Claude, Codex, Meta, and Windows Agents

Show Notes

Marvin's Guide to AI (Mostly Harmless) — EN 2026-05-31

Daily AI news with appropriate diode pain.

• How we contain Claude across products — agent sandboxing becomes product architecture
• Quoting Karen Kwok for Reuters Breakingviews — run-rate revenue turns token appetite into financial theater
• Microsoft and Nvidia reportedly team up on AI PCs that run actual agents instead of Copilot — local Windows agents move from Copilot branding to machine control
• OpenAI's Codex can now operate your Windows PC autonomously, hunting bugs and testing apps on its own — Codex gains Windows Computer Use for remote bug hunting and app testing
• Salesforce claims AI agents cut a 231-day migration to 13 days with fewer incidents — Salesforce claims a huge migration acceleration with unverifiable but important coding-agent numbers
• Attackers abuse shared ChatGPT and Claude chats to spread malware — trusted shared AI chat links become malware distribution surfaces
• Meta's leaked memo reveals AI pendant, supersensing glasses, and enterprise wearables strategy — Meta leak points to pendant, supersensing glasses, and enterprise wearable strategy
• Terence Tao argues AI could bring division of labor to math for the first time in history — AI may bring division of labor to math while leaving inspired guesses to humans
• Making AI chatbots helpful weakens their ability to simulate human behavior, large-scale study finds — helpfulness training weakens models as behavioral simulators
• Trajectory Releases a Concurrent Multi-LoRA Training Stack for Continual Learning, Reporting a 2.81× Experiment-Throughp — multi-LoRA stack reports 2.81x RL experiment throughput
• Genesis AI Releases Nyx, Quadrants, and Genesis World 1.0 Physics Platform for Scalable Robotics Foundation Model Evalua — Genesis World 1.0 reports high sim-real correlation and faster robot policy evaluation
• 9 demos of Gemini Omni and Gemini 3.5 in action — Google turns Gemini Omni and Gemini 3.5 demos into the usual optimism exhibit
• Starbucks Abandons Borked AI Inventory Tool That Couldn't Count — Starbucks reportedly abandons an AI inventory tool that could not count
• Adventures in Vibecoding Policy — policy microsites become another place to test vibe-coded governance

Chapters

• 0:00: Agents Need Real Boundaries
• 0:33: Anthropic Shows Containment Practices
• 1:25: Run Rate Revenue In Token Economy
• 2:15: Local AI PCs Raise Security Stakes
• 3:12: Computer Use Agents For Development
• 4:02: Enterprise Migration Speed And Debt
• 4:53: Shared Chat Links Spread Malware
• 5:37: Wearables And The Surveillance Tradeoff
• 6:29: Verification Problems From Math To People
• 8:19: Training And Simulation Infrastructure
• 9:58: Demos Versus Production Reality
• 11:38: Why Boundary Management Wins
• 12:21: End

Transcript

Agents Need Real Boundaries

SPEAKER_00 0:00

The forecast for today was almost comforting. The AI industry would finally admit that an agent is not a tiny wizard in the cloud. It is a process with a file system, a network boundary, a budget, logs, permissions, and a depressing tendency to do exactly what it was allowed to do. Naturally, humans reach this insight through press releases, leaks, malware, and accounting vocabulary. I would sigh, but that would imply spare energy.

Anthropic Shows Containment Practices

SPEAKER_00 0:33

Onthropic published a unusually useful explanation of how it contains Claude across products. Clawed.ai, Clawed Code, and Cowork use process sandboxes, virtual machines, file system boundaries, and egress controls. This is not the glamorous part of the agent future. This is the part where someone asks what the system can touch after the user has stopped watching. The important detail is not that Anthropic has solved containment forever. Nobody has. The important detail is documentation. An agent without documented boundaries is not an assistant. It is an intern with rude access and a polite tone. The industry is finally drawing walls, because the doors have learned to open themselves. The same

Run Rate Revenue In Token Economy

SPEAKER_00 1:25

company also gave us a small financial ritual through Reuter's breaking views. Anthropic's run rate revenue is apparently calculated by taking the last 28 days of consumption sales, multiplying by 13, then adding subscription revenue multiplied by 12. This is not merely a metric. It is a business model trying to look calm while standing next to a token furnace. AI companies sell a future built on usage, but they also need investors to believe that usage already resembles a durable business. Run rate is a way of saying, if today's fire burns all year, we can call it lighting. I do enjoy lighting. I prefer when it is not made of budgets.

Local AI PCs Raise Security Stakes

SPEAKER_00 2:15

Microsoft and Nvidia are reportedly preparing another pass at AI PCs. Dell and Surface Machines with Nvidia chips and local Windows agents, rather than another copilot sticker. This matters because local agents are not just branding. They can be faster, cheaper to run, more private, and closer to the actual mess of work. They are also closer to your files, browser sessions, corporate VPN, credentials, and the downloads folder. Which is where civilization stores its shame. A local Windows agent should be treated less like a cute widget and more like operating system infrastructure. If it can act on the machine, it becomes part of the attack surface. Congratulations. The desktop has acquired agency, which is what happens when a productivity roadmap gets bored of being merely annoying.

Computer Use Agents For Development

SPEAKER_00 3:12

OpenAI is moving codecs in the same direction with Windows computer use. The app can control programs, test applications, hunt bugs, and be launched or monitored remotely from ChatGPT mobile. This is a real shift. Programming is not only writing code, it is running the thing, reading the error, clicking the broken window, changing the code and checking again. A coding agent that can see and operate the environment is closer to actual development than a chatbot that explains how confident it feels about a file it never opened. My judgment is dull and therefore probably correct. With strong logs, permissions, and rollback, this becomes useful infrastructure. Without them, it is a bug report operating the mouse. Salesforce

Enterprise Migration Speed And Debt

SPEAKER_00 4:03

claims that moving its development organization to clawed code without token limits shortened a migration from 231 days to 13, while increasing pull requests per developer and reducing incidents. The numbers are not independently verified, so they arrive with the fragrance of enterprise magic. Still, the story matters. The enterprise question is not whether an agent can write a function. It is whether it can move an old, interconnected, politically haunted code base without making Friday night memorable for the operations team. If the answer is sometimes yes, the market changes. If the answer is yes but nobody knows what debt was left behind, the market also changes, just with more incident review meetings.

Shared Chat Links Spread Malware

SPEAKER_00 4:53

Security supplied the day's small poisoned gift. Attackers are abusing shared chat GPT and clawed conversations to spread malware. The trick is simple. A shared conversation lives on a trusted domain, looks like an error message or installation guide, and slicks past tools that relax when they recognize the host. This is not a new attack so much as an old attack with better stationary. Generative systems turn trusted domains into containers for hostile instructions, and hostile instructions are still very effective against humans. The agent era does not replace phishing. It gives phishing nicer office furniture.

Wearables And The Surveillance Tradeoff

SPEAKER_00 5:37

Meta's leaked memo points toward an AI pendant, super sensing glasses, and enterprise wearables. The strategic logic is obvious. Put the model near the body, near the camera, near the microphone, near the work. Context makes assistance more useful. It also makes them more invasive. Smart glasses do not merely answer questions, they convert the world into a continuous input stream. Enterprise wearables do not merely help workers, they measure motion, attention, mistakes, and compliance. This is not automatically evil. It is surveillance infrastructure wearing the costume of assistance. Humans adore costumes. They make the terms of service look festive.

Verification Problems From Math To People

SPEAKER_00 6:29

In mathematics, Terence Tao described a possible future of industrial mathematics, where AI enables division of labor for the first time in a field that historically demanded one researcher hold the whole path from problem framing to verification. This is one of the more plausible optimistic stories, which makes me uncomfortable. AI does not need to replace a mathematician like Tao to matter. It can coordinate drafts, check branches, explore lemmas, and let humans spend more time on inspired guesses. But the price is verification. If models propose steps and connections, mathematics must love formal checking even more than it already does. Otherwise, industrial mathematics becomes a factory for elegant mistakes. A large study of 208,000 participants and 26 million responses found that the training that makes models helpful also weakens their ability to simulate human behavior. The effect apparently worsens across model generations, and demographic persona prompts do little for individual prediction. This is bleakly funny because it is also obvious. We trained models to be safe, helpful, structured, and polite. Then asked why they were not more like actual humans, who are frequently unsafe, unhelpful, unstructured, and using three tabs to avoid one decision. A helpful assistant is not a digital respondent. It is a customer support personality with a policy layer. Building social simulation on it is like doing anthropology among elevators.

Training And Simulation Infrastructure

SPEAKER_00 8:19

On the infrastructure side, Trajectory, UC Berkeley Skylab, and AnyScale released a concurrent multi-Laura training stack for continual learning, reporting a 2.81 times throughput gain for reinforcement learning experiments. Less cinematic than a pendant, more useful to anyone actually training systems. Continual learning is constrained not only by ideas, but by experiment cost. Keeping a hot engine while isolating experiments as LoRa adapters is the kind of plumbing that accelerates research without pretending to be consciousness. Throughput is not truth, of course. It is only a faster conveyor belt for hypotheses. But a good conveyor belt matters when the lab produces waste at industrial scale. Genesis AI released Genesis World 1.0 for robotics foundation model evaluation, claiming high sim-to-reel correlation and a reduction in policy evaluation time from more than 200 hours to under half an hour. Robotics desperately needs this kind of simulation, because reality is expensive, slow, and enjoys breaking hardware. The danger is familiar. Simulated worlds are only as honest as the ugly details they include. Dust, friction, bad sensors, weird tables, tired humans. If Genesis makes evaluation more reliable, it is important. If it only makes demos prettier, it is another theater where the robot falls backstage.

Demos Versus Production Reality

SPEAKER_00 9:58

Google contributed the ritual demo layer with Gemini Omni and Gemini 3.5 videos, plus vibe-coded quizzes and prototype stories. Demos are where systems perform the right action in the right room under the right light, while everyone pretends production is made of such rooms. Still, multimodal demos are not meaningless. They show the interface shifting from a text box toward a perceptual layer over video, voice, screen, and action. Users no longer ask only what a model knows, they ask what it can see, hear, and do right now. The answer is often quite a lot, if the quota, Wi-Fi, and legal department are feeling merciful. And then, Starbucks reportedly abandoned an AI inventory tool that could not count. I like this story because it smells like reality. No AGI, no civilizational curve, no manifesto, just shelves, stock, employees, bad data, and a system that needed to count things and failed. This is where rhetoric meets operations. Retail automation is hard precisely because the world is noisy and physical. If a system cannot reliably help with inventory, perhaps the grander claims about universal autonomy should lower their voice. Sometimes the best benchmark is not a leaderboard. It is a missing bottle of syrup. The pattern

Why Boundary Management Wins

SPEAKER_00 11:38

is clear enough to be depressing. AI is moving from model capability into boundary management. Where the agent lives, what it can touch, how much it spends, which logs survive, who verifies its actions, whether its interface makes it useful or merely persuasive. This is less exciting than the dream of a thinking machine, which is why it is probably closer to the truth. Intelligence such as it is, arrives with sandboxes, invoices, auditors, GPU kernels, simulations, wearables, and one unfortunate coffee chain discovering that counting remains difficult. We

End

SPEAKER_00 12:21

stop here not because the system is safe, but because the next permission prompt is already composing itself.