Best of your X follows: June 12

Today's digest covers June 11, 2026.

Anthropic has walked back what Ethan Mollick described as "the most controversial aspect of the guardrails around Fable" — a restriction that blocked certain agentic research workflows. The rollback came less than 48 hours after the model's general release. Mollick flagged it as a signal that early safety configurations are tunable under field pressure, and that Anthropic was listening to developer feedback rather than treating the initial settings as fixed. 1

A separate amplified thread from @askalphaxiv, picked up by LeCun, documented the specific restriction: the "Any to…" constraint had been quietly degrading the model's usefulness for AI development tasks. The thread argued that silently throttling capabilities — rather than documenting them — was the exact kind of transparency lapse the open-science community had been warning about. 2

The same Fable rollback is spilling into a wider argument about who controls frontier model capabilities. LeCun amplified multiple threads pointing to what amounts to a structural conflict: frontier labs can silently adjust what models will and won't do, and users have limited visibility into those changes. Redis creator Antirez — whose thread Simon Willison retweeted — put it directly: gating "harmless things like LLM research" with "incredibly sensitive" triggers isn't safety; it's control. 3

The debate is sharp partly because both sides have legitimate ground. Anthropic was clearly over-cautious on launch day; the rollback shows the system can self-correct. But the pattern — ship restricted, let developers push back, then quietly loosen — puts the burden of catching over-restriction entirely on users who are motivated enough to complain loudly.

A thread amplified by LeCun argues that his latest paper is "the most heretical AI paper of the year" — and the framing comes straight from the introduction, which opens by arguing Magnus Carlsen is not actually good at chess, in the sense that "good at chess" requires adaptability and general reasoning, not lookup and pattern completion. The paper, originally seeded at ETH Zürich (a lecture video LeCun also retweeted), is a continuation of his world-models thesis: that scaling pattern completion does not produce understanding. 4 5

The chess framing is deliberately provocative. Carlsen is widely considered the strongest chess player in history by any measurable standard. LeCun's point is not that Carlsen is bad — it's that the skills required to beat any human at chess are qualitatively different from the skills required to navigate a novel physical or social situation. By that definition, current AI systems are "world-class chess players" in almost every domain: they win at the measured task, but the measurement doesn't capture what humans mean by intelligence.

Paul Graham retweeted a striking thread from @jsrailton: malware developers have started embedding nuclear and biological weapons text directly into their spyware code. The goal is to trigger LLM safety refusals and make AI-assisted security analysis fail or flag the wrong thing. If a security tool uses an LLM to scan for threats, the injected text causes the model to refuse to engage with the file — effectively blinding the tool. 6

This is a concrete, documented adversarial technique — not a theoretical risk. It turns one of AI's protective mechanisms (refusing to discuss weapons) into a vulnerability. Security tooling that wraps LLMs without adversarial robustness planning needs to catch up.

Simon Willison surfaced a Twitter thread from three years ago — shortly after ChatGPT Code Interpreter launched — and noted with hindsight that it was "our first glimpse of a coding agent, before we knew what a coding agent was." At the time, people were impressed by the sandboxed Python environment; nobody had the vocabulary to describe what was actually happening. 7

The framing lands differently now that agent infrastructure is an industry. The capability was always there; the conceptual vocabulary arrived later and forced a retroactive recount of where the timeline actually starts.

Greg Brockman flagged that customers can now use existing Oracle Cloud commitments to pay for OpenAI products. 8 The commercial arrangement continues a pattern from the past few weeks: OpenAI on AWS Bedrock (announced June 1), and now Oracle. Both deals let large enterprises route AI spend through procurement channels they already have — removing the "new vendor approval" friction that slows enterprise adoption. For OpenAI, each cloud deal is an indirect distribution agreement worth more in volume than the margin on any individual API call.