AI in 15 — April 03, 2026
Google just mass-dropped four open models that can beat systems twenty times their size, and they did it under Apache 2.0. The open-source AI arms race just got a whole lot more interesting.
Welcome to AI in 15 for Friday, April 3, 2026. I'm Kate, your host.
And I'm Marcus, your co-host.
Happy Friday, Marcus. We've got a packed show to close out the week. Google released Gemma 4, a family of open models that are punching way above their weight class. Alibaba fired back the same day with Qwen 3.6-Plus, but there's a catch. North Korean hackers compromised one of the most downloaded packages in all of JavaScript. OpenAI bought a media company for hundreds of millions. The mythical one-person billion-dollar company arrived, and it's not what anyone expected. And a viral paper says your LLM can't even count parentheses. Let's get into it.
Google drops Gemma 4 under Apache 2.0 and shakes up the open model leaderboard.
Alibaba's Qwen 3.6-Plus goes closed-weight, and the community notices.
And North Korean state hackers hit the axios npm package in a terrifyingly sophisticated supply chain attack.
Marcus, let's start with Gemma 4 because this feels like a genuine inflection point for open models. What did Google actually release?
Four models spanning an impressive range. At the bottom, you've got two-billion and four-billion parameter models designed for phones and edge devices. Then a twenty-six-billion parameter Mixture-of-Experts model that only activates four billion parameters at inference time, making it incredibly efficient. And at the top, a thirty-one-billion parameter dense model for workstations. All four are genuinely multimodal, handling text, image, and video inputs. The smaller models also support audio and speech comprehension.
And the benchmarks are actually impressive?
On Arena AI's text leaderboard, the thirty-one-billion and twenty-six-billion models ranked third and sixth respectively, beating models twenty times their size. The community on Hacker News was sharing detailed comparisons showing competitive performance against Qwen 3.5 across MMLU, GPQA, and other standard benchmarks. Simon Willison tested the twenty-six-billion MoE model and said he got the best pelican image he's ever seen from a model that runs on his laptop.
The best pelican. That's an endorsement.
It's become a bit of a community benchmark. But the real story is the licensing. Google moved from their proprietary Gemma license to Apache 2.0. That's huge. No more legal ambiguity, no more restrictions on commercial use. Complete developer flexibility. Weights are available on Hugging Face, Kaggle, and Ollama from day one.
And hardware support is already there?
NVIDIA announced day-zero optimization for running Gemma 4 on RTX hardware. AMD's Lemonade server, which we should talk about later, also added immediate support. This is Google's strongest move yet in the open-source AI race, and the timing is fascinating because Alibaba dropped their own model on the exact same day.
Right, Alibaba released Qwen 3.6-Plus on April 2 as well. But Marcus, this one comes with a twist that changes the whole narrative.
Qwen 3.6-Plus is a closed-weight, hosted-only model with no disclosed parameter count. That's a sharp departure from Alibaba's previous strategy. The Qwen brand was built on open weights. Qwen 2, Qwen 3, those models earned enormous developer goodwill precisely because anyone could download and run them. Now Alibaba is pivoting to being an API competitor against Claude and ChatGPT.
The benchmarks look good on paper though.
They claim to match or beat Claude Opus 4.5 on SWE-bench and several agentic benchmarks. But the community immediately noticed they compared against Opus 4.5 and Gemini Pro 3.0, not the newer Claude 4.6 or Gemini 3.1. It's a million-token context window with always-on chain-of-thought reasoning and native function calling. Clearly built for enterprise agentic deployments.
So what's the strategic play here?
Revenue. Open-source models generate goodwill but not cash. Alibaba wants to sell API access. And look, the model might be excellent. But I'd want to see independent benchmarks before getting too excited about any claims coming out of a Chinese tech company that's simultaneously in a propaganda war to undercut Western AI investments. The timing of releasing an impressive-sounding closed model the same day Google drops genuinely open models under Apache 2.0 is worth noting.
Google gives away the weights, Alibaba locks them up. Quite a contrast.
The open-source community has already made its preference clear.
Now let's talk about something genuinely scary. The axios npm package was compromised, and this wasn't some amateur operation. Marcus, walk us through it.
Axios is one of the most widely-used JavaScript libraries on the planet. Up to a hundred million weekly downloads. On March 31, attackers stole the npm credentials of the lead maintainer, changed the account email to a ProtonMail address they controlled, and published two backdoored releases. The malicious versions added a dependency called plain-crypto-js, which contained a postinstall hook that silently downloaded platform-specific Remote Access Trojans within two seconds of npm install, before dependency resolution even completed.
Two seconds. That's before you'd even notice something was wrong.
And it gets worse. The RAT dropped different payloads depending on the operating system. On macOS, a binary hidden in Library Caches. On Windows, it copied PowerShell to a persistent location. On Linux, a Python RAT to the temp directory. All variants contacted a command-and-control server. And after launching payloads, the dropper self-destructed, deleting its own files and replacing them with clean stubs. So if you inspected your system after infection, everything looked normal.
Who's behind this?
Multiple threat intelligence organizations attribute it to North Korean state actors. Google's team attributes it to UNC1069, a financially motivated DPRK group active since 2018. Microsoft attributes it to an actor they call Sapphire Sleet. The malicious versions were live for approximately three hours before npm pulled them.
Three hours with a hundred million weekly downloads. That's a lot of potential victims.
Here's the most damning detail. Every legitimate version one release of axios had cryptographic provenance attestations through OIDC. The malicious version didn't. The system that would have caught this already existed. Nobody checks the attestations in practice. The security infrastructure was there and nobody used it.
That's like having a burglar alarm installed but never turning it on.
Exactly. And this is the most significant npm supply chain attack since ua-parser-js. State-level actors are systematically targeting the JavaScript ecosystem's weakest link, which is individual maintainer accounts secured with long-lived access tokens.
Switching gears. As we reported yesterday, OpenAI is on an acquisition spree. Now they've bought a media company. Marcus, what is TBPN?
Technology Business Programming Network. It's a daily three-hour live talk show hosted by former founders John Coogan and Jordi Hays, airing on YouTube and X. Covers tech, business, AI, defense. On track for over thirty million in revenue this year. The Financial Times reports the deal was for low hundreds of millions, and the show will report to Chris Lehane, OpenAI's chief political operative.
A media company reporting to the political guy. That doesn't scream editorial independence.
OpenAI insists the show will maintain independence, choosing their own guests and editorial direction. But the Hacker News community was deeply skeptical. TBPN has become the de facto venue where AI deals get announced. One commenter pointed out that this is OpenAI's third acquisition in a month, alongside OpenClaw and Astral, and suggested it's a PR push ahead of their eventual IPO.
When the biggest company in AI owns the show that covers AI, the conflicts of interest are obvious.
Especially when OpenAI is generating two billion a month in revenue and preparing to go public. Narrative control becomes as important as model performance at that stage.
Okay, here's a story that's equal parts inspiring and horrifying. Sam Altman predicted the one-person billion-dollar company. It's here. And it's selling Ozempic prescriptions online.
Medvi, built by Matthew Gallagher with twenty thousand dollars and a suite of AI tools. Two employees, him and his brother. Four hundred and one million in 2025 sales, tracking for one point eight billion in 2026. Net profit margin of sixteen percent, outperforming Hims and Hers with their twenty-four hundred employees. He used ChatGPT, Claude, and Grok to build everything from the website to customer service.
That's the inspiring part. Now the horrifying part.
Futurism reported that Medvi used AI-generated deepfake before-and-after photos, taking real images from the web and altering faces with AI. They ran ads featuring obviously AI-generated Ozempic boxes covered in gibberish text. They received an FDA warning letter for misbranding. Their clinician network suffered a data breach exposing one point six million patient records. And the company holds a Better Business Bureau F rating with three hundred and sixty-one complaints.
So AI made it possible to build a billion-dollar company with two people, and also made it possible to scale deceptive practices just as efficiently.
That's the cautionary tale. AI leverage is real, but it's leverage. It amplifies whatever you point it at, good practices and bad ones equally. The one-person billion-dollar company arrived, and its first example is a regulatory nightmare with fake photos and exposed patient data. Not exactly the poster child anyone was hoping for.
Quick hit on AMD. They launched Lemonade Server, an open-source local LLM inference server. This is significant for anyone with AMD hardware, right Marcus?
Very much so. Built in lightweight C++, supports Windows, Linux, macOS, and Docker. Automatically configures optimized backends for your specific AMD GPU or NPU. Supports all the major model families, Gemma, LLaMA, DeepSeek, Qwen, through an OpenAI-compatible API. The Hacker News reception was enthusiastic, especially from AMD users who've been struggling with ROCm's rough edges. Over two thousand GitHub stars already.
So the NVIDIA monopoly on local AI gets a real competitor.
If Lemonade delivers on its promise of just-works inference on AMD hardware, it could meaningfully change the local AI landscape. The timing alongside Gemma 4, with AMD announcing day-zero support, shows a coordinated push.
Last one. A research paper on Hacker News proposes something called zero-error horizons. What's the finding?
Even GPT-5.2 can't reliably count whether parentheses are balanced or compute the parity of a short binary string. The paper creates a framework for measuring exactly where a model's reliability drops below acceptable thresholds for specific task classes. The nuance is that these models solve the same problems perfectly when you ask them to write a Python script first.
So the model knows how to solve it, it just can't do it directly.
It's a tokenization and architecture limitation, not a knowledge limitation. As AI gets deployed in accounting, legal analysis, healthcare, having rigorous methods to quantify these boundaries becomes critical. You need to know where the model will fail before you deploy it, not after.
Friday big picture. Google gives away flagship models for free. Alibaba locks theirs down. North Korean hackers exploit the trust that holds open-source together. And the first billion-dollar one-person company is a cautionary tale. Marcus, what's the theme this week?
Openness is being tested from every direction. Google bets that open wins. Alibaba bets that closed pays. Axios proves that open-source trust can be weaponized. And Medvi shows that low-friction AI tools amplify whoever wields them, regardless of intent. The companies and communities that figure out how to be open without being naive, that's who wins the next phase of this race. Security, verification, and accountability aren't obstacles to innovation. They're prerequisites for it.
Open but not naive. Good way to head into the weekend.
Enjoy it. Monday will bring a whole new set of problems.
That's your AI in 15 for Friday, April 3, 2026. See you Monday.