A daily briefing on the AI systems, products, companies, and policy shifts that are just becoming possible.
Want a podcast for your own topics? Join early access: https://www.barelypossible.to/waitlist/?source_path=public_feed&feed_source=rss
Okay kiddos, I'm your boy Tony DeLuca, and you've found your way back to Barely Possible, where we sort the real AI morsels from the marketing garnish and try not to waste a minute of your day. We've got a fresh menu today, and I want to start somewhere that's gonna make your stomach drop a little, because it should. Buckle up.
There's a lawsuit out this week, reported by Cyrus Farivar over at Ars Technica, and the headline tells you most of the story before you even read a word. A school shooting survivor is suing an AI gun detection company because the system that was supposed to spot the weapon failed to spot the weapon. And the question Ars puts right at the top is the one I want to sit with for a minute, because it's the question that's gonna define liability for a whole generation of products you people are out there building. How accurate does an AI system need to be?
Now let me be careful here, because this is a tragedy involving real people and I'm not gonna get cute about it. A survivor of a school shooting is taking a company to court on what amounts to a product liability theory. The pitch for these AI gun detection systems is simple and seductive. You bolt cameras onto a school, you run computer vision on the feeds, and the promise is the machine sees the gun before the human does, and you get those precious seconds. Schools bought it. Districts wrote checks. And then the gun came in, and the system didn't catch it, and now we are in a courtroom asking who owns that failure.
Here's why this matters to you specifically, and I don't care if you're nowhere near the security business. This is the camel's nose under the tent for AI product liability. Up until now, the comfortable legal fiction has been that AI is a tool, and a tool isn't liable, the user is. You sell somebody a hammer, they hit their thumb, that's not on you. But a gun detection system isn't a hammer. It's sold as a substitute for human vigilance. The whole value proposition is, trust the machine, it sees what you can't. And the second you sell that promise, you've made a representation. You've told the customer this thing performs to a standard. When it doesn't, the gap between what you promised and what it delivered is exactly where the lawyer lives.
And here's the thing nobody selling AI wants to say out loud. These systems are never one hundred percent. They can't be. There's no computer vision model that catches every weapon under every lighting condition with every angle and every coat draped over it. The vendors know this. The good ones put it in the fine print. But the marketing slides don't say ninety-four percent recall, the marketing slides say protect your students. So when the four percent walks through the door, the company is gonna stand up in court and say, well, technically we never claimed perfection, and the plaintiff is gonna say, you sold my school a shield, and the shield had a hole in it.
So here's the builder takeaway, and write this one on the wall. The accuracy you advertise becomes the accuracy you're liable for. If your sales team is out there saying your system catches everything, your legal exposure is everything it misses. The mismatch between the demo and the deployment is not a technical problem, it's a financial and legal one. And as AI gets stitched into safety-critical stuff, healthcare, security, transportation, the courts are gonna start drawing lines about how good is good enough. This diabetes lawsuit, this gun detection lawsuit, these are the early test cases. Watch them. The standard that comes out of these is the standard you'll be held to whether you like it or not.
And it connects to something we've been circling on this show for a couple weeks now, which is the gap between what AI gets sold as and what AI actually does in the field. We talked the other day about agents getting their own computers and the seat-based SaaS model maybe falling apart. Different story, same underlying tension. The pitch is always cleaner than the deployment. The demo always works. The field is where you find out what you really shipped.
Now let me shift from the courtroom to the cash register, because the biggest builder story today is about money, specifically the money you're about to start paying for tokens.
Anthony Ha at TechCrunch put up a piece with a great name, asking, is this the dawn of the Tokenpocalypse. And the short version is, we're likely to see more price increases as the big AI companies plan to go public. Now, longtime listeners know we've been beating this drum. We covered the token bill coming due earlier this week, we covered Uber slapping a fifteen-hundred-dollar-a-month cap on employee coding agent spend, we covered the labs yanking those flat two-hundred-dollar enterprise plans and moving everybody onto usage-based pricing. So I'm not gonna re-litigate all of that. But the new wrinkle here, and it's the part that should make a founder sit up, is the connection to the IPOs.
Here's the logic, and it's brutal in its simplicity. For the last couple years, we lived in what folks have been calling the token subsidy era. The big labs were eating the cost. They were letting you consume thousands of dollars of compute for tens or hundreds of dollars, because they were buying market share, they were buying habit, they were buying lock-in. That's a venture-funded land grab. You burn money to own the customer. Fine. That works when you're private and your investors are along for the dream.
But now these companies are lining up to go public. And the second you file to go public, the math changes under your feet. Public market investors do not want to hear about your beautiful land grab. They want to see a path to margins. They want unit economics that don't make them seasick. And there is no faster way to clean up your unit economics than to stop subsidizing the very thing you sell. So the prices go up. Not because the compute got more expensive overnight, although the chip shortage isn't helping, but because the business model is being dressed up for the public market wedding, and the subsidy was the thing that had to go.
So what does this mean for you, the builder who wired your whole product on top of somebody else's tokens? It means the input cost of your product is about to drift up, and it's gonna drift up not on a technical schedule but on a financial one, timed to S-1 filings and roadshows you have zero visibility into. Your gross margin is being set in a boardroom you're not invited to.
And this is where I want to be the OG in your ear for a second. If your entire business is a thin wrapper on a frontier model, and your margin depends on the model provider continuing to lose money on every call, you do not have a business, you have a temporary arrangement. The Tokenpocalypse framing is dramatic, but the underlying point is real. The companies that survive the repricing are the ones who treated cheap tokens as a windfall, not a foundation. The ones who built model routing, who built caching, who figured out when a cheaper model does the job just fine, who got real about which calls actually need the state-of-the-art model and which ones are just lazy defaults. The folks who built systems while tokens were cheap are gonna be fine. The folks who built habits are gonna get a bill.
And there's a second-order thing here I find genuinely interesting. When the subsidy ends, efficiency stops being a nice-to-have and becomes a competitive weapon. The startup that figured out how to deliver the same answer for a quarter of the tokens now has a structural advantage over the one that's brute-forcing everything through the biggest model. The repricing is gonna sort the field. So if you've been putting off the boring work of measuring your token spend, of figuring out your cost per task, of building the plumbing that lets you swap models without rewriting your app, this is your wake-up call. The window where nobody cared about this stuff is closing.
Now, speaking of depending on somebody else's infrastructure, let me tell you about a little outage that turned into a teaching moment.
There's a short piece, also from Anthony Ha at TechCrunch, about Notion restoring access to Anthropic after a service disruption. And on its face this is a nothing story. A service hiccupped, then it came back. But the detail that caught my eye is that Notion's head of product said he was, quote, astonished, at the amount of people retweeting this. And that astonishment is the whole story.
Think about what's happening there. A productivity app you use to write notes and plan projects had a moment where its AI features, powered by Anthropic, went sideways. And enough people noticed, fast enough, loud enough, that the news of the disruption spread like a brushfire. The head of product was surprised by how much attention a backend dependency outage got. That tells you something important about where we are. AI features have gone from a novelty bolted onto the side of a product to load-bearing infrastructure that people miss the instant it's gone. When your Notion AI stops working, people tweet about it like the power went out.
And for builders, there's a quiet lesson buried in this little RT-fueled drama. Your AI features are now somebody else's critical path. The moment you make an AI capability central to your product's value, you've inherited the reliability and the uptime and the failure modes of whatever model provider sits underneath you. Notion's outage wasn't really Notion's fault in the way users experienced it, but it was Notion's problem, because Notion is the name on the door. The user doesn't know or care that Anthropic had a bad few minutes. They know Notion broke. That's the deal you sign when you build on top of the model providers. Their bad day becomes your bad day, and you eat the reputation hit. So if you're shipping AI as a core feature, you'd better be thinking about graceful degradation, fallback providers, the whole boring resilience playbook, because your users have decided this stuff is essential, and they will let you know, loudly, the second it stops.
Let me stay with OpenAI for a beat, because there's a related item that's more about strategy than uptime.
TechCrunch reports OpenAI is still working on that super app, and the quote that anchors it is a senior OpenAI employee saying, chat is dead. Now, chat is dead is a hell of a thing to say if your most famous product is literally named ChatGPT. So let's unpack what they actually mean, because it's not as nihilistic as it sounds.
The idea of the super app is the thing you've seen work spectacularly in Asia. WeChat is the canonical example. You open one app and you message people and you pay your bills and you hail a ride and you order food and you book a doctor and you run half your life without ever leaving. The app becomes the operating system for your daily existence. And the dream, the thing OpenAI is reportedly still chasing, is to be that, but with the assistant as the front door. Not chat as a destination where you go to ask a question and then leave, but the assistant as the hub through which you do everything.
That's what chat is dead means. It doesn't mean conversation goes away. It means the model of you typing a question, getting an answer, and closing the tab, that transactional little exchange, is too small a vision. The bet is that the assistant becomes the thing you live inside, that does stuff on your behalf, that connects to your tools and your money and your calendar and your whole digital footprint. The super app is the assistant graduating from a tool you visit to an environment you inhabit.
Now, I'm the skeptic in your ear, so let me put the cold water on the table. Super apps have been tried in the West over and over and they keep dying. The reasons are structural. The Asian super app phenomenon happened in markets where the mobile internet leapfrogged the desktop era and where one platform got there early enough to absorb everything. Here, we've got entrenched incumbents in every vertical. We've got an App Store and a Play Store that take their cut and set the rules. We've got antitrust regulators who get itchy when one company tries to own everything. The graveyard of Western super app attempts is deep, and a lot of very smart, very well-funded companies are buried in it.
But here's why I don't dismiss it entirely when OpenAI says it. The AI assistant is genuinely a different on-ramp than anything that came before. Every previous super app attempt tried to bolt a bunch of services onto a messaging app or a payments app, and the seams showed. The assistant is different because the natural-language layer can hide the seams. You don't navigate to the ride-hailing tab, you just say get me a car, and the assistant figures out the plumbing. If that actually works, if the assistant can be the universal interface that routes your intent to the right service behind the scenes, then maybe the super app finally has its on-ramp. That's the bet. I'm not buying the stock on it, but it's the most coherent version of the super app dream I've heard, because for the first time the interface isn't the obstacle, it's the whole point.
For builders, the thing to watch is whether OpenAI tries to own the services or be the layer that connects to them. If they try to own everything, they're gonna run into the same wall everybody else hit. If they position as the assistant layer that orchestrates the services other people build, then suddenly you've got a new distribution channel, and a new platform risk, all at once. Same story as always with platforms. The platform giveth distribution and the platform taketh away your margin. Watch which way they go.
Now let's get out of the AI cul-de-sac for a minute, because there's a security roundup that deserves your attention, and it's got nothing to do with whether your chatbot is polite.
Zack Whittaker at TechCrunch put together a rundown of the worst hacks and breaches of 2026 so far, and reading it is like reading a casualty list. We're talking a massive DOGE data breach, the hacking of critical energy and water systems, and the hack of an FBI surveillance system. Let me say that last one again slowly. Somebody hacked an FBI surveillance system. The people who do the surveilling got surveilled.
Now I'm not gonna walk through every incident, because frankly the list is long and grim and Whittaker's piece does it justice. But I want to pull out the pattern, because the pattern is the story. The thread running through these breaches is that the high-value targets are increasingly infrastructure and government, not just consumer data. For years the breach story was, oh no, a retailer leaked your credit card numbers. Annoying, costly, but bounded. What we're seeing in 2026 is breaches of the systems that actually run things. Energy. Water. Federal surveillance apparatus. DOGE, which has been hoovering up government data at a scale that makes the breach surface enormous.
And here's the connection to everything else we've talked about today. The same AI capabilities that everybody's racing to ship are also a force multiplier for the people doing the breaching. We've covered the dual-use thing before, the labs themselves writing about their models finding ten thousand high and critical software vulnerabilities. That cuts both ways. The defender uses it to patch, the attacker uses it to find the holes faster than the defender can patch them. So when you read a breach roundup like this, you're not just reading about bad password hygiene. You're reading about an arms race where the offensive tooling is getting cheaper and more capable on exactly the same curve as everything else in AI.
The builder lesson here is unglamorous but it's the most important thing I'll say today. If you're building anything that touches sensitive data, and in 2026 that's basically everybody, your threat model has to assume that the attacker has access to the same AI capabilities you do. The days where security through obscurity bought you anything are over. The attacker isn't a kid in a basement guessing passwords. The attacker is increasingly running automated, AI-assisted reconnaissance against your entire attack surface. And if you're plugging AI agents into your own systems, giving them access to your data and your tools, you've just expanded that attack surface in ways the old security playbook didn't anticipate. We talked recently about OpenAI rolling out a lockdown mode to protect sensitive data from prompt injection. That whole category of attack, where you trick the AI into doing something it shouldn't, didn't exist a few years ago. Now it's a line item in your security review. Or it should be.
Now let me pivot to the stuff that moves atoms instead of bits, because there's a hardware bet worth chewing on.
Kirsten Korosec's TechCrunch Mobility newsletter dug into GM's nine-hundred-million-dollar EV battery gamble. Now, GM's electric future and the facility it depends on, that's a thread that's been running for a few days, and I'm not gonna re-plow the whole field. But the number is what makes it interesting. Nine hundred million dollars on a battery bet. That's a real commitment in a moment when a lot of the industry has gotten cold feet on EVs.
And I bring this up not because most of you are building cars, but because it's a useful contrast to everything else on today's menu. Everything else we've talked about, the token pricing, the super app, the breaches, lives in the world of software, where you can ship and iterate and reprice on a dime. GM is making a nine-figure bet on a physical battery chemistry and a physical building, and they're gonna live with that decision for years whether it pans out or not. There's no shipping a hotfix to a battery factory. The lead times are brutal, the capital is sunk, and the bet is the bet.
That's a useful thing to keep in your head when you're frustrated that your AI roadmap feels slow. Software builders complain about a model repricing that happens over a quarter. The folks building the physical layer, the batteries, the chips, the fabs, are making decisions today that they'll be married to in 2029. TSMC, we've talked about, warning the chip shortage could last the whole decade because you can't just conjure a fab, the permitting and the construction and the worker shortage all bite. GM betting nine hundred million on a battery they hope is right. The physical world moves at the speed of concrete and copper, and the entire glorious fast-moving AI software boom is sitting on top of that slow, expensive, unforgiving foundation. Don't ever forget that the bottleneck might not be the model. It might be the building.
Alright, let me bring it home with a couple of palate cleansers, because it can't all be lawsuits and breaches.
There's a sad one I want to mark. Jennifer Ouellette at Ars Technica wrote a tribute to Anthony Head, the actor who played Giles on Buffy the Vampire Slayer, who has passed away. And the line in the piece that got me was that Head's genius, and the genius of his character, lay in quietly filling in the gaps in every scene. Now, I'm not gonna pretend Buffy is AI news. It isn't. But that phrase stuck with me, quietly filling in the gaps. Because in a week where we've been talking about machines that are supposed to fill in our gaps, catch the gun we missed, remember the context we forgot, do the work we don't have time for, there's something worth remembering about the human version of that. Giles filled in the gaps with judgment and warmth and the willingness to be wrong and own it. That's a different kind of filling-in than a model does. Anyway. If you grew up on that show, raise a glass. The librarian's gone.
And if you want something lighter, Jennifer Ouellette also reviewed Spider-Noir, the show where Nicolas Cage plays a nineteen-thirties private investigator version of Spider-Man. Her line, and I love this, is that Cage is part Bogart, part Bugs Bunny, one hundred percent Cage-y. That's a recent review, not breaking news, but if you need something to watch this weekend that has absolutely nothing to do with token economics, there you go. Nicolas Cage chewing scenery in black and white. Sometimes that's the medicine.
Let me also flag one for the science-and-institutions file, because it's a weird little window into how broken some systems are. Ars Technica reported that scientists got ejected from a diabetes conference for distributing journal reprints. The folks ousted included the editor-in-chief of the American Diabetes Association's journal, Steven Kahn, and a former ADA president, Desmond Schatz. Let that sink in. The editor of the association's own journal got thrown out of the association's own conference for handing out copies of articles. Now I don't have the full backstory and I'm not gonna pretend I do, but the optics of an organization tossing its own journal editor for distributing science is the kind of institutional self-own that tells you the incentives have gotten twisted somewhere. When the people who run the science are getting bounced for sharing the science, something in the machine is grinding the wrong gear. I'll leave it there, but it's a reminder that the institutions we trust to vet knowledge are themselves political animals with turf and money and ego all in the mix.
Alright, let me tie a bow on the whole spread, because I think there's a through-line and I want to leave you with it rather than just a list.
The thread today is about the bill coming due, in a few different currencies. The gun detection lawsuit is the liability bill coming due for AI that gets sold as more reliable than it is. The Tokenpocalypse is the literal bill coming due as the labs trade their subsidy era for their public-market era. The Notion outage is the dependency bill, the cost of building your core value on somebody else's uptime. The breach roundup is the security bill, the cost of an arms race where the offensive tools got cheap. And GM's nine hundred million is the patience bill, a reminder that some bets you can't reprice or hotfix, you just have to live with.
For a founder, the meta-lesson is the same in every one of those. The cheap, easy, subsidized, demo-friendly version of AI was always temporary. The era we're walking into now is the one where the real costs show up. Liability, repricing, reliability, security, capital. The builders who quietly did the boring work while the party was going, who measured their token spend, who built their fallbacks, who took their threat model seriously, who didn't promise more than the model could deliver, those folks are gonna look very smart in about six months. The ones who built on the assumption that cheap and easy and forgiving was the permanent state of the world are gonna get a stack of invoices they didn't budget for.
That's the menu, kiddos. Eat well, watch your token bill, don't promise your customers a shield with a hole in it, and back up your dependencies. I'm Tony DeLuca, this has been Barely Possible, and I'll be right here in your ear next time. Take care of each other out there.