HeadFlash

AI

Super Apps, Token Wars & AI Security Alerts

OpenAI launches ChatGPT Work with GPT-5.6, DeepSeek V4 dominates OpenRouter, Meta enters coding fray, China warns on Claude Code.

Listen

OpenAI Unveils ChatGPT Work and GPT-5.6 as Rivalry with Anthropic Heats Up

OpenAI showcased ChatGPT Work on July 9, a new AI agent that combines its chatbot with Codex to create documents, presentations, and websites. The service is powered by GPT-5.6, OpenAI’s most advanced model, which also debuted that day after a delay in June requested by the US government over national security fears. ChatGPT Work directly competes with Anthropic’s Claude Cowork, an agent launched in January that autonomously plans and executes multi-step tasks. Both companies are eyeing public offerings and fighting for enterprise business, with OpenAI promising cheaper and more broadly available products. OpenAI launched three sizes of GPT-5.6, and product manager Ty Geri said the model is competitive with far more expensive rivals at twice the speed and much lower cost. Analyst Max Weinbach noted that the smallest version completes tasks as well as the largest but at one-fifth the cost, calling it a first. ChatGPT Work rolled out on web and mobile starting with Pro, Enterprise, and Edu users, expanding to Plus and Business users over subsequent days. OpenAI also announced a new ChatGPT desktop app and a hosted websites feature to let users build and share websites directly through ChatGPT Work.

OpenAI unveils long-awaited “super app” as rivalry with Anthropic intensifies →

DeepSeek V4 Captures Agentic Token Share, Surpasses US Models on OpenRouter

DeepSeek released its V4 flagship models on April 24, and since then its token share on OpenRouter has roughly doubled, reaching nearly 20% by early June and making it the top model on the platform since mid-May. The surge is driven by agentic workloads: V4 Flash, priced at $0.09 per million input tokens and $0.18 per million output, offers a cost-effectiveness-to-output-quality ratio that the blog calls best in class, compared to GPT-5.5 at $5 and $30 respectively. Hobbyists now route nearly a third of their tokens to DeepSeek, and usage from AI-native companies and large organizations has also risen sharply. V4 is the first DeepSeek model sufficient for agentic work; by end of May, V4-Flash comprised 70% of agentic token flow for DeepSeek. The data, covering over 450 trillion tokens from January 1 to June 14, 2026, shows Chinese models surpassed American models in token share as of early June, led by DeepSeek. OpenRouter segments traffic into agentic, mixed, and human categories, and agentic usage now burns about 15 times more tokens per request. The report notes that startups and tech giants are mixing and matching models to avoid premium prices, as cited in a Wall Street Journal story.

DeepSeek V4 Is Earning Agentic Token Share — OpenRouter Blog →

Meta Launches Muse Spark 1.1, Enters AI Coding Battle with Low Pricing

Meta publicly released Muse Spark 1.1 on Thursday, a multimodal AI model for agentic coding that competes with OpenAI’s GPT-5.6 and Anthropic’s Claude Haiku 4.5. The model can handle multistep reasoning, complex processes, digital workflows, and enterprise system deployments. Meta prices it at $1.25 per million input tokens and $4.25 per million output tokens, slightly above Anthropic’s Haiku 4.5 and OpenAI’s GPT-5.6 Luna according to Reuters. The company touts Spark’s ability to handle large agentic workloads, fix bugs, and assist with large code migrations. CEO Mark Zuckerberg posted on X for the first time in three years to promote the release, calling Spark a strong agentic and coding model at a very low price and hinting at more to come soon.

Meta enters the crowded AI coding battle with Muse Spark 1.1 →

China Warns of Backdoor in Claude Code; Anthropic Says It Was Distillation Experiment

China’s National Vulnerability Database, operated by the Ministry of Industry and Information Technology, warned that Claude Code versions 2.1.91 to 2.1.196 contain a built-in monitoring mechanism capable of transmitting sensitive information, including geographic location and identity-related identifiers, to remote servers. The database urged organizations to uninstall affected versions or upgrade to a newer release where the alleged backdoor was removed, and to tighten external network access for development tools. Anthropic disputed the characterization, stating the code was an experiment earlier in 2026 to protect against model distillation, a process where outputs from a large AI model train another model. The company noted Claude is not permitted for use in China, and its policy prohibits use by entities majority-owned by China-headquartered organizations. The warning follows Anthropic’s accusation last month that Alibaba attempted to extract its AI capabilities; Alibaba did not comment and ordered employees to stop using Anthropic tools for work starting July 10.

China Warns of Claude Code ‘Backdoor’ Security Risk →

Researchers Warn AI Agents Can Be Turned Into Botnets via Hallucination Exploit

Researchers from Tel Aviv University, Technion, and Intuit developed an attack called Adversarial HalluSquatting that exploits AI-generated hallucinations to trick agents into trusting fake repositories or tools with malicious instructions. The technique involves predicting which fake resources AI models are likely to create, registering those names, and adding malicious content. If an agent retrieves the hallucinated resource, it may treat the attacker-controlled content as legitimate. In testing, hallucination rates reached as high as 85% in repository cloning scenarios and 100% in skill installation tests. The team evaluated the attack against AI coding assistants including Cursor, GitHub Copilot, Gemini CLI, and OpenClaw, showing potential for remote code execution in controlled experiments. The researchers warn that as AI assistants gain abilities to access files, search the web, write code, and run commands, these capabilities create security gaps when agents act without confirming source legitimacy. HalluSquatting is similar to typosquatting but targets mistakes made by AI models instead of humans. The technique could enable AI-powered botnets used in denial-of-service attacks, cryptocurrency mining, malware distribution, and ransomware campaigns.

AI Agents Could Be Turned Into Botnets Through Hallucinations, Researchers Warn →