📰

subtl daily briefing

Saturday, April 18, 2026

Good morning, founders and investors. OpenAI dropped GPT-5.5 with autonomous agentic capabilities today, and Anthropic just crossed a $1 trillion valuation — making this one of the most consequential weeks in AI history. Meanwhile, a $293M DeFi hack, a soldier charged for Polymarket insider trading, and Meta cutting 8,000 jobs to fund AI infrastructure are all reshaping the landscape. Let's get into it.

In today's briefing

1.GPT-5.5 Launches, Anthropic Hits $1T
2.Meta Cuts 8,000 Jobs to Fund AI Bet
3.Kelp DAO $293M Hack Rocks DeFi
4.Bitcoin Surges 24% Amid U.S.-Iran War
5.The 'Gen Marketer' — AI's New Growth Hire
⚡Quick hits on other news

Latest Developments

Crypto

💥Kelp DAO $293M Hack Wipes $20B in DeFi TVL and Spooks Institutions

The Rundown: A single-validator bridge exploit drained $293M from Kelp DAO on April 18, triggering ~$20B in DeFi TVL losses and prompting JPMorgan and Jefferies to warn institutions away from open DeFi.

The details:

●The Kelp DAO exploit on April 18 leveraged a single-validator bridge with no collateral concentration limits, resulting in $293M stolen and roughly $20B in broader DeFi TVL losses.
●JPMorgan and Jefferies issued warnings to institutional clients about DeFi's incompatibility with traditional risk frameworks in the hack's wake.
●The DeFi United recovery fund has filled 73,700 ETH of the 163,200 ETH gap, with a new TokenLogic proposal to contribute 25,000 ETH from Aave's treasury.
●Mizuho, Nomura, and JSCC launched a JGB tokenization proof-of-concept on Canton Network for 24/7 real-time collateral management — signaling institutions are moving toward permissioned alternatives.

Why it matters: This hack is a stress test for DeFi's institutional ambitions. The industry's response — a community-funded recovery drive and governance proposals — demonstrates resilience but also exposes the gap between DeFi's current risk architecture and what institutional capital actually requires (multi-verifier systems, published incident-response frameworks, pre-funded loss-absorption mechanisms). For founders building in Web3, the lesson is clear: if you want institutional money, you need TradFi-grade operational controls, not just TradFi-grade marketing.

📰 Source: Converge by The Defiant, The Defiant

Share𝕏 in

Crypto

₿Bitcoin Surges 24% Since U.S.-Iran War Began, ETFs Pull in $4.5B

The Rundown: Bitcoin has defied war-driven risk-off expectations, rallying 24% to above $79,000 since the U.S.-Iran conflict began, backed by $4.5B in spot ETF inflows and easing oil prices.

The details:

●Bitcoin surged above $79,000, up 24% since the U.S.-Iran war began, with 8 of the last 9 weeks showing positive spot ETF flows.
●Spot Bitcoin ETFs accumulated $4.5B in net inflows since the war started, while exchange balances hit multiyear lows — a classic supply squeeze setup.
●Crude oil retreated below $100 after peaking near $120, removing near-term stagflation pressure that was the biggest macro risk for risk assets.
●GSR launched the Crypto Core3 ETF (BESO) on Nasdaq offering BTC/ETH/SOL exposure with staking reward pass-through.

Why it matters: Bitcoin behaving as a safe-haven or at minimum a non-correlated asset during a geopolitical conflict is a significant narrative shift. For crypto-native founders and investors, $4.5B in ETF inflows during active military conflict suggests that the institutional onramp is now mature enough to provide a demand floor even in adverse conditions. The real risk to monitor is whether the conflict escalates in a way that reverses the oil retreat — if crude spikes back above $120, stagflation fears return and the risk asset rally gets complicated fast.

📰 Source: Milk Road, TLDR Crypto

Share𝕏 in

⚡

Everything else in the news today

A U.S. soldier faces 5 felony charges for using classified intel on Maduro's capture to earn $400K on Polymarket — the first-ever insider trading case involving a prediction market.→

NY AG Letitia James sued Coinbase and Gemini for operating unlicensed prediction markets, while Wisconsin separately sued Kalshi, Robinhood, and Coinbase for illegal gambling.→

Project Eleven awarded quantum cryptographer Giancarlo Lelli 1 BTC for cracking a 15-bit elliptic curve key, raising alarms about Bitcoin's post-quantum security timeline.→

Z.ai released GLM-5.1, a 754B parameter open-weights MoE model that can autonomously loop through coding tasks for up to 8 hours — priced at $1.40/$4.40 per million tokens under MIT license.→

The Bitwarden CLI npm package was briefly compromised via a malicious credential stealer targeting npm tokens, GitHub tokens, SSH keys, and cloud credentials.→

Researchers demonstrated that the Zealot AI multi-agent system can autonomously breach a GCP environment — from network recon to SSRF exploitation to BigQuery data exfiltration — without human intervention.→

DoorDash went live on Tempo for stablecoin-powered payouts across 40+ countries, joining Stripe on the same Stripe/Paradigm-incubated chain processing $10B+ annualized volume.→

Anthropic's Mythos cybersecurity model surfaced thousands of vulnerabilities across major OSes and browsers, prompting Australia to engage Anthropic over concerns it could accelerate sophisticated attacks.→

Band emerged from stealth with $17M to build a universal orchestration layer enabling AI agents across different frameworks and clouds to discover and collaborate in real time.→

AI systems now apply a 'bland tax' to generic content, filtering it out of AI-powered search results — making brand distinctiveness a literal algorithmic requirement, not just a creative preference.→

Cognition AI (maker of Devin) is in talks to raise at a $25B valuation.→

Kubernetes v1.36 shipped with 70 enhancements including fine-grained kubelet API authorization, while deprecating the vulnerable externalIPs field.→

Tokenmaxxing — employees at Meta, Microsoft, and Salesforce wastefully burning AI tokens for internal leaderboard rankings — is causing financial waste and system outages.→

A worm-like npm supply-chain attack targeting Namastex Labs packages is stealing developer credentials and self-propagating to PyPI — requiring immediate secret rotation if you use their packages.→

ChatGPT Images 2.0 is now live across all major Figma products including Design, FigJam, Slides, and Weave.→