point for builders and investors is that the entire counter-drone, airspace-monitoring, maritime-domain-awareness space just became a lot more urgent and a lot more fundable. When a nation-state figures out an asymmetric trick, a defense industry grows up around countering it within a couple of years. That's a market forming in real time.
Related, from the offensive side, Zack Whittaker at TechCrunch reports that a Canadian spy agency says it hacked drug traffickers, extremists, and a ransomware gang last year. This came out of the agency's annual report, and the interesting thing is the disclosure itself. Intelligence agencies traditionally say nothing. Now they're publishing, in an annual report, essentially a highlight reel of their offensive cyber operations. We went after these traffickers, we hit these extremists, we disrupted this ransomware crew.
That's a deliberate choice, and it's part of a trend of Western agencies being more public about the fact that they play offense in cyberspace, not just defense. Partly it's deterrence, telling adversaries out loud that you'll come for them. Partly it's justifying budgets and legal authorities to their own publics. For the rest of us, it's a reminder that the cyber battlefield is genuinely two-way now. The ransomware gangs shaking down hospitals and pipelines are, increasingly, getting hacked back by governments. If you're in the security space, that changes the landscape you're operating in, and it's worth watching how much more of this offensive activity moves from classified to disclosed.
Let me bring it back toward the everyday tech that shapes how people actually use products.
Reddit, per Amanda Silberling at TechCrunch, is using large language models to solve a problem that large language models largely created. And that's just a beautiful little snake-eating-its-tail situation. The AI era flooded platforms with cheap, plausible, machine-generated spam and low-effort content. And now the platforms have no choice, in Silberling's framing, but to fight fire with fire, using AI to detect and cull the AI slop that AI enabled in the first place.
I love this one because it's honest about where a lot of the value in this cycle is actually going. We keep imagining AI creating brand-new magic. A huge amount of the real deployment is AI cleaning up messes that AI made. Spam detection. Fraud detection. Deepfake detection. Content moderation at a scale that only became necessary because generation got cheap. It's a treadmill. And if you're a founder looking for a durable business, there's a genuinely unglamorous truth buried in here: the defensive side of the AI boom, the detection and cleanup layer, is a real and probably very sticky market, precisely because the offensive side keeps generating more work for it. Every time generation gets cheaper, detection gets more valuable. That's not a bug in the industry. For some of you, that's the whole business plan.
A couple of quick product bites while we're here. WhatsApp, per Ivan Mehta, is now letting users reserve usernames ahead of a full rollout, which will eventually let you connect with people without handing over your phone number. That's a meaningful privacy shift for a platform that's been welded to phone numbers forever, and it nudges WhatsApp closer to how Signal and Telegram already work. Small feature, real implications for anyone building on top of messaging or thinking about identity.
And Apple, per Sarah Perez, is now letting you customize Siri's pace and expressivity in the latest iOS 27 beta, part of the broader effort to rebuild Siri around generative AI. On its own, a voice-tuning slider is a nothing feature. But it's a tell that Apple's slow, painful Siri rebuild is grinding forward. And separately, Jagmeet Singh reports Apple brought back card payments for Apple Account purchases in India after a four-year hiatus, having finally adapted to the country's payments framework. That one's a nice little case study in the unglamorous reality of global expansion: sometimes the barrier isn't tech, it's a country's regulatory plumbing, and you don't win the market until you bend to it.
Now let me close with the lighter stuff, because you earned it.
Eric Berger at Ars Technica reports there were not one but two asteroid encounters this past weekend, and the headliner is an asteroid called Torifune that turns out to be shaped like a peanut. That's it. That's the update. A space peanut cruised through the neighborhood. I bring it up because every so often it's worth remembering that the universe is out there doing its own thing, entirely indifferent to our layoffs and our trackers and our token budgets, and it's shaped like a snack.
And there's a fun companion piece from Robert Pearlman asking what's the oldest American object ever launched into space, running from a Revolutionary War flag to bits of the Statue of Liberty. Given we just rolled past the Fourth, it's a nice little bit of Americana-in-orbit trivia. The kind of thing that reminds you people have been sending sentimental cargo up there for a long time, long before any of this AI business.
So let me tie the bow on today. The spine running through the serious half of this episode is trust, and how cheaply it gets spent. Anthropic, the self-styled careful lab, accused of a quiet tracker it's now calling a finished experiment. Google flipping your files into training data with a belated PSA as the only warning. Microsoft dressing up a gaming retrenchment in AI's clothes because AI is the more flattering story. Reddit using the very technology that broke its spam problem to patch its spam problem. Over and over, the pattern is: the flashy narrative and the quiet reality don't match, and your job, whether you're a user or a builder, is to keep your eye on the quiet reality.
And the builder's version of all of it is simple. Decouple your models so you can shop on price. Check what your own tools are collecting before you get outed. And treat honesty about data as a feature, because in a market full of quiet defaults, being the one who says the true thing out loud is an edge.
That's the menu for today. I'm Tony DeLuca, this has been Barely Possible, and I'll be right back here at the counter tomorrow. Watch out for space peanuts.