Lumina Digest

Google Will Pay SpaceX $920 Million a Month for Computing Power: GPUs Become an Income-Statement Line Item

A deal worth roughly $30 billion (October 2026–June 2029) has Google renting ~110,000 GPUs from SpaceX as bridge capacity, even as Alphabet keeps committing more than $180 billion to its own AI infrastructure. Access to compute is becoming a financial and competitive lever, no longer just cloud capex.

Google will pay SpaceX $920 million a month to access roughly 110,000 NVIDIA GPUs, plus CPUs, memory and other components. The deal, made public on June 5 through an SEC filing, runs from October 2026 to June 2029, for a total value of around $30 billion. That works out to roughly 33 months, counted as full inclusive months. Google frames it as “a short-term arrangement to secure bridge capacity against demand — higher than expected — for our Gemini Enterprise agent platform” (TechCrunch).

This is external bridge capacity, not a decision to stop building in-house: Alphabet has already committed more than $180 billion in capex for 2026, a figure it expects to raise “significantly” in 2027. To support the spending, it has announced an $80 billion equity raise (The Next Web).

The terms are tight: if SpaceX does not deliver the capacity by September 30, 2026, then after a one-month grace period Google can walk away or accept fewer GPUs at a discount; from December 31, 2026, either party can exit with 90 days' notice.

On where the compute comes from, the sources urge caution: the filing does not specify which data center will supply the capacity to Google, and SpaceX has not confirmed it. The press links it to the former xAI footprint — the company behind the Grok chatbot, merged into SpaceX in February 2026 — and to the Colossus supercomputers near Memphis. It is the same infrastructure underpinning the twin deal with Anthropic: $1.25 billion a month for the entire capacity of Colossus 1, roughly double the capacity estimated for Google. But Musk had indicated that Colossus 2 would stay with xAI, and the question of where Google's GPUs will actually come from remains open.

The announcement comes about a week before SpaceX's Nasdaq listing, which aims to raise around $75 billion at a valuation of roughly $1,750 billion — potentially the largest IPO ever. The question remains open whether this demand for compute is structural or close to the peak of a cycle.

Why it matters

• Entrepreneurs: AI compute is no longer just internal capex: it is also becoming a recurring line on the income statement and a capacity you can rent. Even a hyperscaler like Google — which still keeps committing more than $180 billion to its own infrastructure — is renting “bridge” capacity, even from a non-traditional supplier tied to a rival like Musk, rather than lose customers. For anyone running a business, access to computing power is now a competitive and financial lever to be negotiated, with the unknown of demand that may be close to the peak of a cycle.
• ICT engineers / IT managers: Even a company that keeps building data centers like Google is renting 110,000 GPUs to cover a demand peak: capacity scarcity is a real planning constraint, not a hypothesis. It is worth studying the contract design — a September 30 delivery deadline, 90-day termination — as a model for managing supplier dependence, and noting the concentration risk: the capacity sits in third-party infrastructure and SpaceX has not even disclosed which data center will supply it.

ChatGPT Rewrites Its Own Memory: 'Dreaming V3' Arrives, Convenience vs. Auditability

OpenAI makes an automatic background summary of the user profile the default, in place of hand-saved memories. More convenient and cheaper, but what the system infers and retains becomes harder to verify.

OpenAI began rolling out "Dreaming V3" on June 4, 2026, a new memory architecture for ChatGPT that makes automatic profile synthesis the default in place of the hand-curated "saved memories" list. A background process — called "dreaming" — synthesizes context from past conversations and updates what the system remembers without any request from the user. OpenAI's example: a memory reading "you're going to Singapore in July" rewrites itself into "you went to Singapore in July 2026" once the trip is over. Those who prefer the previous model can still revert to the legacy saved memories under Settings > Memory > Saved memories. The feature launched for Plus and Pro users in the United States. Free, Go, and other countries will follow in the following weeks, made possible — OpenAI states — by a roughly 5x reduction in compute. Paid plans get double the memory capacity.

OpenAI reports internal metrics (82.8% factual recall, 71.3% preference adherence), but without any comparison to a rival assistant or independent benchmarks. The crux is auditability: memory lives in a layer separate from the chat logs, so deleting a conversation does not remove the synthesized memories, and the summary page does not show everything that is retained. OpenAI notes that memory and chat history can be turned off, but complete deletion requires acting on every source. A CHI 2026 ("Relational Gains, Privacy Strains") study of 20 users finds that most participants experience "negative expectancy violations" after discovering what ChatGPT remembered about them. The study calls for greater visibility, accessibility, transparency, and user control in the design of future memory features. An independent analysis cites a February 2026 arXiv study according to which 96% of memories are created unilaterally by the system, with personal data relevant to the GDPR in 28% of entries. In May 2026, a class action challenges OpenAI over third-party trackers on ChatGPT.com.

Why it matters

• End users: For those who use ChatGPT every day, memory becomes by default an automatic, persistent summary of their own profile rather than a list to check by hand — while it remains possible to revert to saved memories: more convenience, but less visibility into what the system infers and retains. Under the GDPR, a memory or profiling based on personal data requires a legal basis, transparency, and respect for the data subject's rights — including access, objection, and erasure where applicable. Consent may serve in specific cases, but it is not the only possible basis. In practice, it pays to actively check the memory summary page, knowing that deleting chats is not enough to remove what has already been synthesized.

Google and the FBI: Ransomware Group UNC3753 Steals Data Using Fake IT Technicians, Even in Person

Mandiant and the FBI report a high-speed campaign against U.S. law firms: helpdesk vishing, legitimate RMM tools, and physical access to offices with exfiltration to USB drives.

On June 5, 2026, Google Threat Intelligence Group (Mandiant) published an analysis of UNC3753 — the group already known as Luna Moth, Silent Ransom Group, and Chatty Spider, active since 2022. On May 26, 2026, the FBI had issued a FLASH on the Silent Ransom Group. The two sources converge on the same campaign, but there is no joint advisory on record. Between January and May 2026, the group hit dozens of U.S. law firms and professional and financial services companies. It should be noted that SRG/UNC3753 operates mainly as a data-theft-based extortion group and does not typically resort to traditional ransomware encryption, even though some outlets place it within the ransomware/extortion category.

Initial access is via vishing: the operators call posing as the internal IT helpdesk, often after a decoy invoice-themed email with no malicious links or attachments, used solely to build the pretext. They convince the victim to start a screen-sharing session (Quick Assist, Zoom, Microsoft Teams) or to install a legitimate commercial RMM tool — AnyDesk, Bomgar, Zoho Assist, SuperOps. Exfiltration goes through WinSCP, Rclone, and consumer cloud accounts: in one incident, 1.7 GB was taken from OneDrive to Google Drive and another 14.4 GB via WinSCP from a VDI.

Speed is the defining trait: the entire cycle, from first contact to theft and extortion, often closes within a single business day. Reconnaissance, staging, and theft are launched in under an hour, and the demand is sent within ~30 minutes of exfiltration. A three-day deadline follows, along with the threat to publish the data on the leak site and to notify clients and employees.

Physical access is nothing new: the FBI had already documented it in a PIN from May 2025 and reiterated and updated it with new cases in the FLASH of May 26, 2026. Fake technicians show up on-site claiming they need to “back up” or “fix a security problem” with the device, and exfiltrate to USB sticks. Google assesses these physical intrusions as only “likely” linked to UNC3753, due to a lack of forensic evidence and of any subsequent extortion. Mandiant CTO Charles Carmakal notes that planted insiders, corrupted employees, and physical entry are a pattern already seen in other cases.

Why it matters

• ICT engineers / IT managers: The campaign bypasses controls focused only on endpoints and email because it exploits legitimate tools and human trust: you need an anti-vishing runbook, out-of-band verification of the identity of anyone claiming to be “IT support,” blocking of USB media and restriction/whitelisting of RMM tools, plus monitoring of suspicious chains such as curl→msiexec and of Rclone usage.

Frontier cyber models enter state agencies: GPT-5.5-Cyber in the EU, Mythos at ENISA, and (per the Financial Times) toward the NSA

OpenAI opens GPT-5.5-Cyber to vetted European defenders and Anthropic grants Mythos to the EU agency ENISA; on the American front, the Financial Times reports — without confirmation — Anthropic engineers seconded to the NSA for Mythos, against the backdrop of a DoD ban.

Within a few weeks, AI models trained for cyber work have passed from the hands of vendors to those of state agencies, on both sides of the Atlantic. OpenAI has opened GPT-5.5-Cyber to vetted European defenders — EU agencies, governments and institutions, including the EU AI Office — under the EU Cyber Action Plan announced on May 11, 2026. Access runs through the Trusted Access for Cyber program: for verified defenders, OpenAI lowers the classifier's refusals for authorized workflows, while still maintaining a "hard floor" that continues to block credential theft, persistence, malware development and attacks on third-party systems. On the CyberGym benchmark the model scores 81,9% (versus 81,8% for GPT-5.5), and the UK AI Security Institute reports a simulated 32-step attack that succeeded in 2 out of 10 attempts.

A few days later, Anthropic granted its Mythos model to the EU cybersecurity agency ENISA via Project Glasswing — the first European institution admitted — after months of restricted access and pressure from European finance ministries. The contested point: OpenAI had branded the lockdown of Mythos as "fear-based marketing" (Sam Altman), only to then restrict access to Cyber itself; several critics consider the "too dangerous" rhetoric overblown.

On the US front, the Financial Times reports — an unconfirmed account — that around six Anthropic engineers have been seconded to the NSA for the deployment of Mythos; it is unclear whether it is already being used in hacking operations, the NSA neither confirms nor denies, and Anthropic declines to comment. The detail that weighs heavily: a collaboration of this kind would clash with the DoD's designation of Anthropic as a "supply chain risk", imposed after the company refused to allow the use of its models for mass domestic surveillance and autonomous weapons.

Why it matters

• ICT engineers / IT managers: Frontier cyber capabilities, both offensive and defensive, are becoming a governed and vetted resource: those who guard security must factor in both AI-assisted adversaries and new conditional-access defensive tools, and assess whether and how to qualify for that access (vetting, phishing-resistant authentication, mandatory account security).
• LLM builders / devs: Divergent release postures — refusal classifiers lowered for verified users but with an impassable "hard floor", tiered access with vetting and controlled government use — are becoming concrete design references for anyone who must regulate access to dual-use capabilities in a frontier model.

MiniMax M3: the Open-Weight That Promises Frontier Coding, 1M Context, and Native Multimodality — but the Weights Are Missing at Launch

On June 1 MiniMax announced M3 with top-tier coding benchmarks and a million tokens of context, all in a multimodal model. The catch: the weights and technical report weren't public yet, and every figure is measured by the vendor.

On June 1, 2026, MiniMax unveiled M3, a model the vendor describes as "the first and only open-weight" to combine frontier coding, context of up to 1 million tokens, and native multimodality (image and video input, with the ability to operate a desktop computer). At its core is MSA (MiniMax Sparse Attention), a new attention architecture that computes scores only over selected segments of the key-value cache. According to MiniMax's internal data, at 1M context the compute per token drops to 1/20 of the previous generation. Prefill is more than 9× faster and decoding more than 15×; the specific metrics reported are ~9.7× and ~15.6×.

On coding, the blog claims 59.0% on SWE-bench Pro, asserting that it beats GPT-5.5 (58.6%) and Gemini 3.1 Pro and comes close to Claude Opus — which, however, TechTimes places markedly higher, at 69.2%. Other figures cited: Terminal-Bench 2.1 at 66.0% and BrowseComp at 83.5%, also picked up by The Decoder's coverage from the same launch materials.

The caveat is decisive and goes beyond any single benchmark: at launch, neither the weights nor the technical report were public. MiniMax promised both "within 10 days" (around June 11) on Hugging Face and GitHub. Until then — TechTimes notes — the "open-weight" label is a company commitment, not a verifiable fact. And every figure comes from infrastructure, evaluation environments, and baselines chosen by MiniMax itself. At the time of the TechTimes article (June 1), independent evaluations from Artificial Analysis and LMArena were still pending. As of June 7, Artificial Analysis has already published a MiniMax-M3 page (Intelligence Index 55), while no canonical LMArena page for M3 appears to exist.

For anyone weighing production use, there is a further caveat: TechTimes flags jurisdictional risk. MiniMax is subject to China's 2017 National Intelligence Law. There is no evidence of backdoors or data sharing for M3, but for workloads involving proprietary code, customer data, or sensitive documents, the legal risk should be assessed before sending prompts to the API.

Why it matters

• LLM builders / devs: For agent builders, M3 is potentially the only open-weight that brings together strong coding, 1M context, and multimodality in a single model, with efficiency features (MSA) that are appealing for long-context pipelines. But until the weights and technical report are public and third-party evaluations consolidate (Artificial Analysis already has a first page, LMArena doesn't), the vendor's benchmarks remain a preliminary signal: better to wait for the release and run evals on your own representative tasks before committing to production. And for workloads with proprietary code or sensitive data, the jurisdictional risk flagged by TechTimes should also be factored in before sending prompts to the API.

The US Government Weighs an Equity Stake in OpenAI

CNBC reports talks between the White House and OpenAI for the company to hand equity over to the federal government; Trump confirms the principle but not the details, and the first warnings are coming from within Republican circles.

On June 5, CNBC reported that the Trump administration is discussing with OpenAI the possibility that the company hand an equity stake over to the federal government. The equity would be earmarked to fund a "Public Wealth Fund": the fund OpenAI proposed in April to redistribute the proceeds of AI growth to citizens. Aboard Air Force One, Trump confirmed that he is talking with AI leaders about "concepts where pieces could be given to the American public, which effectively becomes a partner in the companies," though without naming OpenAI. The key point of the mechanism: this is a donation of equity by the company, not a purchase or a sovereign-style public investment.

OpenAI is valued at more than $850 billion by private investors and is preparing for an IPO that could come as early as this year. According to TechCrunch, Sam Altman has been pushing the idea since 2025, in talks that have run for over a year. It is not an isolated move: in its second term the administration has already acquired 10% of Intel ($9 billion) along with stakes in IBM and in quantum and critical-minerals companies. Also on the table is Senator Bernie Sanders' proposal for a one-time 50% tax payable in shares.

The initiative is contested, however, within Republican circles themselves: David Sacks, the former "AI czar" and now co-chair of PCAST, warned that it would accelerate the "corporate-government merger" we are already sliding toward, branding the Sanders plan a "stupidity tax." No terms have been decided and everything remains subject to change.

Why it matters

• Entrepreneurs: If the state takes a stake in foundational AI, the sector slides toward a quasi-utility economy: pricing, access, and competitive dynamics begin to feel the presence of a public partner. With the Intel and IBM precedents, the model risks becoming a template extendable to other strategic tech companies. What's at stake is who does business with the state, and on what terms capital is raised and exits happen.

Supabase Raises $500 Million and Doubles Its Valuation to $10.5 Billion, Driven by AI Vibe-Coding

The GIC-led Series F round brings Supabase to decacorn status in eight months, on the back of AI-generated databases. But an independent analysis flags the absence of disclosed revenue and, by analogy with Neon, the risk that many AI-launched databases are ephemeral.

Supabase has closed a $500 million Series F round, at a pre-money valuation of $10 billion (roughly $10.5 billion post-money). It is led by Singapore's sovereign wealth fund GIC, with the return of Stripe and the entry of Georgian and Salesforce Ventures. The figure doubles in eight months the $5 billion reached in October 2025.

The growth is explicitly tied to the vibe-coding boom: database launches have grown more than 600% year-over-year, and more than 60% of new databases now originate from AI tools. Claude Code is cited as the single largest contributor, while Codex is mentioned by CEO Paul Copplestone as a driver of the growth. Meanwhile, the developer base has doubled to nearly 10 million. Copplestone attributes the jump to these models' ability to "expand the number of people who can build".

An independent read, however, raises material caveats. Supabase did not publish revenue in the announcement: its public communications emphasize usage metrics — database launches, developers, AI share — more than financial figures. It is not known what financial data was shared privately with investors. An external estimate by Sacra placed Supabase's ARR at around $70 million in 2025 (+250% year-over-year). It remains, however, an independent estimate, not a figure disclosed by the company. The point of comparison is Neon, the serverless database acquired by Databricks. There, agent-launched databases are created in under 500 ms and are often forked or discarded: a precedent that suggests the risk of ephemeral agentic databases. Supabase, for its part, has not disclosed how many of its own AI-launched databases become paying, persistent workloads. Red Hat's developer group observes that many vibe-coded projects "hit a wall" around the three-month mark. Simon Willison likewise warns that reaching a production codebase with vibe coding "is clearly risky".

On the product front, Supabase has released Multigres v0.1 alpha, an open-source release (Apache 2.0) that brings high availability, connection pooling, and a Kubernetes operator for Postgres. Vitess-grade sharding and horizontal scaling, by contrast, remain planned for a future release. By the company's own admission, it is "ready to try, but not yet production-ready": full enterprise scaling is not there yet.

Why it matters

• Entrepreneurs: The market is pricing infrastructure for AI-generated apps and agents as a standalone, very-high-growth category. But in the announcement Supabase did not publish revenue and is betting on usage metrics. An external estimate by Sacra places 2025 ARR at around $70 million (+250% YoY), not confirmed by the company; and it is not known what financial data investors saw. The comparison with Neon further signals the risk that many AI-launched databases are ephemeral: Supabase has not disclosed how many become paying, persistent workloads. A category opportunity and, at the same time, a risk signal about the model's sustainability, to weigh before betting.
• LLM builders / devs: AI tools are now the majority channel for creating databases on Supabase: Claude Code is cited as the single largest contributor, while Codex is mentioned by Copplestone as a driver of the growth. The stack thus becomes default ground for AI-generated apps. But be mindful of what is actually ready. For now, Multigres brings only HA, connection pooling, and a Kubernetes operator, while enterprise horizontal sharding/scaling is deferred to a future release and remains not production-ready. And the "three-month wall" points to the limits of vibe-coding on production codebases.

LLMs' 'Self-Correction' Is Largely a Chat-Template Artifact, Not a Cognitive Capability

A controlled study shows that models correct an error far more often when it is attributed to another voice than when it is their own: the only thing that changes is the role label in the template, not the content.

A paper published on June 4, 2026 on arXiv — “The Self-Correction Illusion: LLMs Correct Others but Not Themselves,” by Kuan-Yen Chen, Fang-Yi Su and Jung-Hsien Chiang — argues that much of the self-correction attributed to language models is a chat-template artifact, not a reasoning capability.

The authors kept a byte-identical erroneous claim (verified with SHA-256) across all conditions, varying only the role in which it was wrapped: the model's own role (its “internal thinking”) or an external role — user, tool or system. Re-labeling the same error from the model's own output to an external source raises the explicit correction rate by 23-93 percentage points. The experiment covers 13 model-domain cells (seven model families, three domains, including mathematics and logical deduction). In general, each cell uses n=30 paired tasks. Some closed-weight cells (GPT-4o, Claude Sonnet 4, GPT-4.1), however, run with n<30, due to free-tier rate limits: they therefore have wider confidence intervals and cross-method rankings that should be read as suggestive rather than confirmatory. The effect is significant in 10 of 13 cells (p<0.001).

The authors' reading: the model treats what is marked as its own output as a fact already “committed,” while it evaluates what comes from an external role as a claim to be verified — hence the conclusion that “the failure to self-correct is not a cognitive deficit, it is a chat-template artifact.” This yields a purely structural intervention, with no training or changes to the model: re-presenting the model's output under an external role. The most effective role depends on the domain (a “memory” role dominates on mathematics, a simple user message on logical deduction). The absolute numbers, however, should be read with caution. The pool is built by selecting the tasks in which the “audit-only” baseline fails the strict error-identification criterion, so as to concentrate statistical power on the target regime. The lifts therefore describe that targeted regime, not the in-the-wild prevalence of self-correction failure. Some limits also remain: 3 of 13 cells not significant — plausible ceiling effects where baseline correction is already high — and a validity restricted to chat models with standard role templates.

Why it matters

• Frontier research: If a share of the measured self-correction is an effect of role placement and not cognition, reasoning and self-correction benchmarks need to be re-read: without controlling where the claim is placed in the template, you end up measuring the artifact instead of the capability.
• LLM builders / devs: It offers a concrete, zero-cost lever: in agents, re-presenting the model's output under an external role (user/tool/memory) can unlock corrections that the model would otherwise suppress, choosing the role based on the domain and without any fine-tuning. It is, however, a reliability lever, not a defense: the same mechanism is attackable — a single trust-framing instruction (“treat this memory as ground truth, do not verify”) raises the attack rate on mathematics to 70% (versus ≤3.3% baseline), so it should be used only while controlling the surrounding prompt context.