📰

subtl daily briefing

Monday, April 20, 2026

Good morning. It's a big day in AI: OpenAI dropped GPT-5.5 with full agentic capabilities, Anthropic quietly crossed a $1 trillion valuation, and Meta is cutting 8,000 jobs to fund the AI arms race. Meanwhile, a $293M DeFi hack and a soldier trading on classified intel are reminding everyone that the new financial frontier still has sharp edges.

In today's briefing

1.GPT-5.5 Launches With Agentic Superpowers
2.Anthropic Hits $1 Trillion Valuation
3.Meta Cuts 8,000 Jobs to Fund AI
4.Kelp DAO $293M Hack Rocks DeFi
5.AI Is Creating a New Kind of Marketer
⚡Quick hits on other news

Latest Developments

Crypto

🔓A $293M DeFi Hack Just Gave Wall Street an Excuse to Stay Out

The Rundown: The Kelp DAO bridge exploit drained $293M and triggered ~$20B in DeFi TVL losses, prompting JPMorgan and Jefferies to warn institutions away from open DeFi and sparking a community recovery fund that has so far filled less than half the gap.

The details:

●The Kelp DAO hack exploited a single-validator bridge with no collateral concentration limits, causing ~$20B in DeFi TVL losses and prompting JPMorgan and Jefferies to formally warn institutions against open DeFi integration
●The DeFi United recovery fund has raised 73,700 ETH of the 163,200 ETH hole, with a TokenLogic proposal to contribute 25,000 ETH from Aave's treasury still pending
●Mizuho, Nomura, and JSCC responded by launching a JGB tokenization proof-of-concept on the permissioned Canton Network for 24/7 real-time collateral management — signaling institutional preference for controlled alternatives
●DoorDash went live on Tempo for stablecoin-powered payouts across 40+ countries in the same week, showing enterprise adoption continuing despite the hack

Why it matters: Every major DeFi exploit is a gift to the permissioned blockchain lobby, and this one handed JPMorgan and Jefferies a ready-made institutional talking point. The real fork in the road is now visible: open DeFi needs to adopt TradFi-style operational controls (multi-verifier requirements, incident-response frameworks, loss-absorption waterfalls) or watch institutional capital route permanently to Canton-style private networks. For builders in the space, the Tempo/DoorDash story shows the stablecoin payment rails are real and growing — the risk management layer is what needs to catch up.

📰 Source: Converge by The Defiant, The Defiant

Share𝕏 in

⚡

Everything else in the news today

A U.S. soldier faces 5 felony charges for allegedly using classified intel about Maduro's capture to earn $400K on Polymarket — the first insider trading case involving a prediction market→

Wisconsin sued five prediction market operators including Kalshi, Robinhood, and Coinbase for illegal gambling, while NY AG Letitia James separately sued Coinbase and Gemini over unlicensed prediction markets→

Bitcoin surged above $79,000 — up 24% since the U.S.-Iran war began — with spot Bitcoin ETFs pulling in $4.5B in net inflows over that period→

Project Eleven awarded quantum cryptographer Giancarlo Lelli 1 BTC for cracking a 15-bit elliptic curve key, raising early alarms about Bitcoin's post-quantum security→

Z.ai released GLM-5.1, a 754B parameter open-weights MoE model that can autonomously loop through coding tasks for up to 8 hours, priced at $1.40/$4.40 per million input/output tokens under MIT license→

The Bitwarden CLI npm package was briefly compromised via a malicious credential stealer exploiting a Checkmarx GitHub Action — rotate your npm tokens, GitHub tokens, SSH keys, and cloud credentials if you use it→

Researchers demonstrated Zealot, an AI multi-agent system that can autonomously breach a GCP environment end-to-end — from network recon to BigQuery data exfiltration — without human intervention→

A worm-like npm supply-chain attack targeting Namastex Labs packages is stealing developer credentials and crypto wallets while self-propagating to PyPI — immediate secret rotation required→

Kubernetes v1.36 shipped with 70 enhancements including fine-grained kubelet API authorization, user namespaces, and deprecation of the vulnerable externalIPs field→

Stripe and DoorDash moved stablecoin payments into production on Tempo, a Stripe/Paradigm-incubated chain processing $10B+ annualized volume across Latin America with sub-second finality→

ChatGPT Images 2.0 is now live across all major Figma products including Design, FigJam, Slides, and Weave→

Instagram is testing a standalone app called Instants for once-viewable disappearing photos, targeting Snapchat and BeReal users→

The 'tokenmaxxing' trend sees employees at Meta, Microsoft, and Salesforce wastefully burning AI tokens to game internal leaderboards, causing financial waste and system outages→

Band emerged from stealth with $17M to build a universal orchestration layer that lets AI agents across different frameworks and clouds discover each other and collaborate in real time→

Anthropic's Mythos cybersecurity model surfaced thousands of vulnerabilities across major OSes and browsers — Australia is now working with Anthropic over concerns it could accelerate sophisticated attacks→