AI Daily: Defense Contract Controversy, Gemini Security Flaws, and Latest Model Advancements

Did you know? The artificial intelligence landscape has been full of dramatic developments over the past few days. From fierce clashes between tech giants and government militaries, to seemingly harmless development tools suddenly turning into massive security vulnerabilities, every event is shaping the future trajectory of the entire industry. Here is a detailed breakdown of the context behind these important events.

AI Companies Picking Sides Over Defense Contracts

The most eye-catching news in recent days has undoubtedly been the intense conflict between Anthropic and the US Department of War. On February 26, Anthropic released a public statement regarding their discussions with the Department of War, declaring their refusal to compromise on two core bottom lines: prohibiting the use of their technology for mass domestic surveillance and for fully autonomous weapons systems. The company even walked away from hundreds of millions of dollars in potential revenue to uphold these principles.

(Anthropic has actually been an active supporter of US defense and was even the first frontier AI company to deploy models within the US government’s classified networks. They have also previously forgone hundreds of millions in revenue to block companies linked to adversarial foreign governments.)

This event immediately triggered a strong chain reaction. Pete Hegseth, the US Secretary of War, subsequently announced that Anthropic was being designated as a “supply chain risk.” Faced with this severe accusation—typically reserved for companies from hostile nations—Anthropic did not back down. On February 27, they issued an official statement responding to Pete Hegseth’s comments, emphasizing that they would challenge the decision through legal channels and would not yield.

Then came an interesting twist. As this storm intensified, OpenAI announced the very next day that they had reached a partnership agreement with the Pentagon. Some might wonder, how was OpenAI able to successfully sign the contract? According to the contents of their published agreement with the Department of War, OpenAI actually adhered to the exact same red lines, prohibiting the application of their technology for domestic surveillance and autonomous weapons. The key to their approval lay in their adoption of a “pure cloud” deployment architecture. This approach eliminates the possibility of edge device applications, making it impossible for autonomous weapons to operate directly. In addition, they retained complete security safeguards and personnel vetting authorities (such as cleared safety and alignment researchers). This highlights the stark contrast in the strategies different companies employ when navigating government relations and technological restrictions.

A Seemingly Harmless API Key Turns Into a Security Flaw?

Speaking of enterprise-level technological applications, the security of underlying infrastructure simply cannot be ignored. Truffle Security recently exposed a highly critical design flaw. In their report titled Google API keys weren’t secrets, but then Gemini changed the rules, they pointed out that public keys that many developers had historically placed on website front-ends can now be directly used to access the Gemini API.

(When initially receiving the report, Google actually refused to acknowledge it as a vulnerability, classifying it as “Intended Behavior.” It was only after the security team presented evidence showing that Google’s own public product pages were also exposing API keys that Google internally shifted its stance, upgrading the issue to a bug and beginning to patch it.)

What exact impact does this have? Frankly, the consequences are very serious. In the past, Google’s official documentation explicitly told developers that API keys for services like Firebase or Maps did not need to be kept secret. Now, as long as the Gemini service is enabled within the same project, those keys that have long been exposed are granted elevated privileges. Hackers don’t even need to touch your server; they just have to copy the string of characters from the webpage’s source code, and they can read the private files you’ve uploaded or spam API calls until your bill skyrockets. Truffle Security scanned the public internet and found nearly 3,000 such highly dangerous keys, some even belonging to Google’s own product pages. This serves as a stark warning to all development teams that they must immediately audit and rotate those outdated credentials.

Speaking of Google’s development tools, they have also been causing headaches for many engineers lately. Google published an announcement on their official forum, requiring developers to migrate from Gemini 3 Pro Preview to Gemini 3.1 Pro Preview before March 9, 2026. Many community members have complained that the new 3.1 version often experiences latency and timeout issues on specific tasks, and even underperforms compared to the older version in terms of writing and humor. This has certainly been a significant frustration for applications that urgently rely on stable services.

Seamless Workflow Transitions and Expansions

Let’s now turn our attention to practical tools that make life easier. Claude recently launched a very thoughtful new feature allowing users to directly import memories from other AI services. How does it work? Simply paste a specialized prompt into the chat interface you originally used, copy the generated results, and paste them into Claude’s settings. It will automatically update and remember your work habits and preferences. For anyone who wants to switch platforms but is reluctant to part with months of accumulated conversation context, this is an absolute godsend. Currently, this feature is available to all paid tier users.

Additionally, Noah Zweben announced a brand new remote control feature for Claude Code on social media. This preview feature, designed for Max plan users, allows you to seamlessly transfer the progress of a local terminal conversation to your mobile phone by simply entering the /remote-control command. Imagine the scenario: when you hit a coding bottleneck, you can directly leave your seat to take a walk, walk the dog in the sun, and simultaneously continue pushing your work forward on your phone. This development experience that breaks the boundaries of physical space is indeed very appealing.

Code Generation Tech and the Counterattack of Small Models

Finally, let’s look at the latest advancements in model training. The Cognition team just released the SWE-1.6 early preview. This model, which focuses on software engineering tasks, maintains a generation speed of 950 tokens per second while achieving an 11% improvement over its predecessor in the SWE-Bench Pro evaluation. The team noted in their article that by scaling up their reinforcement learning infrastructure, they taught the model to think for longer periods. However, they also admitted that this training method occasionally causes the model to overthink and fall into meaningless self-verification loops. This is a challenge that must be overcome to improve the user experience in the future.

At the same time, exciting news has emerged from the open-source community. According to a social media prediction by Casper Hansen, small-scale versions of Qwen3.5 are about to be released, potentially covering sizes such as 9B, 4B, 2B, and even 0.8B. Why is this significant? It proves that solving complex problems doesn’t only require massive behemoths. A 9B sized model might perform better than a previous-generation large model of up to 80B, while a 4B model might surpass a 30B legacy model in multimodal reasoning. This means the return on investment for hardware purchases is climbing sharply; in the future, even consumer-grade graphics cards will be capable of producing stunning computational results.

Looking back at the industry changes over the past few days, from the ethical tug-of-war over defense contracts to the security maintenance of daily tools, the trajectory of artificial intelligence development has long ceased to be just about simple technical upgrades. It deeply involves complex commercial considerations and social impacts. Staying sensitive to this information is the only way to stand firm in this rising tide.