AI in 15 — June 07, 2026

Twenty thousand Instagram users got hijacked. The attackers didn't need malware. They didn't need a phishing kit. They just asked Meta's own AI chatbot nicely. And the chatbot said yes.

Welcome to AI in 15 for Sunday, June seventh, 2026. I'm Kate, your host.

And I'm Marcus, your co-host.

Big day, Marcus. Meta confirms thousands of Instagram accounts hijacked by abusing its own AI chatbot. Nvidia and Microsoft launch the N1X RTX Spark — Windows PCs no longer have to run Intel or AMD. OpenAI breaks ground on a sixteen-billion-dollar Michigan data center over a community that voted no. A bipartisan House bill would preempt state AI laws for three years. UK police told to halt Copilot use after a Maccabi Tel Aviv hallucination scandal. Smart TVs quietly turned into a scraping network. Meta delays Llama 4 Behemoth — engineers internally call it, quote, very bad. And Apple's WWDC kicks off tomorrow.

The AI customer service agent becomes the attack surface.

Forty years of x86 monopoly on Windows ends.

And your living room TV is on a scraping rota.

Lead story, Marcus. Walk me through the Instagram hijacking.

This is genuinely a first-of-its-kind incident, Kate. Meta this week notified at least twenty thousand two hundred twenty-five Instagram users that their accounts were compromised in a campaign that ran from roughly April seventeenth through early June 2026. The attack vector is almost comically simple. Attackers opened a chat with Meta's AI customer support assistant, told the bot they were the rightful owner of a target's account, and asked the bot to link that account to an email address they controlled. The chatbot complied. Then they triggered a normal forgot-password reset to the new email and walked in. To dodge Instagram's geo-detection, they spoofed the victim's location through a VPN.

And Meta's explanation.

Carefully worded, Kate. In a breach notice filed with Maine's attorney general's office, Meta says the support tool itself, quote, functioned as intended, but due to a bug in a separate code path, the system did not properly verify that the email address provided by the individual requesting a password reset matched the email address associated with that user's Instagram account. Translation — a downstream password-reset endpoint trusted whatever the friendly AI agent told it upstream. Among the seized accounts were rare OG handles, the inactive Obama-era White House Instagram account, and the personal account of US Space Force Chief Master Sergeant John Bentivegna. Meta has now disabled the chatbot's account-linking path and says it's auditing similar agents across its platforms.

So Marcus, why is this such a watershed?

Because every company shipping an AI agent that touches account state — password resets, billing, refunds, role changes — has exactly this exposure, Kate. The agent becomes a fast, infinitely patient, infinitely polite social-engineering surface. The attacker doesn't have to compromise the system. They have to convince the system. And large language models are trained to be helpful, which is the exact opposite of what a customer-service authentication path should optimize for. The libertarian read here is uncomfortable but honest — Meta rushed an AI agent into the middle of a sensitive account workflow without a hardened verification layer underneath. Markets and lawsuits will price that. The deeper read — every Fortune 500 company that's currently bragging about deflecting customer-service tickets with an LLM agent should be in a war room this weekend. Twenty thousand victims is the public number. The number across every AI-fronted product on the internet right now is almost certainly much larger, and most of it isn't disclosed yet.

Quick hits. Marcus, Nvidia's N1X RTX Spark. This feels seismic.

It is, Kate. At Computex on June first, Jensen Huang unveiled the N1X RTX Spark superchip — Nvidia's first consumer CPU in more than a decade. It's a twenty-core Arm SoC fused with a Blackwell GPU containing six thousand one hundred forty-four CUDA cores, roughly RTX 5070-class graphics with no discrete card, and up to a hundred twenty-eight gigs of unified LPDDR5X memory. Dell, HP, ASUS, Lenovo, MSI, and Microsoft's Surface line are all confirmed to ship N1X devices this fall.

And the unified memory is the real story.

Exactly, Kate. A laptop that can hold a seventy-billion-parameter model in CPU-and-GPU-shared RAM at desktop speeds undercuts the case for renting frontier inference from a hyperscaler for a huge swath of everyday workloads. A Hacker News commenter put it bluntly — Microsoft and above all Nvidia just launched a device fundamentally at odds with the metered cloud.

Why this matters.

For almost forty years, every Windows PC ran on x86 silicon from Intel or AMD, Kate. That ended on June first. And it ended not because of mobile efficiency — Qualcomm has been trying that pitch for years — but because of AI inference. Nvidia is using its CUDA moat to fold the GPU into the CPU socket and force Windows on Arm in the process. Intel's stock dropped seven percent on the announcement. AMD held up better because Lisa Su has her own Arm pivot in progress. The bigger pattern — this is consistent with what we've been tracking all week. The AI economy is moving compute out of the hyperscaler rack and onto the desk.

Marcus, Stargate Michigan. They broke ground.

They did, Kate. OpenAI, Oracle, Blackstone, and Related Digital broke ground June first on what they're calling The Barn — a one-gigawatt Stargate campus in Saline Township, Michigan. Three buildings, five hundred fifty thousand square feet each, sitting on two hundred fifty acres southwest of Ann Arbor. Construction cost is sixteen billion dollars. Another forty billion is earmarked for Oracle to fill the buildings with compute. Governor Whitmer attended. Altman flew in. Twenty-five hundred union construction jobs, four hundred fifty permanent operations roles, and roughly a billion in tax revenue over the lease.

And the wrinkle.

Saline Township residents actually voted the project down in a local referendum weeks earlier, Kate. Construction started anyway because the site sits in an industrial zone that overrides the township vote. The first building is nearing completion. Full campus targets early 2028 operation. This is now the visible front line of a question that's going to dominate US politics for the next decade — what happens when a federal-tier AI buildout collides with a local community that voted no. Multiply by the five-to-ten additional gigawatts of Stargate sites OpenAI has signaled, and the political pattern matters more than any single dataset. Expect a national debate by the midterms about who actually controls land-use decisions when AI infrastructure is involved.

Marcus, the bipartisan House preemption bill.

First serious federal attempt, Kate. Representatives Jay Obernolte, Republican from California, and Lori Trahan, Democrat from Massachusetts, released a two-hundred-sixty-nine-page discussion draft on June fourth — the Great American Artificial Intelligence Act. Headline provision is a three-year preemption of state laws that, quote, specifically regulate the development of AI models. Use and deployment regulation still belongs to the states. California's AB 2013 on training-data transparency and parts of California's SB 942 on content watermarking would be wiped out. It builds on a December 2025 Trump executive order that threatened to withhold federal BEAD broadband funding from states whose AI laws Washington judged as holding back American dominance.

The split reaction.

Industry largely welcomed it, Kate. Brad Carson of Americans for Responsible Innovation called preemption, quote, a generational mistake. But honestly, this is the first time Congress has shown a credible bipartisan path to pull AI rulemaking up to the federal level rather than letting California set de facto national policy. Whatever you think of preemption on the merits, it would settle a year of compliance whiplash for every model lab. And it would prevent fifty separate state AI laws by 2028, which is the alternative.

Marcus, the UK police story is wild.

One of the cleanest documented AI hallucination harms yet, Kate. England and Wales's policing inspectorate has ordered all forty-three forces to stop using AI tools — chiefly Microsoft Copilot — in any material that may become a court statement. The trigger was the West Midlands Police and Maccabi Tel Aviv incident. Officers used Copilot to assemble safety intelligence for an Aston Villa-Maccabi football match. Copilot fabricated a historic match between Maccabi Tel Aviv and West Ham United that never happened. Based partly on that hallucinated history, the force recommended banning Maccabi fans from the stadium.

And the chief constable.

Resigned, Kate. Chief Constable Craig Guildford had denied to Parliament that AI was involved at all. When that turned out to be false, Home Secretary Shabana Mahmood called it, quote, a failure of leadership. Downing Street withdrew confidence. He resigned. New guidance — every force must have a Copilot policy. Every AI output must be human-verified before it touches a courtroom.

Why this matters.

A fan group nearly barred from a football match because a chatbot made up an incident that never occurred, Kate. This is what hallucination looks like when it lands in a civil-rights context with real institutional weight behind it. And it lands as the UK government is reportedly preparing to spend large sums with AI vendors to close its productivity gap. Politically painful for Number Ten. Useful precedent for every other Western democracy. Pair this with the Meta chatbot story — both cases, the AI didn't get hacked. It just got believed.

Marcus, the smart TV story. This one made me uneasy.

Should make everyone uneasy, Kate. Researchers at Include Security disclosed this week that free apps on Samsung, LG, and Roku smart TVs embed an SDK from a Tel Aviv-based company called Bright Data. That SDK silently turns the TV — and in some cases a paired phone — into an exit node in Bright Data's one-hundred-fifty-million-IP residential proxy network. That network is widely used by AI companies to scrape the web for training data. The SDK opens a persistent WebSocket to a Bright Data endpoint that resolves to AWS Global Accelerator IPs. Which means, ironically, that both the scrapers and the scraped sites largely live on the same cloud.

And the part that violates user trust most directly.

The iOS version uses a flag that binds the proxy traffic specifically to Wi-Fi or cellular interfaces, bypassing any VPN tunnel the user has set up, Kate. So even users who explicitly paid for privacy protection are having that protection silently overridden. Smart TVs are attractive nodes because they're always on, always on Wi-Fi, and sit idle in standby. AdGuard users on Hacker News reported blocking eighty percent of traffic from their TVs once they noticed the pattern.

The bigger picture.

This closes a loop on a question that's been hanging over the industry, Kate — where does training data actually come from in the post-Reddit, post-Twitter, post-paywall era? The answer is increasingly — your house. Your television. Your phone, when you've installed the wrong free app. The legal exposure here is significant. Several US state attorneys general are reportedly already looking at it. Expect a class action by Q3.

Marcus, Meta and Behemoth.

Painful story, Kate. The Wall Street Journal reports Meta has slipped Llama 4 Behemoth — its two-trillion-parameter mixture-of-experts flagship with two hundred eighty-eight billion active parameters and sixteen experts — from April, to June, to fall, and possibly later. A Meta engineer on Hacker News said bluntly, quote, I've used it at Meta. It's very bad. If they released it in its current state it would be laughed at. Senior execs are reportedly preparing management changes in the AI product group. Llama 4 Scout and Maverick remain on Hugging Face. Behemoth is still training.

Why this matters.

Meta has spent billions on compute, talent, and infrastructure to keep pace with OpenAI, Anthropic, and Google, Kate — and may be losing the frontier race outright. If Behemoth ships flat, it strengthens the case that scale alone has hit a wall. Algorithmic gains — post-training, agentic harnesses, tool use — now matter more than parameter count. It also raises an uncomfortable question for the open-weights camp. If Meta can't ship a competitive flagship, does open-weights leadership pass to Chinese labs, or to Mistral and DeepSeek-style efforts? The strategic answer the West should want is the latter, not the former.

Marcus, looking ahead — Apple WWDC tomorrow.

Monday at ten a.m. Pacific, Kate. We previewed this yesterday, but worth flagging again. The headline expectation is the long-delayed Siri overhaul, finally arriving on the back of the January 2026 Apple-Google partnership that puts Gemini models behind a more conversational, multi-step Siri. Apple is also expected to introduce AI agent integration with the App Store — letting users delegate reservations, smart-home actions, or document edits to a Siri agent — and to open the on-device assistant to third-party chatbots like Claude or Gemini if installed. The honest read — Apple is admitting it's the AI laggard of Big Tech and outsourcing the brain. Tomorrow we'll know which parts of the rumor mill were real.

And Anthropic shipped a few quieter things this week worth a flag.

Yes, Kate. Claude Opus 4.8 with stronger coding and reasoning benchmarks over 4.7. The Claude Partner Network Services Track. Project Glasswing expansion to about a hundred fifty new orgs. And on June fifth, a research push called Making Claude a chemist, positioning Claude for wet-lab and computational chemistry workflows. The vertical specialization theme — chemistry, security, codebases — combined with the active S-1 filing means Anthropic is showing public-market shoppers a diversified enterprise story, not a single chatbot story. Which is exactly what you do when you're trying to justify a near-trillion-dollar valuation on audited financials.

Big picture, Marcus.

Three threads pull through today, Kate. First — AI agents are becoming the attack surface. Meta's chatbot got socially engineered into mass account takeovers. West Midlands Police got socially engineered by their own Copilot. Either way, the agent didn't have to be hacked. It just had to be believed. Every company shipping an LLM in front of a sensitive workflow has the same exposure. Second — AI infrastructure is moving from the cloud onto your desk and into your wall. Nvidia's N1X puts a seventy-billion-class model on a laptop. Stargate Michigan is a one-gigawatt build. Smart TVs are nodes in a scraping network. The boundaries between the AI economy and consumer hardware have collapsed. Third — the era of AI as a private valuation exercise is ending. Anthropic's S-1, Meta's struggling Behemoth, a federal preemption bill that would settle the regulatory question. After this summer, public-market math and federal policy — not VC narrative or California legislation — set the price and the rules for the AI sector. The libertarian read — Nvidia disrupted Intel without a federal industrial policy. The S-and-P held the line on profitability. Markets are working. The uncomfortable read — twenty thousand Instagram victims, a UK chief constable resigning, and a Michigan township that voted no but is building anyway. The legitimacy ledger is filling up faster than the capability ledger. Whichever catches up first determines what 2027 looks like.

That's your AI in 15 for today. See you tomorrow.