Seven months ago, mathematician Thomas Bloom called OpenAI’s last Erdős claim “a dramatic misrepresentation.” Yesterday he signed his name to OpenAI’s new one, alongside Princeton’s Noga Alon and Harvard’s Melanie Wood, verifying that a general-purpose model (not a math specialist) cracked a problem Paul Erdős posed in 1946.
It’s the first time AI has contributed original research-level math on a named open conjecture, less than 12 months after frontier models were merely hitting IMO gold. The signatures are what flipped this from “OpenAI made a video again” to attention.
In today’s indie hacker news:
- 🧠 An OpenAI model disproves an 80-year-old Erdős conjecture
- 🪤 A poisoned Nx Console extension grabs 3,800 GitHub repos in 11 minutes
- 🤖 Qwen3.7-Max runs 35 hours of agentic chip-kernel work, stays closed-weights
- 🔗 Google makes no-link search the global default for a billion people
- 💰 OpenAI files its confidential S-1 as soon as Friday at $1T
TOP STORIES
ERDŐS BROKEN
The story: OpenAI’s official post on May 20 lays out the proof: an internal reasoning model produced a polynomial separation on Erdős’s planar unit distance problem, the question of how many pairs of points can sit exactly one unit apart in the plane. Three mathematicians attached signed companion remarks confirming it: Noga Alon (Princeton combinatorialist), Melanie Wood (Harvard), and Thomas Bloom, who maintains the Erdős Problems site. The result lands ten months after frontier models reached IMO-gold performance and is described by OpenAI as the first time AI has autonomously solved a prominent open problem central to a field of mathematics.
The details:
- Noam Brown on X: “This is a general-purpose LLM. It wasn’t targeted at this problem or even at mathematics”
- OpenAI won’t name the model publicly. It’s described only as “an internal general-purpose reasoning model,” not an AlphaProof-style math specialist, no Lean integration, no math-only RL run
- The construction comes from algebraic number theory, extending Gaussian integers into algebraic number fields, which is a route nobody had pointed at this problem before. Old conjecture said n^(1+o(1)) was the ceiling; the model built configurations giving n^(1+δ) for fixed δ > 0
- The HN thread hit 835 points and 629 comments in under a day. Top critique from working mathematicians: finding a construction is fundamentally search, not theory, so this is closer to a brilliant exhaustive engineer than a Fields medal
- Sam Altman, posting alongside the result: “I’m very excited for AI to greatly extend our understanding of the world, but still, I have complicated feelings today”
Why builders care: If your roadmap parks problems with “no closed form exists” or “conjecturally tight,” the price of testing that assumption just dropped to one long-thinking run. Search-shaped problems (counterexamples, novel constructions, weird constraint solving) are where these models bite hardest. Not Lean-proof-into-CI math, but the “wait, that actually works” answer you used to hire a postdoc to find.
Work from any WiFi like it's your home network. NordVPN's Meshnet runs a free private mesh between your laptop, dev box, and home server. SSH from a café without exposing a port, the way you'd use Tailscale. The paid VPN on top lets you test geo-fenced Stripe checkouts or feature flags from any country.
We get a cut if you sign up. Only added for tools we use ourselves.
11 MINUTES OF MARKETPLACE
🪤 GitHub confirms 3,800 internal repos walked out of a poisoned Nx Console VSCode extension
The story: Nx Console (nrwl.angular-console, 2.2M+ installs) shipped a poisoned v18.95.0 to the VS Code Marketplace at 12:36 UTC on May 18 and was pulled at 12:47, an 11-minute window. The injector was 2,777 bytes, pulled down a 498 KB obfuscated payload, and went hunting for ghp_/gho_/ghs_ GitHub tokens, npm OIDC, AWS keys, HashiCorp Vault, Kubernetes service accounts, 1Password vault items, SSH keys, and ~/.claude/settings.json. GitHub confirmed May 20 that the payload landed on an employee machine and exfiltrated roughly 3,800 internal repositories. TeamPCP (Google tracks them as UNC6780) listed the stolen source on cybercrime forums for $50,000+.
The details:
- Attack chain started months earlier with a contributor’s GitHub token stolen in the TanStack supply-chain compromise. That token pushed an unsigned orphan commit to nrwl/nx, then the poisoned VSIX rode auto-update straight into 2.2M editors
- Persistence backdoor lives at ~/.local/share/kitty/cat.py and uses the GitHub Search API as a dead-drop, with 4096-bit RSA signature verification on its command queue
- Microsoft’s official telemetry says 28 installs. StepSecurity’s instrumentation says 6,000+. The Open VSX mirror was untouched
- First known credential stealer with Claude Code in its collector class. The GitHub issue asking for VSCode extension sandboxing has been open since 2018
- Cleanup commands if you opened any workspace in that 11-minute window: pkill -f __DAEMONIZED, pkill -f “kitty-”, delete ~/.local/share/kitty/cat.py and ~/Library/LaunchAgents/com.user.kitty-monitor.plist, audit /etc/sudoers.d/ for new passwordless entries, then burn every secret the box could reach
Why builders care: The extension trust model is broken, and your IDE is now the highest-value endpoint in the company. Pin Nx Console to v18.100.0+, turn off auto-update for anything touching production credentials, and bake in a 48-hour minimum-age policy before any extension update hits a developer machine. The next window won’t be friendlier.
35 HOURS, NO HUMAN
🤖 Qwen3.7-Max ran 1,158 autonomous tool calls for 35 hours on chip kernels and stayed closed-weights
The story: Alibaba SVP Liu Weiguang unveiled Qwen3.7-Max at the Cloud Summit in Hangzhou on May 20, positioning it as a foundation model for AI agents. The headline demo: 35 hours of unbroken autonomy with 1,158 tool calls, optimizing Triton kernels for Alibaba’s Pingtouge Zhenwu M890 chip and hitting a 10.0x geometric-mean speedup. GLM 5.1 came second on the same benchmark at 7.3x, Kimi K2.6 at 5.0x, DeepSeek V4 Pro at 3.3x. Liu’s framing: “What we’re building is China’s AI factory”, and Max stays closed-weights through Alibaba Cloud DashScope only.
The details:
- GPQA Diamond 92.4 and HLE 41.4 edge Opus 4.6 (91.3 and 40.0). No public Opus 4.7 comparison and no SWE-bench Verified number, which is the one that predicts coding-agent reliability
- $0.78 per million input tokens, $3.90 output, 1M context window. That’s roughly 19x cheaper than Opus 4.7’s $15/$75, with caveats below
- Best-in-class hallucination rate on AA-Omniscience, ahead of Opus 4.7 and Gemini 3.1, which is why the HN post hit 636 points and 253 comments in 17 hours
- Artificial Analysis flagged 3.7x more verbose than the model average, so the headline price advantage erodes if your workload is output-heavy
- Two-tier Qwen strategy is now explicit: Max stays closed-weights for monetization, Plus/mid-tier ships Apache 2.0 to keep the community on the hook. First real test of whether the open-source crowd still cheers Qwen when the flagship is API-only
Why builders care: Long-horizon tool-calling and high-context retrieval are exactly where Qwen3.7-Max is worth wiring up as a fallback this week via OpenRouter or DashScope. Run an A/B against your Claude or GPT-5 spend on the workloads where latency tolerance and verbosity don’t kill the math. Interactive Claude Code or Cursor sessions stay on Opus 4.7 until that SWE-bench Verified number lands.
NO LINK ECONOMY
🔗 Google made AI Mode global default at I/O 2026, 1B monthly users, publishers down 60%
The story: At I/O 2026 on May 19 Google made AI Mode (conversational, no-blue-links) the global default and upgraded it to Gemini 3.5 Flash. AI Mode passed 1B monthly users twelve months after launch; AI Overviews now sit on top of every result for 2.5B. Jürgen Geuter (tante), the CS-and-philosophy researcher who advises the Bundestag, ran the morning-after post calling it “a literal revolution but one against the participatory web.” Press Gazette’s reporting on Chartbeat data puts small-publisher Google referrals down 60% in 2025, medium down 47%, large down 22%.
The details:
- The search box itself was redesigned for the first time in 25+ years. It expands for long prompts, accepts files/videos/Chrome tabs, and routes into an agentic monitoring layer
- Pew Research: when an AI Overview appears, click-through on traditional links drops from 15% to 8%. Chatbot referrals (ChatGPT, Perplexity, Gemini) sit at under 1% of pageviews and are not backfilling the loss
- Penske Media (Rolling Stone, Variety, Billboard) filed a 101-page antitrust complaint in September 2025 alleging cannibalization. It’s the live test case
- Cloudflare Pay Per Crawl returns HTTP 402 to AI bots. Stack Overflow’s pilot shows 32% drop in unauthorized crawls and 27% revenue lift from licensing
- HN thread hit 399 points and 274 comments, skewed toward agreement with tante’s framing
Why builders care: If your funnel still reads “rank for X, get traffic, convert,” reprice the funnel this quarter. Three moves builders are testing right now: own direct distribution (newsletter, Telegram, Discord, podcast) so Google can’t summarize you out of the loop, charge AI crawlers via Pay Per Crawl, and write for the citation slot with structured data and named-entity density. AI Mode either cites you or you’re invisible.
IPO ON FRIDAY, MUSK ON MONDAY
💰 OpenAI is preparing to confidentially file its S-1 IPO prospectus as soon as Friday at up to $1T
The story: CNBC reported May 20 that OpenAI is preparing to confidentially file an S-1 with the SEC as soon as Friday, May 22, with Goldman Sachs and Morgan Stanley leading. The target is up to $1T against the $852B March mark, with fall 2026 listing and September floated as the earliest debut. The path opened May 18 when a federal jury dismissed Musk v. Altman on statute-of-limitations grounds, killing the last live legal threat to the for-profit conversion. April’s Microsoft renegotiation capped the revenue share at $38B, removed the AGI clause, and ended Azure exclusivity, which were all the structural blockers an auditor would have flagged on an S-1.
The details:
- Above $30B annualized revenue (April 2026), more than $2B/month, against $14B projected losses in 2026 with profitability not modeled until ~2030
- HSBC estimates $207B+ in additional funding needed by 2030 to fund Stargate and compute. IPO plus secondary raises are the only realistic source
- Cap table after the October 2025 PBC conversion: OpenAI Foundation kept ~26% and governance oversight, Microsoft holds ~27%, the rest split between employees, SoftBank, Thrive, MGX, Nvidia, Amazon
- Anthropic is talking to investors at $900B on a $50B raise, targeting an October listing of its own. SpaceX (now including xAI after the February all-stock merger) wants $75B in gross proceeds. Three frontier-lab listings inside one quarter
- Standard 90-180 day lockup expected, but existing tender offers at $852B already cleared most staff overhang, so day-one selling pressure should be lighter than a typical mega-IPO
Why builders care: Two things to plan around. One, $175B+ of fresh AI capital lands in Q3/Q4 2026 between OpenAI, Anthropic, and xAI, so any wedge that competes head-on with a frontier lab gets squeezed by year-end. Pivot up (agents, vertical apps, distribution) or down (inference, hardware, evals) where giants deploy capital badly. Two, the S-1 forces OpenAI to disclose per-token unit economics, and with Microsoft no longer eating the Azure margin, expect API pricing volatility on every model line before the listing prices.
TRENDING TODAY
🔌 obra/superpowers crossed 200k stars on agentic skills - Jesse Vincent’s community framework hit v5.1.0 on May 4 with the brainstorm → design → plan → implement loop now wired through Claude Code’s skill hooks. It rides the same wave that Anthropic’s first-party plugins repo dropped this week (see Stack of the Day). Roughly 127+ plugins counting third-party marketplaces like wshobson/agents. Skills are the way the Claude Code crowd is shipping shared workflow now.
💵 TrustMRR turned first-dollar moments into a public flex - Marc Lou’s verified-MRR project (Stripe read-only API keys, no PII) is amplifying every founder posting numbers, from a $22/mo first paying user to $300k+ MRR teardowns. Stan tops the leaderboard at $3.57M MRR. @trust_mrr auto-retweets fresh wins the second Stripe registers a charge, making the leaderboard the new “I launched on Product Hunt” without the launch campaign. Builder transparency caught up to builder culture.
📉 Intuit cut 3,000 to “refocus on AI” - About 17% of an 18,200-person workforce, announced May 20 by CEO Sasan Goodarzi, with severance at 16 weeks base + 2 weeks per year of tenure and exits July 31. Reno and Woodland Hills offices closing. Multi-year deals with Anthropic and OpenAI to embed Claude and ChatGPT in TurboTax and QuickBooks plus put Intuit tools inside Claude and ChatGPT. AI is now the explicit headcount story, not the polite footer.
DRAMA
TECH WORKERS TRY UNIONS, AGAIN
🪧 “What is a demand coop and why tech workers should join one”
cahootz cooperatives published the post arguing tech workers should organize via demand co-ops, not traditional unions. The HN thread hit 40 points and 42 comments in 2.7 hours with comments outnumbering upvotes, the classic “controversial framing” signature. The thread split roughly evenly between “every layoff cycle says the same thing” and “ok but Intuit just cut 3,000 today.” Read it alongside the Intuit story above and the math sharpens.
Why builders care: The “AI cuts” framing is going to keep producing layoff posts, and the union conversation is going to keep coming with it. Your team’s a co-op of one. Worth knowing what your engineers are reading on the days the cuts hit your timeline.
FIRST DOLLAR
SILENT EXITS, ZERO ROWS
💵 64 users, $200/mo, and the silent-success bug that almost killed retention
Boon published the 3-month post-mortem on Vinted Turbo Scraper, his Apify actor that turns a Vinted search URL into JSON listings. 64 lifetime users, 13 MAUs, $200/mo after Apify’s 20% cut, 92% success rate. The lesson that earned the writeup: when the actor exited with code 0 but returned zero data, users saw a green check, opened an empty dataset, and never came back. Fix was to fail loud (assert minimum row counts, surface actionable errors) instead of pretending the run worked. “Audire” also crossed its first $22/mo the same day, single subscriber, payment-processor-attested via TrustMRR.
STACK OF THE DAY
🔌 anthropics/claude-plugins-official - The first-party Claude Code plugins registry from Anthropic, MIT-licensed, 20.9k stars and 55+ vetted entries. Split into /plugins (Anthropic-built) and /external_plugins (vetted third-party from Supabase, Firebase, Discord, Telegram). Install via /plugin install {name}@claude-plugins-official or browse with /plugin > Discover. Free, open source, and the marketplace your team is about to start arguing about.
Not sponsored. We just feature tools builders would actually use.
BOOKMARKED TODAY
👋 Saying goodbye to asm.js - SpiderMonkey is removing asm.js after 13 years. A quiet end to one of the strangest browser-JIT optimization stories, and a clear signal that WebAssembly fully owns the slot now.
🐬 Flipper One tech specs are live - Linux-capable hardware hacking platform with an RK3566 SoC, RTL-SDR-grade RF, Wi-Fi/BT, optional 4G. The Flipper Zero’s grown-up sibling, with the kind of spec sheet that lands on every red-teamer’s wishlist.
🕷️ Google’s quiet war on AI Overview manipulators - BBC Future on the cat-and-mouse between SEO spammers and AI Overviews, including a May 15 spam-policy update specifically targeting Overview manipulation. Required reading if you’re shipping anything that crawls or summarizes the open web.