The main policy fight is no longer whether AI gets regulated, but who gets to do it. Congress tries to freeze state AI lawmaking at the same moment infrastructure vendors and model labs are moving control into the stack, whether that means access gates, memory optimizations, or the build tools developers touch every day.
Congress tries to freeze state AI lawmaking
House lawmakers have unveiled bipartisan AI legislation that would override some state AI laws and require top developers to implement risk-management plans, according to Politico as summarized in the source notes. The push follows the White House’s March 20, 2026 framework urging Congress to preempt state AI laws it considers burdensome; AP reported that recommendation directly. This matters because states are where most actual AI rules are landing today, not Washington.
There is a real split under the usual “patchwork” talking point. Semafor reported on June 3 that OpenAI is backing a more state-friendly “reverse federalism” approach rather than a blanket freeze, which suggests industry alignment is softer than lobby rhetoric implies. Meanwhile, a Cloud Security Alliance note dated April 4 said state AI laws remain in force and that no federal court has struck one down; it also flagged Colorado’s AI Act for June 30, 2026 implementation. Last year’s failed moratorium fight is the backdrop here: Reuters reported in June 2025 that attorneys general from 35 states plus D.C. warned Congress not to block state laws.
Cyber model guardrails obscure actual capability
OpenAI and Anthropic are increasingly framing frontier cyber systems as an access-control problem, not just a model-performance one. OpenAI said on February 5 that GPT-5.3-Codex was its “most cyber-capable frontier reasoning model to date” and launched Trusted Access for Cyber; on April 30, per OpenAI’s post, users accessing its most cyber-capable and permissive models were told to enable Advanced Account Security starting June 1, 2026. Anthropic made the same basic point from the other direction: its April 7 Red Team write-up called Mythos Preview a “substantial leap” in cybersecurity capability.
That does not prove every weak benchmark showing is fake, but it does complicate leaderboard takes. Axios reported on April 7 that Anthropic held back Mythos Preview because its hacking was too powerful, and followed on April 21 by saying the practical leap was doing known tactics faster and at greater scale for vetted partners. The methodological problem is obvious enough: some tests are grading refusal behavior and deployment policy as much as raw ability. Cybersecurity Dive, citing Cisco research across 15 models, reported on May 27 that single-turn attack success is a poor proxy for multi-turn behavior. Labs can call that safety progress. Operators should ask whether the model got safer, or just harder to access.
Cloudflare takes in the team behind Vite
Cloudflare said on June 4 that VoidZero is joining the company and that all VoidZero team members are joining too. In the announcement on Cloudflare’s blog, the companies said Vite, Vitest, Rolldown, Oxc, and Vite+ will remain open source, vendor-agnostic, and community-driven. The Vite blog added a concrete sweetener: Cloudflare is putting $1 million into a new open source fund for the Vite ecosystem.
The strategic point is not whether the repos stay MIT-licensed. It is that Cloudflare now sits closer to the default JavaScript toolchain while also selling the runtime those apps increasingly target. The company had already been tightening that link; Cloudflare launched its Vite plugin for Workers on April 8, 2025, and later added Vite 7 support on July 17, 2025. The official line is portability, and the notes support that. But owning more of the path from build step to edge deployment is still a useful place to be.
Huawei brings KVarN into the vLLM path
Huawei-affiliated researchers published KVarN on June 2 with a paper stating that a vLLM implementation is available on GitHub, according to arXiv. That is narrower than a corporate product launch, but it is still notable because KV-cache memory is a live serving bottleneck, not a lab curiosity. vLLM already supports FP8 KV-cache quantization in its official docs, and its April 22 blog post said FP8 KV-cache and attention quantization were ready to be the default starting point for many long-context deployments in memory-bound workloads.
The important shift is where the optimization lands. KVarN is entering one of the most widely used inference stacks rather than living as another standalone paper. That should make operators care more about memory per token than about yet another abstract efficiency chart. The caveat is straightforward: the notes do not show a Huawei corporate announcement, only a Huawei-researcher paper and repo, so this is a contribution into the vLLM ecosystem, not a formal platform deal.
Berkeley points to AI masking weak foundations
The Berkeley story is less about cheating than about measurement. The research notes do not provide a confirmed news report on the claimed classroom observations, so the strongest citable Berkeley evidence is a May 13, 2026 CSHE working paper showing that in AI-exposed courses the share of A grades rose by 13 percentage points versus the 2022 baseline. A May 20 Berkeley CSHE note added that two-thirds of undergraduates at major U.S. public research universities used GenAI in 2023 and 2024, according to the center’s summary.
That does not establish the scanner’s more specific claim about Berkeley CS students failing to explain architecture choices under exam conditions, because the notes do not verify it. It does support the broader warning: grades can move faster than underlying skill, and universities may have a harder time distinguishing assistance from understanding. If Berkeley is an early signal, the issue is not that students use AI. It is that higher grades and weaker foundations can coexist for a while before anyone has to ship code without the crutch.
The stack is getting tighter, and so is control over who gets to use it, regulate it, or build on top of it.
Sources
- Congress tries to freeze state AI lawmaking, apnews.com
- Guardrails, not skill, held back top hacking models, openai.com
- Cloudflare bought the team behind Vite and Vitest, blog.cloudflare.com
- Huawei plugs KV-cache quantization into vLLM, arxiv.org
- Berkeley CS grades expose the cost of AI crutches, cshe.berkeley.edu
Related reading
- DeepSeek Tests Open Model Economics; Foreign Coauthors (2026-05-23)
- VS Code Token Theft Lands; Soundbar Becomes a Keyboard; Web PKI Starts Moving; Espressif Raises the Floor; Elixir Typing Gets Real (2026-06-04)
- White House Seeks Early Model Access; Adafruit Says Flux Sent Legal Threat; Microsoft Turns Evals Into QA; Gmail AI Gets More Personal (2026-06-03)