U.S. Senate votes 49-44 to advance Trump nominee Kevin Warsh to the Fed Board of Governors.

TanStack, one of the most widely used open-source JavaScript libraries in the world, just disclosed a supply-chain attack. 42 TanStack npm packages were compromised earlier today. 84 malicious versions were published in a 10-minute window. The payload exfiltrates AWS credentials, Google Cloud credentials, Kubernetes secrets, Vault tokens, GitHub tokens, npm authentication tokens, and SSH keys. Anyone who installed a TanStack package during the 10-minute window between 19:20 and 19:30 UTC should treat the host machine as compromised and rotate all credentials immediately. TanStack packages are dependencies in millions of projects. React Query alone has over 10 million weekly npm downloads. This is not a niche library. It is infrastructure that sits inside applications at companies of every size. The malicious code was smuggled in through a git-resolved optional dependency whose install script runs a 2.3 MB payload hidden at the package root. npm's unpublish policy is blocking removal of most affected packages because third-party projects depend on them. All 84 versions are being deprecated and npm security is working to pull the tarballs at the registry level. Supply-chain attacks on open-source software are no longer theoretical. The dependencies that modern applications are built on are maintained by small teams, distributed through centralized package registries, and automatically installed by build systems that most developers never audit. One compromised publish token and 10 minutes is all it takes.

OpenAI just published its own version of the Anthropic warning that rattled the secondary market. "Any attempted transfer that does not follow this requirement is void." OpenAI says all of its equity is subject to transfer restrictions. No shares can be directly or indirectly transferred without the company's written consent. Any sale made without that consent is not just unauthorized. It is void. The company says it is aware of firms marketing exposure to OpenAI through direct equity sales, SPVs, tokenized interests in OpenAI equity, and forward contracts. None of it is endorsed or recognized by OpenAI. "It is possible that the firm offering to sell or facilitate the sale of OpenAI equity is attempting to circumvent our transfer restrictions. If so, the sale will not be recognized and carry no economic value to you." No economic value. Not reduced value. No value. OpenAI says it "intends to vigorously enforce" its transfer restrictions and is asking anyone contacted by these firms to report them directly to corporate legal. This is now both of the two most valuable private AI companies in the world telling the secondary market the same thing: if we did not approve the transaction, you own nothing. The billions of dollars trading hands on secondary platforms for exposure to these companies may be worth exactly zero if they decide to enforce.

OpenAI is giving the EU access to its most powerful cybersecurity AI model. Anthropic is not. OpenAI announced today it will grant EU partners, including governments, businesses, and EU institutions, access to GPT-5.5-Cyber, a model built specifically for cyber defense. George Osborne, OpenAI's Head of Countries, said advanced AI-powered defense tools should be accessible to Europe's broader community of defenders, not just a select few. The EU Commission welcomed the move. Spokesperson Thomas Regnier confirmed further discussions this week and said access "will allow us to follow deployment of the model very closely and address security concerns." Anthropic has not made the same offer. The EU has held four or five meetings with Anthropic about access to Claude Mythos, a competing cybersecurity model launched last month that Anthropic says can outperform human researchers at finding software vulnerabilities. But the Commission says those discussions are "not yet at the same stage as the solution we have on the table from OpenAI."

Hayek knew. Money has to leave government control.

"China told refiners to ignore US sanctions on Iranian oil. Then told banks to pause loans to sanctioned refiners. Talking out of both sides of their mouth." @JOHN ARNOLD on the signals coming out of Beijing ahead of the Trump-Xi meeting.

"In either direction you get to the same conclusion: number of dollars will always go up. It always comes back to Bitcoin. The one asset in the world that has no conceivable supply response." @JOHN ARNOLD on why all roads lead to Bitcoin regardless of who's right on AI.

"It was either going to be the fall of Rome, or something very aggressive like this. There was never going to be a set of carefully considered white papers. That was just never going to happen." @JOHN ARNOLD on US re-industrialization.

Texas Attorney General Ken Paxton is suing Netflix for illegally collecting user data without consent, including data from children. The lawsuit accuses Netflix of tracking and logging user activity, designing its platform to be addictive, and failing to get proper consent for data collection. It seeks to stop the unlawful data practices, require Netflix to disable autoplay by default on kids' profiles, and impose civil penalties.

"All roads converge on this. Bitcoin is the one asset in the world with no conceivable supply response. Whether the AGI thesis is right or wrong, the dollar supply expands." -@JOHN ARNOLD We discuss: ⚡ Three vertical charts ⚡ The Trump-Xi setup ⚡ All roads lead to Bitcoin

Wake up informed. The Bitcoin Brief covers what happened overnight and what matters today. Free. Subscribe:

TFTC – Truth for the Commoner

Subscribe to Bitcoin Brief

Subscribe to Bitcoin Brief

Anthropic just published a support page that should terrify anyone holding its shares on the secondary market. "Any sale or transfer of Anthropic stock, or any interest in Anthropic stock, that has not been approved by our Board of Directors is void and will not be recognized on our books and records." Void. Not restricted. Not pending review. Void. That means if you bought Anthropic shares through Forge, Hiive, or any other secondary platform without board approval, you are not a stockholder. You have no stockholder rights. Your transaction is invalid. It gets worse. Anthropic says it does not permit SPVs to hold its stock. Any transfer to an SPV is void. Investment funds claiming to offer indirect exposure are "most likely relying on mechanisms that attempt to circumvent our transfer restrictions." Forward contracts, tokenized securities, synthetic exposure products, all of it potentially worthless. Their advice to investors: "Assume that it is invalid." There is a multi-billion dollar secondary market in Anthropic shares right now. Platforms are pricing the stock at $265-$1,400+ per share based on a $380 billion valuation. Real people have put real money into these positions. And Anthropic just told them none of it counts. This is the purest possible illustration of counterparty risk. You can buy a share of a company and have the company itself declare your ownership void because you bought it through the wrong channel.

"Using your biometrics as an identifier is not good. See China. Americans do not want to live in that world. It results in a society where people are fundamentally less free." (GeraldGlickman) on why biometrics should stay on your device, not in a corporate database or an orb.

Today, May 11, 2026, the statute of limitations expires for indicting Anthony Fauci for lying under oath about gain-of-function research. On May 11, 2021, Fauci testified before the Senate that the NIH "categorically" did not fund gain-of-function research involving bat coronaviruses in Wuhan. Senator Rand Paul filed a criminal referral to the DOJ, re-referred it in July 2025, and spent the last week publicly counting down the days until today's deadline. The federal statute of limitations for making false statements to Congress is five years. That clock runs out today. The DOJ under the Biden administration took no action on the referral. The DOJ under the Trump administration, despite having months to act, has not indicted either. Since Fauci's testimony, internal NIH documents and emails have shown that the agency was aware the research it funded at the Wuhan Institute of Virology met the definition of gain-of-function under its own policies. A House select subcommittee concluded that the pandemic was "most likely the result of a research-related incident" in Wuhan. Fauci himself acknowledged in closed-door testimony that the lab leak hypothesis was not a conspiracy theory. None of it mattered. Five years of evidence, congressional hearings, criminal referrals, and public pressure, and the clock simply ran out. No charges. No indictment. No accountability. (SenRandPaul) posted today: "Today, the statute of limitations expires on the possibility of indicting Anthony Fauci for denying under oath that he funded gain-of-function research involving bat coronaviruses in Wuhan, the origin city of the pandemic."

Square just launched a drive-thru product for quick-service restaurants. Square supports Bitcoin payments via the Lightning Network across its entire POS platform, which means any drive-thru running this system can accept bitcoin at the window. There are over 200,000 quick-service restaurant locations in the United States. Operators enable Bitcoin in the Square Dashboard. Customers scan a QR code with a Lightning wallet. Payment settles in seconds. Merchants can receive funds in BTC or auto-convert to USD.

Age verification is the Trojan horse for centralized digital ID. "You don't have to identify yourself when you walk into Walmart. But if you go to walmart dot com, you're being identified behind the scenes." - (GeraldGlickman)

The American Bankers Association just sent a letter to bank CEOs across the country calling for "immediate engagement" on stablecoin yield policy. The banking lobby's top priority right now is making sure Congress blocks stablecoins from paying interest to holders. The letter went out ahead of Thursday's Senate Banking Committee markup of the CLARITY Act, a landmark crypto market structure bill. ABA president Rob Nichols wrote: "We believe committee members may not be fully aware of the risks to the economy by the stablecoin loophole." He urged bank executives and their employees to contact senators immediately. A coalition of banking trade groups, including the ABA, Bank Policy Institute, Consumer Bankers Association, Financial Services Forum, Independent Community Bankers of America, and National Bankers Association, sent a joint letter to Chairman Tim Scott and Ranking Member Elizabeth Warren arguing that yield-bearing stablecoins would cause "deposit flight" and could "reduce consumer, small business, and agricultural lending by one-fifth or more." The average savings account in the United States pays 0.38% interest according to the FDIC. Stablecoin yields on major platforms currently range from 4% to 8%. The banking industry is not asking Congress to raise the rates they pay depositors to compete. They are asking Congress to make it illegal for anyone else to offer a better deal. The White House Council of Economic Advisers released an analysis in April suggesting stablecoin adoption would not damage the banking system. The ABA responded with its own study arguing the administration was "analyzing the wrong scenario" and that if stablecoins were allowed to pay yield, the market could scale from roughly $300 billion today to $2 trillion, putting significant pressure on bank funding. Senator Bernie Moreno responded to the lobbying push by posting: "The banking cartel is in full panic mode." This is not a debate about financial stability. Banks are not warning that the system will break. They are warning that customers will leave. The banking industry has operated for decades in an environment where most Americans had no realistic alternative to a savings account paying a fraction of a percent. Stablecoins represent the first credible threat to that arrangement, and the response is not to compete on rates but to lobby Congress to eliminate the competition.

"We don't want a digital identity. We want to digitize identity. That starts with individual control, not corporate control and walled gardens." (GeraldGlickman) on why cryptography, not biometrics, should be the foundation. The tools exist. The window is open.

NHS England just granted Palantir contractors "unlimited access" to identifiable patient data. The access applies to the National Data Integration Tenant, a component of the NHS Federated Data Platform that holds patient records before they have been pseudonymized. Names, conditions, treatment histories. All identifiable. All accessible. An internal NHS briefing obtained by the Financial Times acknowledged that the change creates a "risk of loss of public confidence" in safeguarding patient data. The briefing also noted that being sure "exactly who is accessing what patient-identifiable data at any one time" becomes harder the more people have unrestricted access. The access was originally intended only for NHS England employees with security clearance. External contractors requested the same permissions because applying for individual data access was "too inconvenient." Palantir won the £330 million contract to build the Federated Data Platform in 2023. The company's involvement with NHS data began during COVID in 2020 when it offered its Foundry software for £1 to help with pandemic logistics. That initial engagement turned into a £23 million deal, then a £330 million contract. Fewer than a quarter of England's 215 hospital trusts are actively using the platform. The British Medical Association has passed a resolution opposing the rollout. Amnesty International UK has urged NHS England to terminate the contract. Some NHS staff have refused to work on the platform over ethical concerns about Palantir's ties to US defense and immigration enforcement. The same company that builds surveillance tools for the CIA, the Pentagon, and ICE now has unlimited access to the medical records of British citizens because the proper access controls were too inconvenient to use.

Local AI on a laptop is improving more than twice as fast as Moore's Law. The most expensive MacBook Pro you could buy in May 2024 had 128 GB of unified memory. Two years later, the hardware is identical. But the smartest open-weight model you can run on it went from a score of 10 to 47 on the AI Intelligence Index. A 4.7x improvement in 24 months on completely unchanged hardware. Moore's Law doubles transistor count every 24 months. Local open-weight AI is doubling capability every 10.7 months. The hardware ceiling barely moved. The software blew through it.