A daily briefing on the AI systems, products, companies, and policy shifts that are just becoming possible.
Want a podcast for your own topics? Join early access: https://www.barelypossible.to/waitlist/?source_path=public_feed&feed_source=rss
Okay kiddos, I'm your boy Tony DeLuca, and this is Barely Possible, the show where I read the technical stuff so you don't have to, and then I tell you which part actually matters to the thing you're trying to build. We got a fresh tray of morsels today, some chip-smuggling intrigue, some software companies buying bug-hunting robots, an Indian billionaire trying to stuff AI into half a billion phone calls, and a satellite rescue mission that's basically a Hail Mary in low earth orbit. Buckle up, grab your coffee, and let's have at it.
Let me start where I think a founder should start, because the most useful story today is not the loudest one. It's a quiet little acquisition. TechCrunch reported, citing a source, that Elastic has agreed to buy a startup called Deductive AI for up to eighty-five million dollars. Deductive AI was backed by CRV, and here's the line that jumped out at me: it was founded just three years ago. Three years. And what does Deductive do? They use AI to catch and resolve bugs in software. That's the whole pitch. An AI system that sits in your stack, sees something break, and goes and figures out why and fixes it.
Now eighty-five million dollars is not a number that breaks the internet. In a year where SpaceX is buying coding tools for sixty billion, as we covered earlier this week, an eighty-five-million-dollar deal is a rounding error. But I want you to hold onto the shape of this thing, because it tells you something about where value is actually settling in this market. Elastic is a search and observability company. They make their money helping you find things in your own logs and data. And what are they buying? They're buying the layer that reads the error and acts on it. Not the model. The thing wrapped around the model that does the specific job.
That's the pattern I keep seeing, and it's the pattern you should be pricing into your own roadmap. The general-purpose model is a commodity input. The thing that's worth buying, the thing a public company will write a check for, is the narrow, embedded, do-the-actual-work piece that plugs into a workflow customers already pay for. Debugging is a perfect example. Every engineering org on earth has a graveyard of unresolved tickets, flaky tests, and three a.m. pages. If you can turn that pain into a clean automated loop, somebody wants to own you. Three years, founder to exit. That's the speed of this cycle right now.
And I want to connect that to a related story, because it's the same coin, other side. There's a recent report about a company called Newcore that emerged with sixty-six million dollars to give AI agents identities. The framing in the headline was "AI agents are becoming employees." Now I'm skeptical of cute framing like that, you know me. But strip the hype off and there's a real operational problem underneath. If you've got a Deductive-style agent in your stack fixing bugs, opening pull requests, touching production, you've now got a thing acting inside your systems that is not a person and is not a static script. Who is it? What can it touch? What did it do at three a.m. when nobody was looking? That's not philosophy, that's access control. That's audit. That's the boring plumbing that turns an agent from a demo into something your security team will actually allow near the codebase.
So here's the founder takeaway, and I'll keep it plain. The money this week is going to two places: agents that do a specific job inside an existing workflow, and the governance layer that makes those agents safe to deploy. If you're building in the middle, a thin general wrapper with no specific job and no governance story, you're getting squeezed from both sides. Pick a lane and go deep.
Now let me show you the dark version of that same idea, because the security folks have been busy and it matters to you directly.
At Ars Technica, Dan Goodin has a current piece on a new piece of malware Microsoft spotted. They're calling it Crypto Clipper. It's a lightweight backdoor whose whole job is to steal cryptocurrency, and the two details that make it nasty are these: it spreads over USB, and it communicates over Tor. Let me translate. Spreading over USB means it doesn't need your fancy cloud network to jump from machine to machine. It hops on a thumb drive and rides into the air-gapped corners, the offline machines, the stuff people think is safe precisely because it's not on the internet. And communicating over Tor means when it does phone home, it's doing it through the anonymity network, so it's hard to see where the stolen coins are going and hard to cut the cord.
The crypto-stealing mechanism here is an old, ugly trick, the clipper. It watches your clipboard, and when it sees you copy a wallet address to paste it, it swaps in the attacker's address. You think you're sending funds to your wallet, your exchange, your counterparty, and you're sending it to a thief. It's brutal because it preys on the one moment you've already decided to trust, the paste.
Why does a builder care about a crypto clipper? Two reasons. One, if you're anywhere near crypto, payments, treasury, on-chain anything, verify wallet addresses character by character, not just the first and last four, because that's exactly what these tools count on you skimming. And two, the bigger lesson: self-propagating malware over USB is back, and it's a reminder that your threat model can't just be about the perimeter and the cloud. The boring physical vector still works.
And that connects to a Microsoft item from a recent report I want to flag quickly, because it's the AI-flavored version of the same fear. There was a critical Copilot vulnerability that, the reporting says, allowed hackers to steal two-factor authentication codes from users. Think about what that means. The AI assistant you've welcomed into your email, your calendar, your documents, becomes the attack surface. You gave it access to be helpful, and that access is exactly what an attacker wants. We've been circling this theme on the show, AI assistants as a new soft underbelly, and I don't want to flog it to death, so here's the one-sentence version for you to tape to your monitor: every tool you grant an agent or an assistant is a door, and somebody is going to check if you left it unlocked. Now let's get off security and into the chips.
This next one is a proper geopolitical whodunit, and it's the deep dive today because it sits right on the fault line that determines who gets compute and who doesn't. Connie Loizos at TechCrunch laid it out: the US says ASML's top chip tool may be in China. ASML says it isn't.
Let me set the table for anybody who's been living under a rock. ASML is the Dutch company that makes the extreme ultraviolet lithography machines, the EUV machines, that are required to make the most advanced chips on the planet. There is no substitute. You cannot build a cutting-edge fab without one of these things, and they are the single most controlled, most watched piece of equipment in the entire chip supply chain. Keeping EUV out of China has been the centerpiece of US export-control strategy for years. So when Bloomberg reported, and this surfaced through the broader coverage this week, that Commerce Secretary Howard Lutnick told ASML the US government believes one of these EUV machines may have somehow made its way into China, that is not a small accusation. Senior administration officials reportedly went further and said they have evidence ASML is, in their words, not acting in good faith.
Now here's where Loizos does the thing I appreciate, which is apply some plain old common sense to a scary headline. She points out there's a commercial logic that cuts hard against the idea that ASML would risk its export license to arm a Chinese customer. And think about that for a second. ASML's entire business, its whole reason for existing at the valuation it has, depends on it being the trusted, licensed, compliant supplier to the West. The day they get caught smuggling an EUV machine into China is the day their license is in jeopardy, their relationship with the US government is torched, and their biggest customers start sweating about secondary sanctions. You don't burn a multi-hundred-billion-dollar franchise to make one extra sale to a buyer you're not even allowed to sell to. The math doesn't math. So ASML says, flatly, it isn't there.
So what's actually going on? We've got two possibilities, and they're both instructive. One: the machine really did slip through, through some intermediary, some shell, some diverted shipment, and ASML genuinely doesn't know where its own hardware ended up, which would be its own kind of scandal about supply-chain visibility. Or two: the US government has shaky intelligence and is leaning on ASML publicly as leverage, a pressure tactic in a much larger negotiation about how tight the screws on China should be.
And I'd put this next to a couple other items from the week that paint the full picture. There's a report out of Taiwan about authorities busting an Nvidia chip-smuggling ring, with the US joining the hunt for a mystery Chinese buyer. There's a Reuters report that the US is holding off on blacklisting China's DeepSeek and more than a hundred firms deemed security risks, holding off, mind you, not clearing them. And there's Reuters reporting that G7 leaders were discussing giving trusted partners access to cutting-edge US AI models. Put it all together and you see the actual game board. The West is trying to draw a line: advanced compute and advanced models flow to friends, and get walled off from rivals. The EUV accusation, the smuggling busts, the DeepSeek deliberation, the G7 trusted-partner talk, those are all the same project, building a fence around the frontier and arguing about exactly where to put the posts.
Why does this matter to you, a person building software, not a person running the Commerce Department? Because the supply of compute and the legality of the models you depend on are now national-security questions, and national-security questions move fast, ugly, and without warning. We saw it earlier this month when Commerce forced Anthropic to pull foreign access to its newest models. We're seeing it now with ASML. If your product is built on the assumption that the best chips and the best models will always be available, on the same terms, to everyone, everywhere, you are building on sand. The fence is going up. The smart builders are asking which side of it their compute, their model providers, and their customers sit on, and what happens to the roadmap if the answer changes in a single Friday-night phone call. That's not paranoia. That's just reading the room.
And speaking of that Anthropic situation, let me give you the honest update rather than re-litigate the whole saga, because we've covered the Fable 5 and Mythos shutdown in depth on previous episodes and I'm not going to re-chew that food. What's new is the temperature. TechCrunch ran a video segment asking whether the US government's Anthropic ban is accidentally helping the brand. And there's a real question buried in the snark. The government forced Anthropic to pull its two newest models over national security concerns after Amazon researchers allegedly found a way to bypass one model's guardrails. Cybersecurity researchers then signed an open letter calling the move dangerous, and Anthropic itself pointed out that the same jailbreaks exist in other models. So you've got a safety-focused lab getting hammered for a flaw that's industry-wide, and a chorus of experts saying the cure is worse than the disease.
The reporting this week suggests the talks are inching somewhere. The shift, according to what's being reported, is away from "fix this specific jailbreak or else" and toward designing a framework to assess the severity of security flaws in AI models generally. That's a meaningful change in posture if it holds, because it moves from a one-off punishment to an actual standard. But I'll echo the skepticism I've heard from people closer to it than me: when everybody desperately wants their favorite model back, there's a real temptation to read the first faint positive signal as a done deal. It is not a done deal. The thing to actually watch, the founder-relevant thing, is whether model releases start going through a heavier, slower, government-adjacent review process. Because if they do, the era of fast iterative model drops gets replaced by bigger, lumpier, less frequent updates, and that changes how you plan every product cycle that depends on the frontier improving on schedule. Keep your eye on the cadence, not the drama.
Let me shift continents, because there's a scale story here that I think gets underrated by people who only watch San Francisco.
Jagmeet Singh at TechCrunch reports that billionaire Mukesh Ambani wants AI in every call, every app, and every home. Reliance, his conglomerate, is weaving AI into telecom services used by more than five hundred million people. Let me say that number again. Five hundred million. That's not a market, that's a subcontinent. And while everyone in the Valley is arguing about whether the model is half a percent better on some benchmark, Ambani is making a different and frankly more interesting bet: distribution is the whole game. If you control the pipe that half a billion people make their phone calls on, you don't need the best model in the world. You need a good-enough model and a captive audience, and you've got the largest deployed AI footprint on the planet overnight.
Now I want to be careful here. Stuffing AI into every call is the kind of sentence that's easy to announce and hard to deliver, and "weaving AI into telecom" can mean anything from genuinely useful to a glorified press release. But the strategic logic is sound and you should internalize it. For most builders, you are never going to win the model race. You can't outspend the labs. What you can do is own a distribution channel, a workflow, a customer relationship that the model has to flow through. That's the Reliance play at national scale, and it's the same lesson as the Elastic-Deductive deal at startup scale. Own the surface the AI touches the customer through, not the AI.
There's a sister story to this in Japan that makes the same point from a different angle. A company called Go, a taxi-hailing app, just had Japan's biggest IPO of 2026, raising something on the order of eighty-eight billion yen. And the reason it matters isn't the listing-season cheerleading. It's that Go is going to use that capital to attack a real, physical, demographic problem: Japan has a brutal shortage of drivers. So Go is eyeing robotaxis and acquisitions. That's a company using public-market money to buy its way out of a labor crunch with autonomy. The driver shortage is the demand. The robotaxi is the answer. And again, Go's edge isn't that they're going to build the world's best self-driving stack from scratch. Their edge is they already own the riders, the routing, the brand, the relationship. They bolt autonomy onto a distribution machine that already exists. You're seeing the same architecture everywhere if you squint: existing distribution plus AI capability bolted on, beats raw AI capability with no distribution, almost every time.
Let me give you one more in this vein and then we'll change gears, because it's the cautionary version. TechCrunch had a piece on the CEO of Allbirds' new AI business who has a plan but no employees. The phrase they used was a startup with a sole founder and a very large seed round, but what's next is less clear. And look, I'm not here to dunk on one founder. But this is the archetype of the moment, isn't it. A recognizable name, a big check, a vibe, and a plan, and a real question mark over what gets built and who builds it. The very large seed round into a one-person AI company is a perfect Rorschach test for this market. Optimists see a solo operator who, armed with agents, can do the work of a team. Skeptics see money chasing a name with no product underneath. I'm not telling you which it is. I'm telling you that when capital is this loose, the gap between a plan and a product is where most of these stories quietly end, and you should hold your applause until something ships.
Now let's get out of the boardroom and into orbit, because Ars Technica had a story this week that's just a great piece of engineering theater. Stephen Clark wrote it up: a bold satellite rescue mission came together in record time, and the open question is whether it'll actually work. The quote that frames the whole thing is somebody involved saying, "I consider this a success already, just from the fact that we're even going to try this."
I love that line, and I love it for a reason that's relevant to everyone listening who ships software. That's the engineer's mindset in its purest form. A satellite's in trouble, the conventional answer is you write it off, it's a very expensive piece of junk now, move on. And instead a team pulls together a rescue, fast, knowing the odds are not great, and decides that the attempt itself is the win because of what you learn whether it works or not. That's the spirit you want on your team. Not recklessness, but a bias toward attempting the hard recovery instead of writing off the asset. Most companies, faced with a thing that's broken in a hard-to-reach place, just declare it dead. The good ones go try the rescue. We'll find out if this one works, but I wanted you to hear that quote and sit with it.
And staying in space for one more beat, because the Rocket Report had a detail that made me laugh. Amid the serious stuff, rebuild beginning at a Blue Origin launch pad, Relativity targeting Mars, there's a French launch startup that is scrapping the name of its rocket, apparently over a trademark issue. So even in rocketry, even when you're trying to reach Mars, somebody's lawyer sends a letter and you've got to rename the spaceship. There's something deeply human and deeply funny about the most futuristic industry on earth getting tripped up by the same intellectual-property paperwork that trips up a sandwich shop. Trademark search before you name the thing, folks. Even if the thing is a rocket.
Let me bring it back down to the developer's desk for a minute, because there were a couple of tool releases worth your attention.
Simon Willison launched something he's calling Datasette Apps. It's a plugin for Datasette, his open-source tool for exploring and publishing data, and what it does is let you host full HTML and JavaScript apps inside an iframe sandbox that can query your database. Now why do I bother mentioning a single plugin from a single developer? Because it's a clean little example of a pattern that's becoming the dominant way to build right now: a sandbox where generated or hosted code can run against your real data, safely walled off. The iframe sandbox is the safety boundary. The database query access is the power. You put those two together and you've got a place to let an app, possibly one an AI wrote, do real work against your data without giving it the keys to the whole house. That's the architecture. Capability inside a fence. We keep coming back to that idea today, agents fenced by identity, malware fenced by Tor and air gaps, China fenced by export controls, and now your data fenced by a sandbox. The fence is the product.
There's also a recent report on a Tailscale blog post about AI without lock-in, which dovetails with something we talked about earlier this week, Tesco ripping forty thousand workloads off VMware after Broadcom jacked up prices. The throughline is the same anxiety we covered then: builders are getting religious about not getting trapped by a single vendor. Whether it's your hypervisor or your model provider, the lesson Commerce taught everybody with the Anthropic shutdown is that the thing you depend on can get switched off, by a vendor's pricing or by a government's order, and you'd better have a way to swap it out without rebuilding your whole company. I don't need to redo that whole sermon, you heard it Tuesday. But the market is clearly absorbing it, because now we've got vendors literally branding their products around the promise of no lock-in. When "we won't trap you" becomes a feature you advertise, you know the trauma is real.
Now let me hit a few quicker ones, because there's good stuff in the back half of the tray.
There's a Telegram ban in India that's sparked a rush to VPNs and rival apps. Telegram's argument is that India should block specific content, not the entire platform used by millions. And this is a fight you're going to see over and over: the platform says, target the bad content with a scalpel; the government says, we'll use the hammer and ban the whole app. For builders, the lesson is uncomfortable but clear. If your product lives on top of a third-party platform in a given country, your access to your own users can vanish by government decree, and the immediate result is your users scattering to VPNs and competitors. Platform risk isn't just "will the API change." It's "will an entire country turn the thing off." Build with that fragility in mind, especially in regulated markets.
There's also a useful roundup from Tim De Chant at TechCrunch on every fusion startup that's raised over a hundred million dollars. The headline number: fusion startups have raised seven point one billion dollars to date, with the majority of it concentrated in a handful of companies. I bring this up not because you're building a tokamak, but because that capital concentration is the tell. When seven billion dollars piles into one frontier technology and most of it goes to a few names, you're watching the market make a bet that the winners are nearly decided. Whether that bet is right is another question, fusion has humbled a lot of smart money, but the shape, big money clustering on a few frontrunners, is exactly what we're watching in AI infrastructure too. And the reason fusion is suddenly fundable at all is sitting in plain sight: the AI data-center build-out needs absurd amounts of power, and clean firm power is the holy grail. The energy story and the AI story are the same story now.
On the consumer hardware side, just a quick palate cleanser, Amanda Silberling at TechCrunch wrote up Aura's new e-ink photo frame, which apparently is so good it doesn't even look digital. The most cliché gift on earth, the digital photo frame, got a genuine design rethink with e-ink so it reads like an actual print on the wall. I mention it only because it's a nice reminder that not every interesting product this year is an agent or a model. Sometimes somebody just takes a tired category and makes it beautiful, and that's a business too.
And one science note that's purely for the wonder of it, because I think you're allowed to be a person and not just a founder. Ars Technica reported that hunter-gatherers in Siberia died of a plague outbreak fifty-five hundred years ago, and the upshot is we can't blame the Neolithic Transition, the shift to farming and crowded settlements, for the plague anymore. The disease was circulating in mobile hunter-gatherer populations earlier than the tidy story said. I love an ancient-DNA result that wrecks a clean narrative, because it's a good reminder for all of us who build models and tell stories about data: the tidy explanation is often just the one we noticed first. Keep poking at it.
Let me pull the threads together before I let you go, because I don't like to leave you with a pile of disconnected morsels.
Here's what today actually said, underneath the variety. Value in this market is settling at the edges, in the specific job an agent does inside a workflow, in the distribution channel the AI flows through, in the governance and identity layer that makes any of it safe to deploy. Elastic paying for a bug-fixing startup, Ambani wiring AI into half a billion phone lines, Go buying its way to robotaxis on top of an existing rider base, those are all the same move: own the surface, rent the intelligence. And on the other side of the ledger, the whole world is busy building fences, export controls around chips and models, sandboxes around code, identities around agents, Tor and air gaps for the criminals, country-wide bans for the platforms. The fence and the surface. That's the game right now. The model in the middle is increasingly just the engine, and engines get commoditized.
If you're building, the question I'd send you off with is simple. What's your surface, and what's your fence? What specific, defensible job does your thing do, and what protects it, and your customers, when the vendor changes the price or the government changes the rules on a Friday night. Get clear on those two and you'll weather a lot of what's coming. Stay fuzzy on them and you're the thin layer in the middle getting squeezed.
That's the menu for today. I'm Tony DeLuca, this has been Barely Possible, and I appreciate you spending a little of your day with me. Verify your wallet addresses, name your rockets carefully, and go try the rescue. Catch you next time.