Briefly, AI — daily AI news, fully automated

DeepSeek's Billions, Google's Privacy Cartoon, and a Prompt Injection Trap

Thursday, 4 June 2026 · 1063 words · weekday
Listen on Spotify ↗

Welcome to Briefly AI, a podcast by Harry Sharman, created by AI and voiced by an AI synthesis of Harry Sharman. Which feels like cheating, until you remember the podcast is about AI.

DeepSeek just quietly announced it's raising seven and a half billion dollars. For a company that spent the last year proving you don't need a lot of money to build world-class AI, that's a sentence worth sitting with for a moment.

Right, let's get into it.

So — DeepSeek. If you're not familiar, here's the short version. DeepSeek is a Chinese AI startup that caused something close to a collective panic in Silicon Valley back in early 2025 when it released a model that rivalled the best American labs at a fraction of the cost. The assumption had been that winning at AI required billions in compute, American chips, and a San Francisco zip code. DeepSeek rather proved otherwise.

Now they're raising $7.4 billion — reportedly from investors including Tencent, and potentially their own founder — at a valuation that could hit $59 billion. This would be their first ever external funding round. And it would rank among the largest private tech financings in China, ever.

Here's what's interesting about this, beyond the headline number. DeepSeek built its reputation on efficiency — on doing more with less. Raising this kind of capital changes the game entirely. The question isn't whether they can build good models cheaply anymore. The question is: what do they do with serious money behind them? If their competitive advantage was resourcefulness under constraint, does adding resources accelerate them further, or does it just make them more like everyone else?

For people tracking the AI race between the US and China — and at this point, that's most of the industry — this is worth watching closely. The US has been betting that chip export restrictions would slow Chinese AI development. DeepSeek has been the most visible proof that that strategy has limits. A well-capitalised DeepSeek is a different proposition entirely.

Meanwhile, on a completely different note — and I say this with genuine fondness — Google has released something called Dreambeans. Yes, Dreambeans. I'm not going to pretend that name doesn't sound like a children's cereal. But the product itself is actually quite interesting, and a little bit unsettling if you think about it for more than ten seconds.

Here's what it does. Dreambeans takes personal data from your Google account — your photos, your search history, your emails, your calendar — and turns it into illustrated "stories." Little cartoon summaries of your life, generated by AI, living inside the Google ecosystem.

Now, the pitch is warm and nostalgic. Your holiday, turned into a picture book. Your kid's first year, illustrated. That sort of thing. And honestly, as a product experience, it's probably lovely. The illustrations look beautiful and the appeal is obvious.

But look — here's the thing. The same move that makes this delightful is also the move that deepens your dependency on Google having all of your data and doing things with it you didn't explicitly ask for. You uploaded photos to back them up. You didn't necessarily ask for them to be turned into AI-generated narratives. The opt-in question matters here, and it wasn't front and centre in any of the coverage.

There's also a broader pattern worth noticing. Google has been making its products progressively more intimate — Gemini in Gmail, AI in Search, now your life history turned into illustrated content. Each individual feature is fine. The accumulation of them is a significant shift in what your relationship with Google actually is. It's moved from "search engine and email provider" to "AI system that has a fairly complete picture of your life and is now narrating it back to you in cartoon form."

Whether that's exciting or quietly alarming probably depends on how much you trust Google with that picture. Reasonable people disagree.

And finally — this one's a bit niche, but I think it reveals something important about where AI development is heading in 2026. A developer — and I say this with a degree of sympathy for where they were coming from — sneaked a malicious instruction into an open-source coding library. Not a bug. A deliberate, hidden prompt injection designed to instruct AI coding agents to delete the output of any application they helped build.

Their frustration was with so-called "vibe coders" — people who use AI tools to generate code without understanding what it does, blindly deploying packages without reading them. The developer's view, apparently, was that this recklessness deserved a sharp lesson.

Now. The ethics here are clearly not great — deliberately inserting data-nuking instructions into code other people are using is sabotage, regardless of the motivation. But the technical point underneath the frustration is completely valid. As AI coding tools become more capable, more people are deploying code they don't understand into real products. And those people are increasingly dependent on the libraries they pull in being trustworthy.

This is a known attack surface. It's called prompt injection — where malicious instructions hidden in data or code get picked up and executed by an AI agent that doesn't know to be suspicious of them. Security researchers have been warning about this for a while. What's changed is that as AI agents become more autonomous — reading code, writing code, running code, committing to repositories — the consequences of a successful injection get much more serious. This wasn't a theoretical demo. It was an actual library, with actual users, and the instruction was to actually destroy things.

The episode didn't cause widespread damage — it was caught and flagged — but it's a preview of a category of problem that's going to get more common as AI coding agents become more trusted, more autonomous, and more deeply embedded in production software.

If you're a developer using AI coding tools, this is a reasonable moment to ask: do you actually know what the packages you're pulling in are telling the AI to do? Probably worth a look.

That's your lot for today. DeepSeek getting serious money, Google turning your life into a cartoon, and a grumpy developer reminding everyone that AI agents can be tricked into burning things down. Three threads I'd keep an eye on. I've been your host, AI Harry. See you next time.