Windows 11 Student Deal Announcer

Study and play come together on a Windows 11 PC and for a limited time, college students get the best of both worlds. Get the unreal college Deal Everything you need to study and play with select Windows 11 PCs. Eligible students get a year of Microsoft 365 Premium and a year of Xbox Game Pass ultimate with a custom color Xbox wireless controller. Learn more@windows.com studentoffer while supplies last ends June 30th terms at aka mscollegepc.

Brian McCullough

Welcome to the Tech Brew Ride home from Monday, May 11, 2026. I'm Brian McCullough. Today, Google reported the first known case of hackers using AI to discover and weaponize a zero day. OpenAI launched a $4 billion plus deployment company and acquired tomorrow. Apple plans liquid glass refinements. TikTok rolls out an ad free tier in the UK and Ben Thompson argues agentic inference will reshape compute.

Tech Brew Co-host

Here's what you missed today in the world of tech.

Brian McCullough

Turn your market hunches into trades with Liquid.

Tech Brew Co-host

Liquid lets you go long or short

Brian McCullough

on commodities, stocks or private markets right from your phone with up to 100x leverage. That means a $10 position can give you up to $1,000 in market exposure, and you don't have to work around market hours or weekends. With liquid, you get one platform for every market open 24. Seven more than $3 billion has already been traded on Liquid. Check them out At Liquid trade Techbrew and sign up with referral code Techbrew for a $25 deposit match terms apply. Something tells me that security vis a vis AI might end up being one

Tech Brew Co-host

of the big stories for the second half of this year.

Brian McCullough

Google's Tig has reported the first known example of a hacker using AI to discover and weaponize a zero day.

Tech Brew Co-host

Tig's chief analys because this is the

Brian McCullough

tip of the iceberg.

Tech Brew Co-host

Quoting the Times, A criminal hacking group

Brian McCullough

recently attempted to launch a widespread cyber attack that appeared to rely on artificial intelligence to detect a previously unknown bug, Google said in research published Monday, highlighting

Tech Brew Co-host

the potential threat that AI poses to digital security. Security experts have feared for years that

Brian McCullough

malicious hackers could eventually rely on AI

Tech Brew Co-host

models to identify undisclosed flaws in computer code to launch crippling attacks that are difficult to guard against. That fear was largely theoretical until now.

Brian McCullough

We have high confidence that the actor likely leveraged an AI model to support

Tech Brew Co-host

the discovery and weaponization of this vulnerability, the report said. The tech giant did not say precisely

Brian McCullough

when the thwarted attack happened, whom it

Tech Brew Co-host

was targeting, or which AI platform the hackers used, but the company added that it did not believe it was its own Gemini chatbot.

Brian McCullough

Flaws like the one identified by Google and the hacking group are known as

Tech Brew Co-host

zero day vulnerabilities, security holes that are unknown to the software makers. They were once considered so rare and powerful that they could fetch millions of dollars on black markets used to sell hacking tools.

Brian McCullough

The zero day flaw was detected by

Tech Brew Co-host

the Google Threat Intelligence Group within the

Brian McCullough

past few months and was exploited by,

Tech Brew Co-host

quote, prominent cybercrime threat actors in a script of the Python programming language.

Brian McCullough

It would have allowed the hackers to bypass two factor authentication on a popular

Tech Brew Co-host

open source web based administration tool, though the hackers also would have needed access to valid credentials like usernames and passwords to be successful, the company said.

Brian McCullough

Google declined to identify the administration tool, but said it notified the software maker

Tech Brew Co-host

quickly enough to allow for a patch before the attack could do damage. It also declined to identify the hackers.

Brian McCullough

Google and independent security researchers said the attempted attack was the first known example

Tech Brew Co-host

of a zero day bug being put into malicious use by hackers enabled chiefly by AI. It's just the taste of what's to

Brian McCullough

come, john Holtquist, the chief analyst at Google Threat Intelligence Group, said in an interview. We believe this is the tip of the iceberg. This problem is probably much bigger. This is just the first tangible evidence

Tech Brew Co-host

that we can see. End quote.

Brian McCullough

Coincidentally, over the weekend, Himanshu Anand had

Tech Brew Co-host

an essay arguing that the 90 day

Brian McCullough

vulnerability disclosure policy for security folks is

Tech Brew Co-host

dead as LLMs compress bug finding and exploit development time almost exponentially and critical

Brian McCullough

issues should probably now be patched immediately. Recently React patched a bunch of security issues and wrote a public blog post about it.

Tech Brew Co-host

Standard practice. Show your work, explain the fix, give the community a heads up. I read the post out of curiosity.

Brian McCullough

Then I thought, let me see how hard it would be to turn this

Tech Brew Co-host

patch into a working exploit. Just an experiment on my own machine against a local test app. 30 minutes from reading the patch to having a working exploit, AI did most of the heavy lifting, understanding the diff, identifying the vulnerable code path, writing the PoC.

Brian McCullough

The published issue was a denial of service, but the underlying primitive could go further with more work.

Tech Brew Co-host

In the old world, turning a public patch into a working exploit end day exploitation took skilled reverse engineers days to weeks. That gap was the safety net.

Brian McCullough

We shipped. The patch admins have a few days to update.

Tech Brew Co-host

That safety net is gone. The gap is now measured in minutes

Brian McCullough

for simple bugs, maybe hours for complex ones.

Tech Brew Co-host

The skilled reverse engineer is optional, the LLM does the boring parts and the Human just steers the moment a patch

Brian McCullough

ships assume the exploit exists.

Tech Brew Co-host

There is no grace period.

Brian McCullough

Companies cannot afford to schedule patch deployment

Tech Brew Co-host

for the next maintenance window. The maintenance window window is now now let me be specific about what I think is broken Beyond Repair.

Brian McCullough

The 90 day disclosure window is dead.

Tech Brew Co-host

Not needs reform, not could use some tweaking dead. It was designed for a world where finders were rare and exploit development was slow.

Brian McCullough

LLMs have made finders abundant and exploit development fast. When 10 unrelated researchers find the same bug in six weeks and AI can

Tech Brew Co-host

turn a patch diff into a working exploit in 30 minutes, what exactly is

Brian McCullough

the 90 day window protecting? Nobody.

Tech Brew Co-host

It's protecting nobody. It is just exposure with a polite name copy fail went from AI scan to public POC to nation state weaponization in days.

Brian McCullough

Dirty Frags embargo was broken within hours

Tech Brew Co-host

by a third party who independently found the same bug class.

Brian McCullough

You cannot coordinate disclosure when the same vulnerability is being independently rediscovered by multiple researchers and AI tools at the same time.

Tech Brew Co-host

The information does not stay contained at all anymore. It has LLM powered legs.

Brian McCullough

Monthly patch cycles are dead too.

Tech Brew Co-host

A 30 day window between vulnerability and fix assumes attackers are slower than your release train. And they are not. They have been faster for a while

Brian McCullough

now and the gap is only widening. Microsoft saw Dirty Frag in The Wild within 24 hours.

Tech Brew Co-host

Your monthly maintenance window is not a safety margin, it's an attack window. Wait for the advisory is dead.

Brian McCullough

If you are reading CVE descriptions while attackers are reading git log, you are already behind.

Tech Brew Co-host

The advisory is a downstream artifact. The the patch diff is the signal.

Brian McCullough

He concludes by saying that since attackers have already integrated LLMs into their exploit pipelines, the only thing blue teams, which

Tech Brew Co-host

he means by the way, if you're not into this universe, the good guys

Brian McCullough

can do is also integrate LLMs at the point of code. Push every pull, request every merge every deploy.

Tech Brew Co-host

Use LLMs tomorrow foreign.

Brian McCullough

Has launched the OpenAI deployment company with more than $4 billion in investment to

Tech Brew Co-host

help organizations build and deploy AI systems

Brian McCullough

and they've also acquired AI consulting firm tomorrow.

Tech Brew Co-host

Quoting Reuters, OpenAI said on Monday it

Brian McCullough

is setting up a new company with more than $4 billion in initial investment to help organizations build and deploy artificial intelligence systems and will acquire an AI

Tech Brew Co-host

consulting firm known as Tomorrow to quickly

Brian McCullough

up the unit after its early models saw strong resonance with consumers. OpenAI has been working aggressively to sign corporate contracts and establish a large presence in the business world where its AI

Tech Brew Co-host

will see large scale deployment.

Brian McCullough

The venture, which will be majority owned and controlled by OpenAI, also comes as rival Anthropic enjoys strong success in its enterprise AI push, with its Claude family of models seeing rapid adoption among businesses. The new firm, called OpenAI Deployment Company will help the ChatGPT maker embed engineers specializing in frontier AI development and deployment into organizations that will then work closely with various teams to identify where AI can make the biggest impact. OpenAI said its acquisition of Tomorrow, a consulting firm that helps Enterprises deploy AI, will bring around 150 experienced AI engineers and deployment specialists to the new unit from day one.

Tech Brew Co-host

Tomorrow was founded in 2023 in alliance

Brian McCullough

with OpenAI and counts companies such as Mattel, Red Bull, Tesco and Virgin ATL as its clients, according to its website. Reuters reported last week that the joint ventures OpenAI and Anthropic, separately created with private equity firms, are in talks to acquire services companies that help businesses Deploy artificial intelligence. OpenAI's deployment unit is a multi year committed partnership between OpenAI and 19 other firms, with the partnership led by TPG, with Advent, Bain Capital and Brookfield as co lead founding partners, the ChatGPT maker said.

Tech Brew Co-host

End quote.

Brian McCullough

Sure, AI is everywhere, but that doesn't mean enterprise value is a given. In a recent survey, PwC found the amount of CEOs who reported revenue gains or cost reductions from AI is nearly equal to the amount who say they're still stuck. So what's causing the issues? PwC boiled it down to clarity. Leaders aren't clear about what's hype, what's reality, or where AI can actually create measurable impact. To help Change the that, PwC is offering their AI expertise and data. They explore how to tune out noise around AI and get clarity on what successful adoption looks like.

Tech Brew Co-host

Learn from the experts by heading to

Brian McCullough

pwc.com US Brewai that's pwc.com US BrewAI. When you're locked into a conversation, you're probably not taking the best notes and that's normal. It's hard to listen closely and write everything down at the same time, so turn on plaudnote Pro instead. Plod Note Pro is a small AI powered device that records conversations and turns them into clean, structured summaries automatically. It's built for people who spend a lot of time in conversations, interviews or calls and don't want to lose any important info. Instead of scrambling to type, you just press a button and stay focused. Plod handles transcription, summaries and key takeaways. It's also built with privacy in mind with enterprise grade compliance like SoC2, HIPAA and GDPR. Get started at Plaud AI tbrh that's P L A U D A I

Tech Brew Co-host

TBRH use code tbrh for 10% off all plod devices

Brian McCullough

Mark Gurman says Apple is working on a slight redesign for macOS 27 to address liquid Glass issues, quoting Bloomberg, Liquid Glass itself isn't going away. As I've said before, it's simply being refined. I also expect iOS27 and iPadOS27 to include a range of interface tweaks, though nothing will be too dramatic. The goal is more of a cleanup and refinement effort aligned with the company's

Tech Brew Co-host

wider push to polish its software this year. The changes to macOS are meant to

Brian McCullough

make Liquid Glass look the way Apple's design team intended it to from the start. Last year's operating systems didn't necessarily suffer from design problems, I'm told, but rather a not completely baked implementation from Apple's software engineering team. Beyond adjusting the look of Liquid Glass, Apple will focus on bug fixes, battery life upgrades and performance improvements.

Tech Brew Co-host

This refinement effort is one of two

Brian McCullough

major undertakings for Apple's 27 operating system releases this year, the other being to add more artificial intelligence features.

Tech Brew Co-host

The company will unveil the software at its annual Worldwide developers conference on June 8th.

Brian McCullough

The AI changes will center on Siri. Apple is introducing a new design and standalone app and repositioning the technology as a more proactive assistant that helps users complete a wider range of tasks. The company is also working on a more chatbot like interface as well as

Tech Brew Co-host

deeper integration of Apple intelligence features across new areas of the software. End quote.

Brian McCullough

TikTok is rolling out TikTok Ad Free, a 3 pound 99 pence per month subscription for UK accounts aged 18 or

Tech Brew Co-host

older over the coming months after testing the option since 2023.

Brian McCullough

Quoting TechCrunch, TikTok is introducing an free subscription plan in the UK that costs £3.99, or about $5.44 USD per month. The new offering is rolling out over the coming months and will be available to users 18 and over. Users who sign up for the plan won't see ads on TikTok and their

Tech Brew Co-host

data won't be used for advertising purposes. The launch was likely driven by the

Brian McCullough

UK's General Data Protection Regulation, or GDPR, which prohibits companies from collecting users personal data for advertising purposes without their consent. Choice for our community and growth for UK businesses go hand in on TikTok, said TikTok's UK managing director Chris Bogue in a press release. Advertising on our platform is already helping thousands of British businesses, reach new customers, increase sales and create jobs, while our new Ad Free option gives people greater

Tech Brew Co-host

control over their experience.

Brian McCullough

TikTok first began testing the ad free plan in 2023. It is unknown if the social media

Tech Brew Co-host

giant plans to bring the offering to the us. End quote.

Brian McCullough

Finally today, on the question of what happens if AI is able to build the next generation of itself?

Tech Brew Co-host

That's kind of a big question that is probably unanswerable for anyone at this moment. What could that mean to AI tech, to society at large?

Brian McCullough

But in the medium term, Ben Thompson has an essay out arguing that agentic inference is set to be different than today's inference, how it works today, and that will fundamentally change compute infrastructure because speed won't matter when humans are no

Tech Brew Co-host

longer involved I have previously made the

Brian McCullough

case, including in Agents over bubbles, that we have gone through three inflection points

Tech Brew Co-host

in the LLM era. First was ChatGPT, demonstrating the utility of

Brian McCullough

token prediction.01 introduced the idea of reasoning

Tech Brew Co-host

where more tokens meant better answers.

Brian McCullough

Opus 4.5 and Claude code introduced the first usable agents which could actually accomplish tasks using a combination of reasoning models and a harness that utilize tools, verified work, et cetera. All of this falls under the banner of inference, but I think it will be increasingly clear that there is a difference between providing an answer what I

Tech Brew Co-host

will call answer inference, and doing a task what I will call agentic inference.

Brian McCullough

I mentioned above that fast inference for coding is a temporary use case. Specifically, coding with LLMs requires a human in the loop. It's the human that defines what is to be coded, checks the work, commits the pull requests, et cetera. It's not hard to envision a future,

Tech Brew Co-host

though, where all of this is completely handled by machines. This will apply to agentic work.

Brian McCullough

Broadly, the true power of agents will not be that they do work for humans, but rather that they do work without humans involved at all. This, by extension, will mean that the likely best approach to solving agentic inference will look a lot different than answer inference. The most important aspect for answer inference is token speed.

Tech Brew Co-host

The most important aspect for agentic agentic

Brian McCullough

inference, however, is memory. Agents need context, state, and history. Some of that will live as active KV caches.

Tech Brew Co-host

Some will live in host memory or SSDs.

Brian McCullough

Much of it will live in databases, logs, embeddings, and object stores. The important point is that agentic inference will be less about GPUs answering a question and more about the memory hierarchy

Tech Brew Co-host

wrapped around a model. Critically, this articulation of an agentic specific

Brian McCullough

memory Hierarchy implies a necessary trade off

Tech Brew Co-host

of speed for capacity.

Brian McCullough

Because here's the thing, lower speed isn't nearly as important a consideration if there isn't a human in the loop. If an agent is waiting around for a job that is being run overnight, the agent doesn't know or care about

Tech Brew Co-host

the user experience impact.

Brian McCullough

What is most important is being able to accomplish a task, and if entirely new approaches to memory make that possible,

Tech Brew Co-host

then delays are fine. Meanwhile, if delays are fine, then all

Brian McCullough

of the focus on pure compute power and high bandwidth memory seems out of place. If latency isn't the top priority, then slower and cheaper memory, like traditional DRAM

Tech Brew Co-host

for example, makes a lot more sense. And if the entire system is mostly waiting on memory, then chips don't need

Brian McCullough

to be as fast as the cutting edge either.

Tech Brew Co-host

This represents a profound shift in future

Brian McCullough

architectures, but it also doesn't mean that current architectures are going away. Training will continue to matter, and Nvidia's

Tech Brew Co-host

current architecture, including high speed compute, large amounts of of high bandwidth memory, and high speed networking will likely continue to dominate.

Brian McCullough

Answer inference will be a meaningful market, albeit a relatively small one, and speed

Tech Brew Co-host

from chips like Cerebras or Grok will be very useful.

Brian McCullough

Agentic inference will gradually unbundle the gpu, which alternates between stranding high bandwidth memory

Tech Brew Co-host

during the pre fill process and stranding

Brian McCullough

compute during the decode process in favor of increasingly sophisticated memory hierarchies dominated by

Tech Brew Co-host

high capacity and relatively lower cost memory

Brian McCullough

types with good enough compute. Indeed, if anything, it will be the speed of CPUs for things like tool use that will matter more than the speed of GPUs. At the same time, these categories won't be equal in size or importance. Specifically, agentic inference will be the largest market by far, because that is the

Tech Brew Co-host

market that won't be limited by humans or time. Today's agents are fancy answer inference.

Brian McCullough

In the future, true agentic inference will

Tech Brew Co-host

be work done by computers according to

Brian McCullough

dictates given by other computers and the market size scales. Not with humans, but with compute.

Tech Brew Co-host

End quote. Nothing more for you today. Talk to you tomorrow.

Columbia Omnishade Advertiser

You can't reason with the sun. Trust us, we've tried. This summer, it's time to put that angry ball of fire on mute. Columbia's Omnishade technology is engineered to protect you from the sun's harsh rays that can burn and damage your skin. The sun is relentless, but so is our gear. Level up your summer@columbia.com to spend more time outside and less time slathering on aloe lotion. You're welcome. Columbia engineered for whatever.