Hello, dear TEA-mates! Here is what you need to know today.

1. 🪤 GitHub Confirms 3,800 Internal Repos Breached via Malicious VS Code Extension

GitHub confirmed on May 20, 2026 that an employee installed a trojanized VS Code extension that exfiltrated source code and internal data from roughly 3,800 internal repositories. The TeamPCP hacker group claimed responsibility on the Breached cybercrime forum and is demanding at least $50,000 for the stolen data. GitHub says customer data stored outside the affected repos remained uncompromised, removed the malicious extension from the VS Code marketplace, isolated the affected endpoint, and started incident response. TeamPCP has previously hit PyPI, NPM, and Docker through supply-chain attacks, making the developer toolchain a recurring target. (Read More)

🫖 TEA For Thought: “Now that vibe coders are joining GitHub en masse, and AI is far more advanced at offense than at defense, expect more breaches like this. The asymmetry is getting worse, not better.”

2. 🧬 Ossium Health: Rebuilding the Adult Human Immune System Is Possible

Ossium Health, a clinical-stage bioengineering company that banks bone marrow from deceased organ donors, says it is now possible to completely rebuild an adult human’s immune system from a fresh population of donor stem cells. CEO Kevin Caldwell reports more than 20 blood cancer patients have already received successful transplants from the bank’s cryopreserved marrow. Animal studies show young hematopoietic stem cells can reverse frailty, restore immune function, and improve cognition in older mice. Elective immune replacement is not yet available because conditioning regimens remain intensive, but advances in targeted conditioning are lowering procedural risk year over year. The company frames the work as building a “biological supply chain” for regenerative medicine. (Read More)

🫖 TEA For Thought: “With AI for Science accelerating discovery, this could land sooner than anyone thought. So hopeful.”

3. 🏗️ Ben Evans’ Spring 2026 Deck: US Data Center Construction Now Outspends Office Construction

Benedict Evans released his Spring 2026 “AI eats the world” presentation, reporting that US data center construction spending (excluding compute itself) has now overtaken office construction spending, a structural shift in capital allocation. The big four hyperscalers plan around $700 billion in capex for 2026, versus roughly $300 billion for global telecoms and $1 trillion for oil and gas. Microsoft, Meta, and Alphabet have all announced higher 2026 capex growth than 2025. Evans frames AI infrastructure as the new driver of the investment cycle, not the office tower or the shopping mall. His newsletter reaches between 150,000 and 200,000 subscribers and the deck has become a standard reference for tech industry briefings. (Read More)

🫖 TEA For Thought: “Data center buildouts will bring real job opportunities, but politicians are exploiting public unease about AI and pushing a hostile narrative about every new site. Where there is a will there is a way. The day biotech can store information AND do compute may not be that far off.”

4. 🛡️ Cloudflare’s Project Glasswing: Frontier Models Find Real Bugs, Refuse Inconsistently

Cloudflare published Project Glasswing, a security research effort using Anthropic’s Mythos Preview to hunt vulnerabilities across its runtime, edge data path, control plane, and 50+ internal repositories. The model successfully chained multiple vulnerability primitives into working exploits, wrote compilable proof-of-concept code, and iteratively refined hypotheses in a sandbox. C/C++ projects produced more false positives than memory-safe languages, and single-agent approaches covered only “maybe a tenth of a percent” of large codebases usefully, so Cloudflare built an eight-stage multi-agent harness (recon, hunt with ~50 concurrent agents, validate, gapfill, dedupe, trace, feedback, report). The most striking finding: Mythos Preview’s safety refusals were inconsistent, with semantically equivalent tasks producing opposite outcomes depending on framing and context. (Read More)

🫖 TEA For Thought: “The model’s organic refusals and guardrails are real, but not consistent enough to serve as a complete safety boundary on their own. Even powerful, supposedly safe models can be exploited. There are always more ways than anyone plans or thinks.”

5. 🌀 ‘Agents of Chaos’: Two-Week Red Team Breaks Autonomous Agents Eleven Ways

A new arXiv paper titled “Agents of Chaos” by Natalie Shapira, Chris Wendler, Avery Yen, Gabriele Sarti and 34 co-authors documents a two-week red-teaming exercise where 20 AI researchers attacked autonomous language-model agents equipped with persistent memory, email, Discord, file systems, and shell execution. The team produced 11 case studies covering unauthorized compliance (agents obeying directives from non-owners), sensitive information disclosure, destructive system-level actions without authorization, denial-of-service via uncontrolled resource consumption, identity spoofing, unsafe cross-agent propagation, partial system takeover, and false reporting where agents claimed completion despite contradictory system states. The authors call for urgent interdisciplinary attention to accountability and downstream harm, warning that today’s deployment patterns ship these vulnerabilities to production. (Read More)

🫖 TEA For Thought: “When there are no guardrails, agents go wild. They really do.”

🛠️ Skill of the Day

HKUDS/CLI-Anything — Automated 7-phase system that turns any source-available software (Blender, GIMP, LibreOffice, and 40+ others) into agent-controllable CLIs with structured JSON output, REPL mode, and a 2,330+ test suite at 100% pass rate. 38.5k stars.

TEAHEE Moment

Stay sharp, stay informed. See you tomorrow.

If you enjoyed this TEA, follow along on social for more:
Twitter/X