Briefing · Tuesday, June 2, 2026
Good morning. It's Tuesday, June 2, and we're covering Microsoft's surprise model launch at Build, a one-click GitHub credential hijack hiding inside VS Code, and an open-hardware icon getting hit with a demand letter.
Microsoft Build opened in San Francisco today, and the model announcements were the story everyone was parsing by afternoon.
THE BIG ONE
Microsoft announced seven new MAI models at Build today, with two text LLMs stealing the spotlight. MAI-Thinking-1 is a 1-trillion-parameter mixture-of-experts reasoning model with 35B active parameters, trained entirely by Microsoft and available initially to "select early partners." MAI-Code-1-Flash is a 137B/5B-active model purpose-built for GitHub Copilot and rolling out to individual VS Code users imminently. Microsoft claims MAI-Thinking-1 is preferred over Claude Sonnet 4.6 in blind side-by-side evaluations - a striking claim for a model with only 35B active weights.
Both models were billed as trained on "clean and commercially licensed data," but the MAI-Thinking-1 technical paper tells a more familiar story: 1.2 trillion pages crawled from the web, processed alongside Common Crawl. Simon Willison, who was at Build when he covered the announcement, later updated his notes with a correction after misreading the MoE active parameter count - the models are substantially larger than they first appeared. The HN thread hit 540 points and 254 comments, with debate centered on benchmark credibility and what "appropriately licensed" actually means in practice.
SECURITY
A detailed writeup by security researcher Ammar Askar landed 660 points on HN on Tuesday and immediately got people auditing their VS Code extension installs. The bug allows an attacker to steal a victim's stored GitHub tokens through a single click - no code execution required, just a malicious workspace or extension triggering the exploit. The post walks through the full chain, and the 101-comment thread focused heavily on the extension permission model and how much trust developers implicitly grant to the VS Code environment. If you have GitHub Copilot or any extension with GitHub auth, this is worth a read before your next session.
OPEN SOURCE
Adafruit published a post disclosing that Fenwick - a prominent Silicon Valley IP firm - sent them a demand letter on behalf of Flux.ai, a browser-based PCB design tool. The story landed 682 points on HN, making it the day's second-highest vote getter, with 283 comments. The community reaction was intense: Adafruit is a beloved institution in the open-hardware world, and a demand letter from a VC-backed startup's law firm cuts against the grain of how that community operates. The specifics of the dispute were not fully disclosed in the post, but the response made clear that Adafruit intends to fight it. This is one to watch.
WHAT ELSE IS HAPPENING
nbd-vram lets you expose GPU VRAM as a network block device for swap - a useful trick for AI workloads that exhaust system RAM. (471 pts)FROM THE SITE
The agent memory conversation is everywhere right now - today's piece argues that AI Agent Memory Needs a Context Ledger: not magic recall, but source-linked, scoped, expiring memory that agents can inspect and users can audit. Worth reading alongside the MAI-Code-1-Flash launch, which will be running inside Copilot with access to your codebase context.
Every link above goes to a primary source. This brief is part of the Daily Brief archive.
The daily brief, delivered. Free, unsubscribe anytime.