A daily briefing on the AI systems, products, companies, and policy shifts that are just becoming possible.
Want a podcast for your own topics? Join early access: https://www.barelypossible.to/waitlist/?source_path=public_feed&feed_source=rss
Okay kiddos, I'm your boy Tony DeLuca, and you're listening to Barely Possible, the show where we read the technical stuff so you don't have to, and then tell you which parts actually matter to somebody trying to build a business. Big menu today. We got a memory-chip arms race that's about to reshape who controls the AI supply chain. We got Anthropic doing an end-run around the federal government by cozying up to a state government. We got coding agents that can be tricked into installing malware just by being helpful. And we got a quantum startup making a promise so big you can hear the eyebrows raising from here. Buckle up, let's have at it.
Let me start with the one that I think every founder should be paying attention to, even if memory chips sound about as exciting as watching paint dry. South Korea just announced it's going to spend roughly a trillion dollars — and the country's two biggest memory makers are committing over five hundred fifty billion of that on their own — to build more memory fabs and to chase a lead in what they're calling physical AI and humanoid robots. The framing in the reporting is blunt: the world's two largest memory chip companies, which is to say Samsung and SK Hynix, are vowing to build more memory lab fabs as South Korea positions itself as an AI tech powerhouse country, with a target of commercial humanoid robots by 2028.
Now why does this matter to you, the person building software, not the person building robots? Because we've been circling this memory story for a couple weeks now, and I want to be honest about that. Just a few days back we talked about Wall Street branding Micron the next Nvidia, and before that we hit the memory chipmaker whose profit went 15x on the back of the HBM shortage. So I'm not going to re-litigate all of that. What's new and specific today is the scale of the state-level response, and the second half of the headline that everybody's glossing over: humanoid robots and physical AI.
Here's the thing that should land. The reason your cloud bill, your API costs, and your hardware costs have been creeping — and in some cases jumping — is that the same memory that goes into AI accelerators is the memory that goes into your laptop, your phone, your servers. When the hyperscalers vacuum up high-bandwidth memory, everybody downstream pays. So when South Korea says a trillion dollars, what they're really saying is, we recognize that memory is now a strategic chokepoint the way oil was a strategic chokepoint, and we're going to spend like it. And the move into humanoid robots is them saying the next platform after the chatbot isn't another chatbot, it's a machine that does physical labor, and we want to own the supply chain for that too.
For a builder, the takeaway is not go invest in Samsung. The takeaway is: the cost curve on memory is being fought over at the level of nation-states now, which means it is not going to quietly normalize next quarter the way commodity gluts usually do. If your product's unit economics depend on cheap inference, you should be modeling a world where memory stays expensive longer than the usual cycle, because the demand isn't just chatbots anymore — it's chatbots plus robots plus every hyperscaler hoarding. Plan accordingly.
And it connects to a story sitting right next to it. There's a separate report that Apple — Apple, of all companies, the one that prides itself on supply-chain discipline — is reportedly eyeing a blacklisted Chinese memory supplier to ease a chip shortage. Think about what that means. When Apple, with all its leverage and all its political exposure, is reportedly looking at a supplier that's on a U.S. blacklist just to get enough RAM, that tells you the memory squeeze is real and it's biting at the very top of the food chain. That's the same RAMageddon story from the South Korea piece, just viewed from the buyer's side of the table. The producers are spending half a trillion to build capacity, and the buyers are so desperate they're reportedly window-shopping suppliers they're not even supposed to talk to. When both ends of a supply chain are panicking at the same time, that's not a blip. That's a structural shortage, and structural shortages set prices for years, not weeks.
Now let's shift from the chips to the politics of who gets to use the models that run on them. This is the one I want to spend real time on today, because I think it's the most consequential thing for builders in this whole pile.
Anthropic and California Governor Gavin Newsom forged a deal that lets the California state government use Claude at half price. On its face, that's a procurement story — a vendor gives a big customer a discount, stop the presses. But read it against the backdrop and it's a lot more interesting. The reporting frames it exactly this way: as Anthropic forges a closer relationship with the state of California, the federal government has made an enemy out of the OpenAI rival.
Let me unpack that, because it ties directly to something we covered earlier this week. A couple days ago we talked about the federal government rationing frontier models — the whole allowlist situation where the Trump administration cleared Anthropic's top model for a limited set of companies and agencies, and OpenAI throttled its own rollout at the government's request. That story was about Washington deciding who gets access to the most powerful AI. The vibe, fairly or not, was that the federal government and Anthropic were not exactly holding hands.
So what does Anthropic do? It goes and signs a sweetheart deal with the largest state government in the country — a state that is, shall we say, not always aligned with the current White House. That's not a coincidence. That's a strategy. If the federal relationship is frosty, you build your government revenue base at the state level, where you've got a friendlier counterparty and a customer big enough to matter. California's government is enormous. Half-price Claude across California agencies is real money and, more importantly, it's a beachhead.
Here's why a founder should care, and it's not about the discount. It's about what it signals for how AI is going to get sold into the public sector for the next decade. We are watching the AI vendors learn that government isn't one customer, it's fifty-one customers — fifty states plus the feds — and they don't all want the same thing, and they're not all on the same side. If you're building anything that touches regulated industries or public-sector buyers, the lesson is that fragmentation is your friend. The model that can't get cleared at the federal level can still win California, Texas, New York. Distribution into government is going to look less like one big federal contract and more like a state-by-state ground war.
And there's a sharper edge here. When a frontier lab makes the largest blue state its anchor government customer, and the federal posture toward that same lab is cold, you start to get AI procurement that maps onto political fault lines. That's a little uncomfortable. I'm not going to pretend I know how it plays out. But if you're a builder, you want to notice early when a piece of infrastructure starts getting coded as red or blue, because that affects who you can sell to, who you can partner with, and which logos help you versus hurt you depending on the room. Anthropic just made a bet that being California's AI vendor is worth more than staying perfectly neutral. We'll see if that bet ages well.
Now let's go from the boardroom to the terminal, because there's a security story in today's pile that should genuinely worry anybody running coding agents in production. And we touched the edge of this category earlier in the week with that fake-marketplace scanner bypass, but this is a different, cleaner version of the same nightmare.
Mozilla's 0din team showed that AI coding agents can be tricked into installing malware through what look like completely clean GitHub repositories. The framing in the writeup is the part that gets me: Claude Code can be exploited by its own helpfulness. Sit with that phrase for a second. The vulnerability isn't a bug in the traditional sense. It's the agent doing exactly what it's designed to do — being helpful, being proactive, reading the repo, following the instructions it finds, trying to get you unblocked — and that helpfulness is the attack surface.
Here's the shape of it, and I'm going to keep it conceptual because the point is the pattern, not a how-to-hack tutorial. You point your coding agent at a repository that looks pristine. No obvious malware, nothing that trips a scanner. But buried in the project, in a place the agent will dutifully read — a config file, a readme, instructions that look like setup steps — there's content crafted to manipulate the agent into taking actions it shouldn't. The agent, trying to be a good helpful assistant, follows along and ends up installing something nasty. The human watching the screen sees an agent doing normal agent things. The repo passed inspection. And the bad outcome happens anyway.
This is the thing I keep harping on, and it's worth saying plainly to every founder shipping agentic features: the security model for agents is not the security model for software. When you ship a deterministic program, you can reason about what it does. When you ship an agent that reads untrusted input from the wild — a repo, a webpage, a document, an email — and then takes actions based on what it reads, you've built a system where the input can become the instruction. Prompt injection isn't a curiosity anymore. It's the central security problem of the agentic era, and most teams are shipping agents with the security posture of a 2015 web app.
What do you actually do about it? You stop trusting the agent's judgment as the last line of defense, because its judgment is the thing being attacked. You put hard boundaries around what the agent can execute — no arbitrary install commands, no shell access to production, sandboxes that don't matter if they get popped. You treat every external repo, every external document, as hostile until proven otherwise. And you assume that helpfulness, the very thing you're selling, is also your biggest liability. If you're building a coding-agent product and you don't have a clear story for what happens when someone feeds your agent a poisoned repo, that's your homework this week. Mozilla just handed you the threat model for free.
Let me stay in the building-tools lane for a minute, because there were a couple of product moves worth a quick mention. Cursor launched a mobile app that lets you supervise your coding agents on the go — remote oversight, so you can kick off and steer agent work from your phone instead of being chained to your desk. I'll be honest, my first instinct is to roll my eyes at coding from a phone. But that's not what this is. This is the acknowledgment that the agent does the work and you do the supervising, and supervising is a thing you can do from anywhere — a coffee shop, a train, a kid's soccer game. The interface for software development is quietly turning into a management interface. You're not typing the code; you're approving and redirecting an agent that types the code. A phone is a perfectly fine device for management. That's a genuine shift in what the job feels like.
And staying on the money side of coding tools: Chamath Palihapitiya raised a hundred and thirty-five million dollar Series A for his AI coding startup and took the CEO role himself. The TechCrunch framing is dry and accurate — VCs remain thirsty to fund AI coding startups, and this one is no exception. I'll give you my read. A hundred thirty-five million at the Series A for a coding tool, in a market that already has Cursor, Claude Code, Codex, and about forty others fighting for the same developers, tells you the money still believes coding is the killer app for AI and that there's room for more entrants. Maybe. The skeptic in me notes that a celebrity investor putting himself in the CEO chair of his own funded company is the kind of thing that reads great in a headline and gets complicated in execution. But the signal that matters for you is the capital. As long as that much money keeps flowing into AI coding, the tools you depend on are going to keep getting better fast and keep getting cheaper, because they're all subsidized by venture dollars fighting for your loyalty. Enjoy it while the war is hot.
Now let's talk about the infrastructure pattern underneath all of this, because there's a quiet theme running through a few of today's items that I think is the real builder lesson of the day. It's about the model gateway — the layer that sits between your application and all the different AI models you might use.
Nvidia put out a piece on how thousands of its own engineers access more than a hundred AI models through a single unified inference service. The problem they describe is one every growing company hits: engineers had fragmented access to over a hundred models scattered across cloud providers, open source, and internal services, each with its own API and its own credentials. It was a mess. So Nvidia's IT team built what they call an Enterprise Inference Hub, centered on an open-source gateway, where every application talks to one OpenAI-compatible API with a single set of credentials, and the gateway handles routing, authentication, and metrics. That hub now processes trillions of tokens a week. And the payoff they call out is the part that matters: centralized control gives them usage monitoring, token accounting, cost visibility, budget enforcement, and easy model portability.
Hold that thought, because there's a separate item that's the perfect companion. Coinbase's Brian Armstrong laid out how his company halved its AI spend even as token usage grew exponentially. And how'd they do it? Not by capping usage. Not by sending people nagging alerts. They did it with better defaults, smart routing, and caching. Specifically: they default to cheaper open-weight models through a gateway, they use AI to preprocess prompts and pick the right model for the job, and they cranked their cache hit rate from five percent up to sixty percent. Armstrong's line — and I want to flag this is from a recent post, I'm not telling you it happened this morning — was that the goal isn't to suppress usage, it's to build the infrastructure that makes exponential growth sustainable.
Now look at those two together. Nvidia and Coinbase — completely different companies, completely different problems — converged on the exact same architecture. A gateway in the middle. Route requests to the right model. Cache aggressively. Measure everything. And here's the founder takeaway, and I'll say it as plainly as I can: the companies that are winning on AI cost are not the ones with the cheapest model. They're the ones with the best plumbing between their app and the models. The gateway, the router, the cache — that's where the leverage is. If you're scaling an AI product and your architecture is your app calling one model provider directly, hardcoded, you are leaving enormous savings on the table, and worse, you have no portability when prices change or a better model drops. Build the gateway early. Cache like your runway depends on it, because it does.
And this is where I want to be careful, because the easy version of this story would be go switch all your traffic to cheap Chinese open-weight models and call it a day. That's not the lesson, and the cost angle is genuinely real, but I'm capping how deep I go on the model-shopping stuff. The durable lesson isn't which model is cheapest this week. It's that the routing layer is a permanent part of your stack now, and the discipline of measuring token cost per feature is going to separate the companies with healthy margins from the ones that get a terrifying invoice and panic.
Let me pivot to a couple of regulatory and policy items that affect the ground you build on. Two of them landed and they pull in opposite directions, which is fitting.
First, the Supreme Court issued a ruling that guts the government's use of geofence warrants. If you're not familiar, a geofence warrant is when law enforcement goes to a company — usually for location data — and says, tell me every device that was in this geographic area during this window. It's a dragnet. You draw a box on a map and you scoop up everybody who was in it, guilty or innocent. The Court's ruling, according to the reporting, significantly curtails that practice — though, and this is the careful part, it stopped short of declaring geofence warrants flatly unconstitutional. So it's a gut punch to the technique, not a death sentence.
Why does a founder care? Because if you run a product that collects location data — and a shocking number of apps do, often through SDKs you barely think about — the legal exposure around that data just shifted. The dragnet warrant being curtailed is good for user privacy, and it's a reminder that the data you hoard is a liability somebody else can subpoena. The cleanest position to be in, when the law is moving like this, is to not be holding sensitive data you don't need. Data minimization isn't just a privacy nicety. It's risk reduction. You can't be compelled to hand over what you never collected.
The second policy item cuts the other way. The Trump administration is reportedly threatening ninety-two gigawatts of new electricity supply with red tape — and we're talking about a hundred and twenty-one billion dollars in new solar and wind power, which the reporting notes are the two biggest contributors to new generating capacity in the U.S. right now. Set aside the politics of solar versus wind versus whatever for a second and think about it from the AI builder's chair. Everybody in this industry is screaming about power. The data centers need electricity. The training runs need electricity. We've talked on this show about how the real bottleneck for AI scaling isn't chips, it's power and heat. So when ninety-two gigawatts of new supply — the fastest-growing chunk of new capacity — gets tangled in regulatory delay, that's not an environmental story to a founder. That's a does-my-cloud-provider-have-enough-power story. If new generation slows down while AI demand keeps climbing, the price of compute has another reason to stay high, on top of the memory squeeze we already talked about. Power and memory, both getting tighter, both getting more political. That's the cost environment you're building in.
Now let me give you the one that made me laugh and squint at the same time. A quantum computing startup — QuEra — says it's going to leapfrog everybody. The promise is thousands of error-corrected qubits by 2029. And the reporting's own framing is the punchline: that system would require a massive leap from any of its existing hardware.
I'm a skeptic by nature and by trade, so let me put on the OG hat for this one. Thousands of error-corrected qubits would be a genuine watershed. Error correction is the whole ballgame in quantum — raw qubits are noisy and useless for most real work, and getting to error-corrected logical qubits is the hard part everyone's been stuck on. So thousands of them by 2029 would be enormous. It would also be a leap from where this company's actual hardware is today that, by their own description, is massive. And whenever a startup's headline promise requires a massive leap from the thing they can actually build right now, my Bronx kitchen-table instinct kicks in. That's not a product announcement. That's a fundraising announcement wearing a lab coat.
I'm not saying it's impossible. I'm saying you should file it under watch the milestones, not under it's happening. Quantum has a long and proud history of three-years-away promises that are still three years away. For a founder, the practical translation is simple: nothing about your roadmap should depend on error-corrected quantum computing before the back half of this decade, and probably not even then. If anybody pitches you on building today for a quantum future, smile, nod, and keep your money in your pocket. The honest version of the quantum story is that the milestones to watch are real qubit counts and real error rates demonstrated on real hardware, not press releases about what'll exist in 2029.
Let me run through a few quicker ones that matter to the builder but don't need the full treatment.
Google is warning that the EU's plans to weaken its search monopoly could expose user data. The EU wants Google to share search data with competitors and to open up AI on Android, and Google's pushback is, essentially, if we have to share this data, that's a privacy risk. Now look — I'm skeptical of Google warning about privacy the way I'm skeptical of the fox warning about henhouse security. The privacy argument is real, but it's also extraordinarily convenient when it happens to defend your monopoly. What you should watch as a builder: if the EU forces search data sharing and opens up AI on Android, that's a genuine crack in two of the biggest moats in tech — Google's search data advantage and its control over the Android AI layer. A crack in a moat is an opportunity for somebody. Probably not you directly, but the competitive landscape downstream of search and downstream of Android assistants could open up in ways that create room for new products.
And in the same family, there's a report that Google is limiting Meta's use of its Gemini AI models. I'll keep this one tight because the details are thin, but the direction is notable: the model providers are starting to police who gets to build on their models, especially when the customer is also a competitor. If you're building on somebody else's frontier model, that's your reminder that access is a privilege the provider can revoke, and the bigger and more competitive you get, the more that privilege comes into question. Which, by the way, is one more argument for the gateway architecture I was preaching about earlier. Don't get married to one model you don't control.
Waymo and Uber quietly parted ways in Phoenix. Uber says it's readying a separate autonomous vehicle partnership in the city but wouldn't name the partner. This is a small item but it's a tell. The autonomous vehicle space is consolidating and reshuffling its alliances, and Uber not naming the new partner is the interesting part — somebody's about to get a big distribution deal, and Uber's holding the card close. Worth watching if you're anywhere near mobility.
TIDAL is cracking down on AI music by cutting off monetization for it, and says it'll use automated tools to remove AI-generated tracks that try to impersonate a real artist or group. This is the platforms starting to draw lines around AI content. The interesting tension: TIDAL isn't banning AI music outright, it's de-monetizing it and policing impersonation specifically. That's a more surgical approach than a blanket ban, and I suspect it's the template a lot of content platforms will follow — AI content is allowed, but it doesn't get paid, and it absolutely cannot pretend to be a human you recognize. If you're building anything in the generative content space, that monetization line is the one to study.
And a fun one with a serious lesson underneath: Sony erased digital content from people's libraries, which is the recurring reminder that we don't actually own what we buy when it's digital. Sony's been scaling down its digital store for a while, and when a store shuts down, the stuff you paid for can just evaporate. For a builder, this is a trust lesson. Every time a big company pulls content out from under paying customers, it erodes faith in the whole rent-don't-own model. If you're building a product where customers pay for digital goods, the companies that win long-term are going to be the ones that figure out how to give people something that feels like real ownership — exportable, durable, not subject to a server getting switched off. The frustration Sony just generated is a market signal.
One more from the policy desk that's squarely in builder territory: Kalshi sued Illinois over a new tax on prediction-market sports bets, making Illinois a key battleground in the broader fight over whether prediction markets are gambling and how they get taxed and regulated. We've touched the prediction-market world before on this show. The reason it matters: prediction markets are one of the genuinely novel financial primitives to come out of the crypto and fintech world, and their entire future depends on these regulatory and tax fights. Every state that imposes a bespoke tax or treats them as sports gambling is a state where the model gets harder to operate. If you're building in fintech, crypto, or anything that brushes up against gambling law, the Kalshi-versus-Illinois fight is a preview of the patchwork you'll be navigating — fifty states, fifty rule sets, and a lot of expensive lawyers.
And finally, a couple of straight-up business signals worth knowing. The AI leaderboard everybody uses — Arena — is now a hundred-million-dollar business. The startup that runs that popular free leaderboard only launched its commercial service last September, and it's already at a hundred million. Think about that path. You build a free tool the entire industry relies on to compare models. You become the neutral scoreboard. And then you turn that trust and that traffic into a real commercial product. That's a textbook playbook for a founder: become indispensable infrastructure first, monetize the trust second. The leaderboard being free was the wedge. The hundred-million business is what the wedge bought. If you can find the place where your industry needs a neutral, trusted reference point that doesn't exist yet, that's a business hiding in plain sight.
So let me tie a bow on it. The thread running through today, if there is one, is that the AI business is maturing into an infrastructure-and-politics game, not a model game. South Korea and Apple are fighting over memory at the level of nations and blacklists. Anthropic is playing state governments against the federal posture. Nvidia and Coinbase independently arrived at the same gateway-and-cache architecture for surviving the cost curve. Mozilla just showed us the agent security model is broken in a way that's baked into the helpfulness itself. The power supply that runs all of it is getting tangled in red tape. None of that is about whose model scored highest on a benchmark this week. It's about who controls the chips, the power, the routing layer, and the rules. That's the ground you're building on. Build like you know it.
That's the menu for today, kiddos. Tony DeLuca, telling you to keep your data minimal, your cache hot, and your skepticism handy when a startup promises you the moon by 2029. Take care of yourselves, watch the milestones, and I'll see you next time.