Today we’re introducing Gemma 4 12B — our latest open model that brings advanced agentic reasoning, vision and audio directly to your laptop.
It delivers performance nearing our larger Gemma models with a much smaller total memory footprint, while being small enough to run locally with just 16GB of VRAM. It’s open and accessible for everyone to use under a permissive Apache 2.0 license.
This is all made possible by our new, unified architecture that removes separate multimodal encoders. Here’s how we did it 🧵
‼️🚨 BREAKING: An AI found a Linux kernel zero-day that roots every distribution since 2017. The exploit fits in 732 bytes of Python. Patch your kernel ASAP.
The vulnerability is CVE-2026-31431, nicknamed "Copy Fail," disclosed today by Theori. It has been sitting quietly in the Linux kernel for nine years.
Most Linux privilege-escalation bugs are picky. They need a precise timing window (a "race"), or specific kernel addresses leaked from somewhere, or careful tuning per distribution. Copy Fail needs none of that. It is a straight-line logic mistake that works on the first try, every time, on every mainstream Linux box.
The attacker just needs a normal user account on the machine. From there, the script asks the kernel to do some encryption work, abuses how that work is wired up, and ends up writing 4 bytes into a memory area called the "page cache" (Linux's high-speed copy of files in RAM). Those 4 bytes can be aimed at any program the system trusts, like /usr/bin/su, the shortcut to becoming root.
Result: the next time anyone runs that program, it lets the attacker in as root.
What should worry most: the corruption never touches the file on disk. It only exists in Linux's in-memory copy of that file. If you imaged the hard drive afterwards, the on-disk file would match the official package hash exactly. Reboot the machine, or just put it under memory pressure (any normal system load that needs the RAM), and the cached copy reloads fresh from disk.
Containers do not help either. The page cache is shared across the whole host, so a process inside a container can use this bug to compromise the underlying server and reach into other tenants.
The original sin was a 2017 "in-place optimization" in a kernel crypto module called algif_aead. It was meant to make encryption slightly faster. The change broke a critical safety assumption, and nobody noticed for nine years. That bug then rode every kernel update from 2017 to today.
This vulnerability affects the following:
🔴 Shared servers (dev boxes, jump hosts, build servers): any user becomes root
🔴 Kubernetes and container clusters: one compromised pod escapes to the host
🔴 CI runners (GitHub Actions, GitLab, Jenkins): a malicious pull request becomes root on the runner
🔴 Cloud platforms running user code (notebooks, agent sandboxes, serverless functions): a tenant becomes host root
Timeline:
🔴 March 23, 2026: reported to the Linux kernel security team
🔴 April 1: patch committed to mainline (commit a664bf3d603d)
🔴 April 22: CVE assigned
🔴 April 29: public disclosure
Mitigation: update your kernel to a build that includes mainline commit a664bf3d603d. If you cannot patch immediately, turn off the vulnerable module:
echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf
rmmod algif_aead 2>/dev/null || true
For environments that run untrusted code (containers, sandboxes, CI runners), block access to the kernel's AF_ALG crypto interface entirely, even after patching. Almost nothing legitimate needs it, and blocking it shuts the door on this whole class of bug...
The Head of Claude Code at Anthropic hasn't written code by hand in months.
In 2 days he shipped 49 full features. 100% written by AI.
He just dropped a 30-minute talk on exactly how he does it.
More valuable than any $500 vibe coding course. Bookmark it.
Our virtual hackathon is back! Join us for a week of building with Opus 4.7 alongside developers from around the world.
The Claude Code team will be in the room all week, with a prize pool of $100K in API credits.
The human brain is truly a marvel of nature.
If you horribly reductive, and boiled it down to a language model, you'd be looking at roughly 100 trillon parameters running as a sparse MoE architecture
Only about 1-5% of neurons fire at any given moment, meaning the brain "activates" maybe 1-5 trillion parameters per inference step.
For context, the largest AI models we've built probably top out around 5 trillion parameters.
The brain is roughly 100x larger. Even its active params at any given moment are larger than almost every model in existence today.
Here's what melts my brain (pun intnended) though
Your brain does all of this on about 20 watts of power, less than a dim light bulb.
Training a frontier AI model consumes enough electricity to power small cities for months. Running inference across data centers pulls megawatts.
Your brain runs 24/7 for 80+ years on the equivalent of a phone charger.
We haven't come close to matching the brain's scale. And we're not even in the same universe when it comes to efficiency.
Evolution spent 500 million yrs optimizing the most energy-efficient intelligence architecture ever known. we're trying to brute force our way there with compute and electricity.
Nature is still the best engineer in the room.
NEW:
🇨🇳 China is building massive floating solar farms over bodies of water.
Shading the water cuts evaporation by up to 70% and boosts panel efficiency via natural cooling.
🚨🚨🚨How can anyone still be bearish on $XRP when a $499B giant Mastercard will use XRPL for stablecoin credit settlement and cross-border payments?
This isn’t a theory. It’s live adoption by one of the most dominant forces in global finance.
And here’s the kicker:
→ Visa ($637B)
→ PayPal ($61B)
→ Stripe ($91B private)
→ Elon’s X money (upcoming)
These multi-billion dollar giants are the most obvious next players to follow Mastercard, announcing XRPL integrations for tokenized payments, on-chain settlement, and stablecoin rails.
This is a bet on global financial infrastructure.
The world is integrating XRPL while retail is still arguing over $XRP price.
How many signals do you need before you realize this is where the future gets settled?
Most won’t see it until it’s everywhere.
Repost this to wake someone up. Follow if you're already wide awake.