Thursday, May 21, 2026
An OpenAI reasoning model produces an externally verified disproof of a 1946 Erdős conjecture; a GitHub employee's poisoned IDE extension exposes about 3,800 internal repos; and an essay rereads China's AI optimism as fear of falling behind.
A general-purpose model breaks a 1946 conjecture
OpenAI says an internal general-purpose reasoning model produced a proof refuting a long-standing belief about Paul Erdős’s 1946 planar unit-distance problem: how many pairs among n points in the plane can sit exactly one unit apart. The conjecture that rescaled square-grid constructions are essentially optimal falls to an infinite family of configurations that improves the best known lower bound, unchanged since 1946. (The best upper bound, Spencer–Szemerédi–Trotter, has held since 1984.)
The verification is the load-bearing part. External mathematicians checked the proof and wrote a companion paper; Fields medalist Tim Gowers calls it “a milestone in AI mathematics,” and Thomas Bloom and Arul Shankar endorse its originality. Princeton’s Will Sawin produced a forthcoming refinement that supplies an explicit exponent the original proof lacked, so humans materially extended the machine’s result.
The route is unexpected: the proof replaces the Gaussian integers in Erdős’s lower-bound construction with richer algebraic number fields, using infinite class field towers and Golod–Shafarevich theory to reach an elementary Euclidean geometry problem from algebraic number theory.
The caveats are OpenAI’s framing. This is an announcement about an unnamed internal model, and “autonomous” is OpenAI’s word; the external paper and named mathematicians supply the independent corroboration. Bloom offers a “moderated yes” on how much the result advances understanding. What separates it from AlphaProof and scaffolded provers, OpenAI says, is that the model was not specialized, scaffolded, or aimed at the problem.
A poisoned extension reaches GitHub’s own repos
Sophos X-Ops reports that a threat actor calling itself TeamPCP (tracked as UNC6780) compromised a GitHub employee’s machine through a poisoned Nx Console VS Code extension (nrwl.angular-console v18.95.0, published May 18, 2026), harvested IDE-resident tokens, and cloned about 3,800 of GitHub’s internal private repositories, later listed for sale above $50,000. GitHub says customer repositories, enterprise accounts, and user data are unaffected, that it detected the intrusion on May 19, rotated secrets, and isolated the affected endpoints, its own assertions, not independently verified here.
The novel piece is the command channel: the recovered backdoor, a Python script named cat.py, polls the GitHub Search API hourly for a keyword and runs RSA-signed commands hidden in public commit messages, turning GitHub’s own search into covert command-and-control. The entry point was the IDE extension marketplace; backdooring trusted developer tools such as Trivy and LiteLLM fits TeamPCP’s known pattern. Sophos resells GitHub’s statements alongside The Hacker News reporting and offers indicators of compromise.
Reading China’s AI optimism
An Asterisk Magazine essay argues the much-cited gap in AI sentiment is misread. Over 85% of Chinese respondents call AI net-beneficial against under 45% of Americans, per Stanford’s 2026 AI Index; the essay reads that as fear, not enthusiasm. It traces a “last bus” mentality, the anthropologist Xiang Biao’s term, to the 1990s xiagang layoffs that erased more than 24 million state-sector jobs, arguing citizens chase each wave (market reform, English, mobile internet, now AI) to avoid being left behind. The methodological point: binary survey instruments cannot separate genuine benefit from a belief that AI is inevitable. It pushes back on the “Star Trek versus Black Mirror” split between Chinese and Western attitudes.
What to watch today
- Sawin’s forthcoming refinement, which attaches the explicit exponent the original OpenAI proof omitted.
- Peer review of the external companion paper, the real test of OpenAI’s “autonomous” claim.
- Any GitHub statement extending the breach scope beyond the customer and enterprise data it says were untouched.
- Other orgs hunting the cat.py backdoor (path ~/.local/share/kitty/cat.py) and the malicious Nx Console build.