Lumina Digest

Oracle Drops About 12% Despite a Record Quarter: The AI Capex Bill Weighs Heavy

The stock posts its worst session since January 2025 after better-than-expected results: the market is pricing in the ~$70 billion in net capex projected for FY2027, the negative free cash flow, and the backlog's concentration on OpenAI.

Oracle lost about 12% (-11.97%, to $178.16) in the session of June 11, 2026, its worst since January 2025: over $70 billion in market value wiped out in a single day. And yet the quarter was a record. In the fiscal fourth quarter (ended May 31), revenue rose to $19.2 billion (+21% year over year), above consensus. Non-GAAP earnings per share came in at $2.11 (+24%). Cloud revenue grew 47% to about $9.9 billion, with OCI — the infrastructure arm — up 93% ($5.8 billion). The backlog (RPO) exploded to $638 billion, +363% year over year (CNBC).

What spooked the market is the AI infrastructure bill. FY2026 capex rose to $55.7 billion, against $50 billion of guidance. New CFO Hilary Maxson pointed to a net cash outlay of around $70 billion for FY2027 ($90-95 billion gross, net of $20-25 billion in customer prepayments). FY2026 free cash flow came in negative at $23.7 billion, from -$0.4 billion the year before. BofA warns it could stay negative through FY2029 (Benzinga). To fund the race, Oracle expects to raise about $40 billion in debt and equity, on top of borrowings already above $162 billion (Reuters).

The most debated issue is the backlog's concentration. According to an independent analysis, about 47% of RPO depends on OpenAI, which bills ~$2 billion a month but is not yet profitable. Guggenheim, by contrast, argues that the concentration is improving, with four customers each worth over $8 billion (The Motley Fool). Analysts remain largely bullish (price targets as high as $400), but the market punished the "narrow beat" and the doubts over returns and financing.

Why it matters

• Entrepreneurs: Even with record results, the market rejected the "AI narrative" alone: what counts is how growth gets funded. Free cash flow at -$23.7 billion, ~$40 billion still to be raised, and debt above $162 billion say that what's needed is unit economics, cash, and credible financing plans — not just a bloated backlog.
• ICT engineers / IT managers: Oracle is building OCI capacity at a huge pace (+93%), but the provider's financial resilience and the backlog's concentration on a few customers (OpenAI) become due diligence criteria for anyone choosing cloud infrastructure: margins under pressure and outsized capex can affect pricing, SLAs, and service continuity.

CISA Mandates 3-Day Patching for Critical Flaws, Citing AI Acceleration

The new Binding Operational Directive BOD 26-04 replaces uniform deadlines with a four-factor risk model and explicitly points to artificial intelligence as the reason for the tightening. It also introduces a requirement to check for compromise before applying the patch.

With Binding Operational Directive BOD 26-04 "Prioritizing Security Updates Based on Risk", issued on June 10, 2026, CISA requires U.S. federal civilian executive branch (FCEB) agencies to remediate the most dangerous vulnerabilities within 72 hours. The directive replaces BOD 19-02 (2019) and 22-01 (2021) and scraps the uniform deadlines, such as the previous roughly two-week window for the KEV catalog. In their place it introduces a four-factor risk model: internet-exposed asset, presence in the Known Exploited Vulnerabilities (KEV) catalog, automatable exploit, and the ability to gain control of the system. Flaws that combine these criteria fall into the 3-day window; other categories have longer deadlines. The deadline extends to up to two weeks for vulnerabilities that meet the criteria but are not automatable, while lower-risk ones can be deferred to the next system update.

The directive and CISA's statements explicitly cite AI as the reason for the tightening: "defenders cannot afford to take weeks to patch systems that can be exploited autonomously and at scale," said Chris Butera, CISA's acting executive assistant director, citing artificial intelligence's ability to find and exploit vulnerabilities at an increasing pace.

The directive adds an often-overlooked requirement: before patching, agencies must check for any compromise, because "applying a patch typically does not evict a threat actor." Implementation is staggered: 60 days to update processes, 180 for full compliance.

Doubts remain: Tod Beardsley, former lead of CISA's KEV catalog, says he is "doubtful" that a three-day deadline spread across more than a hundred agencies is an achievable cadence today. CISA's own analysis estimates that at a single agency only 1% of vulnerabilities would fall within the 3 days, while more than 60% remain less severe and deferrable to the next system update.

Why it matters

• ICT engineers / IT managers: The operational benchmark for vulnerability management is shifting: an up-to-date asset inventory, exploitability scoring, and emergency change procedures must be ready before the crisis cycle, not improvised during it. Even outside the federal perimeter, the 72-hour window becomes the new defensible reference point, and the requirement to triage for compromise before patching redefines the response runbook.

AI Stocks Sell-Off: Super Micro Plunges 28% After a $7 Billion Capital Raise

A sharply lower session for AI and semiconductors on June 10: Super Micro plunges after announcing a $7 billion raise, Nvidia drops 3.7% and the entire chip sector pulls back amid elevated valuations, inflation and geopolitical tensions.

On June 10, 2026, artificial-intelligence and semiconductor stocks led a sharply lower session on Wall Street. The most dramatic case is Super Micro Computer, which crashed about 28% (closing at $29.27) after announcing — after the market close on June 9 — a plan to raise $7 billion through common stock, convertible preferred shares and an at-the-market program. The capital will fund the purchase of components to fulfill roughly $39 billion in AI server orders received from over 20 customers: orders that Supermicro itself warns do not constitute firm commitments and remain subject to cancellations, delays and compliance with the contractual terms by both parties. The market read the raise as dilution and sold.

The decline spread to the entire chip sector. Nvidia lost 3.7%, the biggest drag on the S&P 500 (market capitalization near $4.9 trillion); Broadcom fell 5.1% and the memory names — Micron (between −4% and −4.7%, though up +212.5% year-to-date), SK Hynix and Samsung — lost ground. The indexes closed in the red: S&P 500 −1.6% at 7,266.99, Nasdaq −2% at 25,169.50, Dow −1.9% at 49,918.78.

The decline reflects macro factors on top of valuations judged to have "risen too fast": U.S. inflation at 4.2% in May (the highest in about three years) and tensions with Iran that pushed Brent above $93 a barrel and hit fuel-sensitive stocks (United −6.2%, Carnival −6.3%). On Super Micro's raise the readings diverge: for some analysts it is not a balance-sheet bailout but a growth-driven capital call, with mostly "hold" ratings and an average price target around $37.63.

Why it matters

• Entrepreneurs: The repricing hits two nerves: the cost of capital (Super Micro's punishing dilution signals how strict the market has become about funding growth) and the sustainability of AI spending. Anyone planning capital raises or weighing exposure to the sector must factor in volatility and a demand for margin discipline far higher than a few months ago.
• ICT engineers / IT managers: The financial strain on AI hardware suppliers (servers, GPUs, memory) directly affects procurement roadmaps and infrastructure budgets: the health of a vendor like Super Micro — which is diluting shareholders with a $7 billion equity/equity-linked raise to fund the purchase of components against ~$39 billion in AI orders that are announced but not yet firm commitments — and the swings in memory prices are variables to watch for anyone sizing or buying AI capacity.

NIST proof: no finite set of guardrails blocks every jailbreak

A NIST senior scientist proves, by extending Gödel's theorems, that for any finite set of rules there exists a prompt that bypasses them. AI security shifts from static blocking to continuous monitoring.

Apostol Vassilev, a senior scientist at NIST, has published in IEEE Security & Privacy a mathematical proof that for any finite set of guardrails there exists a prompt capable of making the model ignore them. The result — in the paper "Robust AI Security and Alignment: A Sisyphean Endeavor?" — extends Gödel's incompleteness theorems (1931) to AI. For every consistent formal system expressive enough to encode a certain amount of arithmetic there exist statements that are true but unprovable within it; this does not, however, hold for any finite set of axioms, since complete and decidable theories exist. By analogy, a finite set of rules cannot be both complete and consistent against every input, and adding rules to close one gap opens new ones.

On the technical side, the proof relies on Chaitin's formalization of Gödel's theorem and models the guardrail as a "checker" that verifies whether a prompt belongs to the forbidden set; because "language is infinitely ambiguous," the ways to conceal a harmful intent are unlimited. One caveat is central and must be stressed: the proof is NON-constructive — it proves that the prompt exists, but gives attackers no recipe for finding it, pushing them toward costly zero-days.

Independent data confirm the fragility: in the paper "No, of Course I Can! Deeper Fine-Tuning Attacks That Bypass Token-Level Safety Mechanisms" researchers from Stanford, ServiceNow Research and FAR AI show that a fine-tuning attack bypasses Claude Haiku in 72% of cases and GPT-4o in 57% — figures also picked up by Help Net Security, which notes that in 2025 OWASP ranked prompt injection as the number-one LLM risk. Vassilev's conclusion: abandon the "one and done" model in favor of continuous red teaming, incremental hardening and operational resilience, until exploitation becomes economically prohibitive.

Why it matters

• LLM builders / devs: The proof closes the door on the "perfect" static guardrail: model-level controls alone are not enough (Claude Haiku and GPT-4o bypassed in the majority of fine-tuning tests). A multi-layered defense must be designed, with continuous red teaming and production monitoring, not a rule set defined once and for all.
• ICT engineers / IT managers: AI security becomes a permanent operational process, not a one-off acceptance test: budgets and processes are needed for continuous adversarial testing (integrated into CI), recurring guardrail updates, and the ability to rapidly contain and recover from incidents.

Canada Introduces the Safe Social Media Act: Social Media Banned Under 16 and New Duties for AI Chatbots

On June 10, 2026, the Canadian government tabled Bill C-34 at first reading: a minimum age of 16 for social media, a 'duty to act responsibly' for AI chatbots, and a new Digital Safety Commission. It is not yet law.

On June 10, 2026, the Government of Canada introduced at first reading in the House of Commons Bill C-34, the Safe Social Media Act, presented by Minister Marc Miller. Note: the bill has been introduced, it is not yet in force. It would establish two new laws — the Digital Safety Act and the Digital Safety Commission of Canada Act — and a Digital Safety Commission tasked with enforcing the rules, issuing regulations, assessing compliance, and handling complaints.

The framework rests on three duties: a duty to protect children extended to all regulated services, a duty to act responsibly, and the obligation to make certain content inaccessible. For social media, a minimum age of 16 would apply to opening an account, with the possibility of an exemption for platforms that demonstrate adequate safeguards for minors. AI chatbots would be subject to a tailored duty to act responsibly: mitigating the risk that the bot communicates harmful content, providing emergency measures in crises, and reducing harmful behaviors. Platforms would have to handle seven categories of harmful content and promptly remove the most serious material. Penalties of up to 3% of global revenue (with a 10 million dollar threshold) and up to 5% for operator offenses are provided for.

The bill is already contested. Legal scholar Michael Geist notes that "almost every key component" — which platforms are covered, what age verification counts as adequate, what measures are needed to obtain an exemption — is deferred to regulations that do not yet exist: a "trust us" approach that, he writes, will entail years of implementation and likely court challenges. Geist also stresses that a minimum age is "effectively an age-verification requirement for everyone," because identifying who is under 16 means identifying anyone who is not. He further notes that, although the text is avowedly drafted "with the Charter in mind," constitutional risks around freedom of expression and privacy remain open.

Why it matters

• End users: The minimum age of 16 effectively translates into age verification for all users — not just minors — with direct implications for privacy and identification; and chatbots required to 'act responsibly' could apply more restrictive filters on sensitive topics.
• Entrepreneurs: Anyone running social media or AI chatbots aimed at the Canadian public will have to rethink onboarding, age verification, and moderation, with exposure to penalties of up to 3-5% of global revenue; the high share of rules deferred to future regulations makes compliance a moving target today.

AI-Designed Pan-Coronavirus Vaccine Antigen Passes Phase 1 in Humans

pEVAC-PS, the candidate from University of Cambridge and DIOSynVax, is the first vaccine whose active ingredient was designed entirely by computer to be tested in humans. In phase 1 it proved safe and well tolerated, but with a modest immune response in already-immunized volunteers.

University of Cambridge and its spin-out DIOSynVax have completed the first human trial of pEVAC-PS, a "pan-sarbecovirus" candidate vaccine whose antigen was designed by computer. The DIOSynVax platform applied machine learning to the genetic sequences of the entire sarbecovirus family — SARS-CoV-2, SARS, and bat coronaviruses. The goal was to build a single synthetic "super-antigen" that condenses the conserved features common to the whole group, including those of viruses that have not yet emerged. According to the university's announcement, this is the first time a vaccine whose active ingredient is "designed entirely from computer simulations" has reached human testing. The AI does not generate biology blindly; it selects and optimizes targets for conservation, structural accessibility, and potency.

The phase 1 study (open-label, dose-escalation) enrolled 39 healthy volunteers aged 18-50, all previously vaccinated against COVID. The DNA vaccine was administered intradermally and needle-free (PharmaJet Tropis device), with four doses from 0.2 to 1.2 mg on days 0 and 28. It proved safe and free of significant side effects, inducing measurable responses to the conserved epitopes of SARS-CoV-1 and SARS-CoV-2 and extending to bat viruses. The figure that tempers the enthusiasm, however, lies in the original study: immunogenicity was "modest" because of the participants' high pre-existing immunity and the Omicron waves during enrollment. Phase 1 demonstrates safety, not efficacy; a phase 2 in a larger and more diverse population will follow. The results are published in the Journal of Infection (June 2026).

Why it matters

• Frontier research: It is a methodological precedent: for the first time, a vaccine's active antigen reaches humans after being designed entirely by computer across an entire viral family. But the modest immunogenicity is a reminder that AI-driven design shortens the design timeline, it does not replace clinical validation: the bottleneck remains the trial.
• End users: The promise is a "universal" vaccine able to pre-emptively cover future coronaviruses, useful against the next pandemics. But we are at phase 1: only safety has been proven, the immune response is still limited, and there are years of development ahead before any possible public use.

NVIDIA Launches Cosmos 3, the Open Omni-Model for Physical AI

At COMPUTEX 2026, NVIDIA unveils an open foundation model that unifies visual reasoning, world generation, and action prediction in a single Mixture-of-Transformers architecture, with weights downloadable under the OpenMDW license.

NVIDIA unveiled Cosmos 3 on May 31, 2026, at GTC Taipei, during COMPUTEX 2026, describing it as the first fully open omni-model for physical AI. The model unifies visual reasoning, world generation, and action prediction in a single system, and can understand and generate text, images, video, ambient sound, and actions.

Architecturally, Cosmos 3 adopts a Mixture-of-Transformers design, pairing a reasoning transformer with an expert generation transformer. Specifically, the former interprets scene events — object interactions, motion, spatio-temporal relationships — before the latter produces physically plausible video and action trajectories. Native action generation returns numerical data such as joint angles, gripper positions, and trajectory points. These can be used as action data or trajectories to train, evaluate, or specialize robotic policies, subject to integration and validation on the specific embodiment.

The family includes Cosmos 3 Nano, described by NVIDIA as a 16-billion-parameter model, and the 64-billion Cosmos 3 Super (official Cosmos repository). The two transformers in the Mixture-of-Transformers are, respectively, an autoregressive transformer for reasoning and a diffusion transformer for generation. An Edge variant for real-time inference is announced as coming soon. The weights ship under the Linux Foundation's open OpenMDW 1.1 license, downloadable from Hugging Face and deployable as NVIDIA NIM microservices. Trained on billions of multimodal samples, according to NVIDIA it cuts physical AI training and evaluation cycles "from months to days."

NVIDIA claims first place on numerous leaderboards (Artificial Analysis, Physics-IQ, PAI-Bench, R-Bench). However, independent analysis notes that this lead is confined to open-weight models: on image and video, Cosmos 3 ranks behind the proprietary Nano Banana 2 model. At launch, the Cosmos Coalition was formed with Agile Robots, Black Forest Labs, Runway, and Skild AI.

Why it matters

• ICT engineers / IT managers: An open-weight foundation model for robotics and industrial systems, already packaged as NIM microservices and deployable on-prem via NIM/containers, lowers the barrier to bringing automation and perception into production. The open weights and the OpenMDW license reduce some portability barriers, while NIM remains an NVIDIA deployment path to weigh against your existing stack; an Edge variant for real-time inference is announced as coming soon. The promise of compressing training and evaluation cycles from months to days shortens adoption timelines (and costs), but it must be validated on your own use case before budgeting for it.
• LLM builders / devs: Two manageable sizes (16B and 64B) with a Mixture-of-Transformers architecture that separates an autoregressive reasoner from a diffusion generator, open weights under OpenMDW 1.1, and native action output: a concrete foundation to study, post-train, and extend for physical AI policies. Watch out for the leadership claim, though: first place is confined to open-weight models — behind the proprietary Nano Banana 2 on image and video — so the benchmarks should be re-verified on your actual task.

Record Patch Tuesday for Microsoft: Nearly 200 Fixes and a Contested BitLocker Bypass

The largest Patch Tuesday ever — around 200 fixes, partly driven by AI — puts YellowKey in the spotlight. It's the BitLocker bypass via Windows Recovery whose proof-of-concept surfaced outside coordinated disclosure.

The June 2026 Patch Tuesday is the largest Microsoft has ever shipped: nearly 200 vulnerabilities fixed across Windows and related products. It's a record volume that TechRadar attributes in part to AI-driven bug discovery. Two flaws stand out, both attributed to the researcher known as Chaotic Eclipse (aka Nightmare-Eclipse): GreenPlasma (CVE-2026-45586), a privilege-elevation flaw in the Windows Collaborative Translation Framework rated 7.8, and YellowKey (CVE-2026-45585), a BitLocker bypass rated 6.8.

YellowKey doesn't break the encryption: it sidesteps its perimeter. The attacker drops malicious NTFS transaction logs into the System Volume Information\FsTx folder, on a USB stick or on the EFI partition. On reboot into the Windows Recovery Environment the system replays them, deletes winpeshl.ini and falls back to cmd.exe instead of the locked recovery interface. By that point the TPM has already decrypted the volume. The attacker thus gains an administrative shell on a drive that BitLocker still believes is protected, in just a few steps after booting into WinRE, as documented by Eclypsium's analysis. The technique requires physical access and reuses legitimate WinRE behavior: it's the second family of recovery-based bypasses in eleven months, after BitUnlocker.

The case is contested on the disclosure front. The researcher published the proof-of-concept on GitHub outside coordinated disclosure. BleepingComputer reports that experts such as Kevin Beaumont and Will Dormann confirmed it works. Microsoft did not credit the author and initially threatened legal action, only to back down after the backlash. BleepingComputer reports that the company stated it will involve law enforcement only if a researcher "breaks the law and carries out malicious activity causing real harm to customers," not for those conducting or publishing security research. The public exploit affects only TPM-only configurations (the default on most Windows 11 machines). The recognized mitigation against the PoC is to require a PIN at startup (TPM+PIN). Eclypsium warns, however, that a UEFI/BIOS password is only a secondary control: it doesn't close the path in which the attacker removes the drive, modifies the EFI partition on another PC and reinstalls it in the machine. The researcher, for their part, claims to hold an unreleased variant capable of defeating the PIN as well.

Why it matters

• ICT engineers / IT managers: The record volume forces teams to accelerate testing and rollout across endpoints and servers (Windows Server 2022/2025 are affected too). The priority, though, is YellowKey: the fleet BitLocker policy should be revised, moving from TPM-only to TPM+PIN via GPO/PowerShell, the recognized mitigation against the public PoC. The UEFI/BIOS password remains only a secondary control and — Eclypsium warns — doesn't block the path in which the attacker removes the drive and modifies the EFI partition. The uncoordinated disclosure is also a wake-up call to harden the intake of external reports.
• End users: The BitLocker bypass requires physical access to the device and does not work remotely: the practical defense is to install the update right away and keep your laptop safe. Anyone storing sensitive data should consider adding a PIN at startup.