The Lyceum: AI Daily — Mar 25, 2026

OpenAI shut down Sora, handed safety oversight to executives other than the CEO, and confirmed its next model just finished pretraining — all in the same staff meeting. That's not three stories; it's one company clearing the runway for an IPO. Meanwhile, a compromised Python package turned half the AI middleware stack into a credential exfiltration tool, and the Boston Dynamics founder unveiled a robot that thinks humanoids are overthinking it.

• DeerFlow 2.0 (ByteDance): Open-source multi-agent framework where each agent runs tasks in its own isolated environment, enabling sandboxed parallel execution.

Quiet 24 hours for releases. The action was in shutdowns and security incidents, not launches.

OpenAI is shutting down Sora, the AI video app that hit one million downloads in five days last September, topped the App Store, and reportedly attracted interest from Disney in a potential $1 billion investment. By January, downloads had fallen 45% from their peak. The compute bill did not.

The reported Disney partnership never materialized—no money changed hands, according to Axios. The app drew intense criticism for enabling deepfakes and nonconsensual imagery, amid which OpenAI moved to shut it down. CNBC reports the shutdown is part of a broader cost consolidation as OpenAI tries to justify a $730 billion valuation ahead of a potential IPO.

What changes: Google becomes effectively the only major publicly visible player in AI video generation at scale. OpenAI says the Sora research team will pivot to "world simulation research to advance robotics" — meaning video generation isn't dead, it's being repurposed to teach robots physics. If that pivot produces usable sim-to-real transfer within a year, it retroactively justifies every GPU hour Sora ever burned. If it doesn't, this was an expensive detour. Watch whether OpenAI publishes robotics research citing Sora-derived training data — that's the signal it was strategic, not just spin.

Buried in the same all-hands: Sam Altman told staff he's relinquishing direct oversight of OpenAI's safety and security teams. Safety moves to Chief Research Officer Mark Chen; security to President Greg Brockman. Altman's new focus: raising capital, supply chains, and "building datacenters at unprecedented scale."

For two years, Altman's personal brand has been inseparable from the "we take safety seriously" message. Now, weeks before a new flagship model ships and months before a likely IPO, safety loses its seat at the CEO's table. The charitable read: dedicated leaders are more appropriate than CEO-level attention in a maturing organization. The less charitable read: when safety competes with IPO prep, safety gets delegated. The observable test is simple — watch whether OpenAI's next safety evaluation report lands before or after "Spud" launches. If after, the organizational change spoke louder than the org chart.

Attackers compromised LiteLLM versions 1.82.7 and 1.82.8 on PyPI — the Python package index — turning a widely used LLM middleware wrapper into a credential-stealing backdoor. The injected .pth file executes on Python interpreter startup (no import needed) and, according to analysis, exfiltrates SSH keys, cloud credentials, Kubernetes secrets, and environment variables to an attacker-controlled domain. Community posts indicated a systemd-based persistence mechanism that would ensure it survives reboots.

LiteLLM sits beneath agent frameworks, DSPy training tools, coding editors like Cursor, and countless internal projects. This isn't one library getting popped — it's a credential harvest across a significant slice of AI development infrastructure. The difference between a scary demo and a mass incident depends on how many production environments pulled these versions during the roughly 48 hours they were live. If you run local agents or CI pipelines that auto-install PyPI wheels: hunt for these versions, rotate every secret, and add startup-time scanning to your container images. The next signal to watch is whether any major breach disclosure traces back to this compromise.

On the same day the LiteLLM compromise surfaced, users reported Windows Defender started flagging LM Studio — one of the most popular desktop apps for running local LLMs — as a Trojan, deleting files and rendering it inoperable. Reddit's r/LocalLLaMA (1,234 upvotes) erupted. The LM Studio team says they're investigating and community scans with multiple antivirus tools show no threats in current builds, pointing strongly toward a false positive from an overzealous Defender update.

But context matters: users also reported suspicious connections to a Chinese IP address, and the LiteLLM supply-chain attack was confirmed the same day. Two local AI tools with security flags in 24 hours is a pattern, even if one turns out to be benign. The real lesson: your AI toolchain is now part of your security perimeter — extensions, middleware, and desktop runtimes included. If LM Studio publishes a clean bill of health with third-party verification in the next 48 hours, this was a scare. If they go quiet, treat it differently.

RAI Institute — founded by Marc Raibert, who also created Boston Dynamics — unveiled Roadrunner, a 15 kg robot with articulated legs that terminate in wheels instead of feet. It can reconfigure its stance for flat ground, stairs, or tight spaces. The key technical claim: a single control policy handles both side-by-side and in-line driving, and several behaviors — including standing up from various positions and balancing on one wheel — deployed zero-shot on hardware. That means the robot performed new tasks on the first physical try without additional fine-tuning.

Zero-shot sim-to-real transfer is the milestone that separates research from deployable systems. Most robots need months of physical-world tuning after simulation training. If Roadrunner demonstrates this at scale at ICRA in May, it challenges the industry's assumption that humanoid form factors are the default path to general-purpose physical AI. If the zero-shot claims don't replicate outside the lab, it's another impressive demo. Marc Raibert's bet against humanoids is the signal worth tracking.

Microsoft published details on its Rho-alpha stack — a multi-modal agentic system for vision, language, and touch — being deployed with Azure and Nvidia hardware for real warehouse operations: pallet sorting, inventory checks, last-mile handoffs. Partners include Figure AI (Figure 03 humanoid) and Hexagon Robotics (AEON for inventory). The training loop pairs digital twins with in-the-field fine-tuning so robots trained in virtual factories transfer to messy real floors faster.

This matters because it's an ecosystem play, not a single-vendor demo. If Microsoft's enterprise pilots scale this year and costs follow, expect logistics sites to start replacing repetitive manual roles with mixed fleets of task-specific robots and agent controllers. The failure mode is integration complexity — digital twins that don't match real facilities, or safety tooling that can't keep pace with deployment speed. Watch for customer case studies with named warehouses and measurable throughput numbers; without those, this stays in the "impressive blog post" category.

On March 24, the UK's Financial Conduct Authority awarded Palantir a three-month contract to ingest and analyze its internal intelligence systems — highly sensitive case files and supervisory data covering roughly 42,000 firms, from high-street banks to crypto exchanges. The goal: sharpen fraud and market-abuse detection using Palantir's AI platform.

The FCA frames this as tooling, not outsourcing. The practical reality: an American defense-born AI company will help spot patterns in the UK's core financial enforcement data. The Guardian reported on political reactions to Palantir's expanding reach into British state systems. If the FCA renews or expands this pilot by summer, it signals regulators worldwide are comfortable putting AI platforms directly in the loop of financial policing — not just using them for dashboards. If the pilot quietly expires, it means the data-residency and lock-in concerns won.

Epoch AI confirmed that GPT-5.4 Pro solved an open problem in Ramsey hypergraph theory — a result no human or machine had previously achieved computationally. The model used a "tool search" capability to locate and orchestrate existing functions in large codebases, which reportedly reduced token usage by up to 47% in reported tests of tool-heavy workflows.

This is less about one math result and more about directed problem-solving — models learning to plan, select tools, and structure reasoning across code and external functions. For anyone building agentic systems, it suggests frontier models are developing strategy-like behaviors, not just pattern completion. Caveat: it's a single verified result, not yet a reproducible benchmark. The signal to watch is whether other labs replicate similar autonomous tool-search capabilities, which would confirm this as a capability class rather than a one-off.

Beijing has folded humanoid robots into its 2026–2030 industrial priorities. Industrial robot output jumped roughly 28% in 2025, and projections put humanoid-related spending rising from approximately $1.4 billion to $77 billion by 2030 if targets hold. Some analyses discuss targets of 115,000 units by 2027.

State backing plus manufacturing capacity equals volume economics that Western vendors aren't pricing yet. If Chinese manufacturers hit early shipment targets, cost-per-robot drops fast enough to make labor substitution viable in industries where it currently isn't. The failure mode is quality and reliability at scale — volume targets mean nothing if the robots can't perform consistently in unstructured environments. Watch Chinese factory deployment footage, not press releases, for the real signal.

A video app that hit one million downloads in five days and died because it couldn't outrun its own GPU bill. A CEO handing off safety oversight so he can focus on buying land and power cables. A fifteen-kilogram robot on wheels making every two-legged humanoid in Silicon Valley look like it's trying too hard.

Somewhere, a .pth file may still be quietly exfiltrating SSH keys every time a Python interpreter starts — and the developer who installed it was just trying to call an API.

Tomorrow.

If someone you know builds on AI infrastructure, they needed this issue yesterday. Forward it.