Daily Briefing — May 20, 2026

Google just dropped Gemini 3.5 Flash, and the headline claim is that it can pump out nearly 300 tokens per second while matching the benchmark scores of much larger, much slower frontier models. The previous Pro model runs at roughly a quarter of that speed, so this is a real jump, not a minor tweak.

Speed matters here mostly because of agents. Every major lab has been trying to build AI agents that can handle long, complex tasks autonomously, but the economics have been brutal. The more steps an agent takes, the more tokens it burns, and the costs spiral fast enough to make most real world use cases hard to justify. Flash is positioned as the model that might finally tip that equation.

Google is also threading this through a wide range of its own products, so your daily workflow tools are about to start feeling different whether you opted in or not. Tulsee Doshi from the Gemini team framed this as the beginning of a longer rollout, so consider what launched today as the floor.

Step back and the broader picture is that the whole industry is racing toward efficiency as much as raw capability. Faster and cheaper at the same quality level is what unlocks widespread enterprise adoption, and Google just made a credible case that it is getting there.

Demis Hassabis went on record at Google I/O to say that the whole "AI is going to wipe out software developers" narrative is, essentially, made up. His take is that if your engineers are suddenly three or four times more productive, a company with ambition does not fire two thirds of them. It finds three or four times more things to build. Gemini 2.5 Flash can now translate entire codebases, hunt down deep bugs, and write operating systems from scratch, and Hassabis still thinks that is a reason to hire more people, not fewer.

He also took a jab at the doom messaging coming from other AI executives, suggesting it might not be entirely neutral. The phrase "raising money or whatever" is doing a lot of work in that quote. When people building the most capable AI tools are calling out fear narratives as potentially self serving, it is worth asking how much signal is in those headlines to begin with.

The reality on the ground is messier. Amazon, Salesforce, and Block have already credited AI when explaining layoffs, so "we will just do more stuff" is a vision, not a universal policy. Whether your company operates like Google DeepMind or like a cost centre trying to hit a quarterly number makes all the difference in how this plays out for you personally.

America's own cybersecurity agency, the one literally tasked with keeping the country's digital infrastructure from falling apart, had plaintext passwords, SSH private keys, and tokens sitting in a public GitHub repository for months. The repo was named "Private-CISA," which would be funny if it weren't so bad. A researcher at GitGuardian spotted it through routine public code scans and independently verified that the credentials were real and working. Another security researcher actually logged into multiple AWS GovCloud accounts at high privilege levels using what he found there. So this was not a theoretical risk. Someone could have walked right in.

GitHub's built-in protections against accidentally committing secrets were deliberately turned off by whoever managed the repo. Someone made an active choice to disable a safeguard, and then went ahead and stored sensitive credentials in a public space anyway.

Nightwing, the Virginia contractor that appears to have managed the repo, has not said a word publicly and has just been pointing reporters back toward CISA. Anyone who has watched vendors handle an incident badly will recognize the playbook.

If the agency responsible for national cybersecurity can get this wrong at this scale, the bar for "this won't happen to us" just got a lot lower for everyone else.