How Microsoft's MAI-Thinking-1 Challenges Anthropic, AI-Discovered DoS Hits 880K Websites, and VSCode's One-Click Token Theft

Something fundamental shifted in the AI landscape this week. Microsoft unveiled its first homegrown reasoning model that goes toe-to-toe with Anthropic's best, researchers proved that tiny models can outthink GPT-5 for a fraction of the cost, and an AI coding assistant discovered a novel denial-of-service attack that left every major web server vulnerable. Meanwhile, the developer tools ecosystem got its latest wake-up call with a one-click GitHub token theft vulnerability in VSCode, and GitHub Copilot began its long-anticipated migration away from OpenAI's models.

These stories aren't happening in isolation. Together, they paint a picture of an industry rapidly diversifying beyond the "bigger is better" paradigm — where strategic inference, AI-assisted security research, and vertically integrated AI ecosystems are becoming the new competitive battlegrounds.

How MIT's Small AI Models Outsmarted GPT-5 for 1% of the Cost

The received wisdom in AI development has been straightforward: if you want better results, build a bigger model. But researchers at MIT CSAIL and Harvard SEAS just published work that directly challenges that assumption — and the implications are significant.

In a study published on June 3, the team demonstrated that a relatively small model — Llama 4 Scout, with far fewer parameters than frontier models — could be transformed into a strategic reasoning powerhouse that outperforms GPT-5 in specific task domains. The key innovation wasn't architectural; it was a Monte Carlo inference strategy that gives the model a "world model" capability, allowing it to simulate multiple possible futures before committing to an action.

Tested in a game called "Collaborative Battleship" — which requires asking strategically optimal questions to locate hidden information — the small model's win rate against human players jumped from 8% to 82%. Even more strikingly, it surpassed GPT-5's performance in the same benchmark. The model achieved this at roughly 1% of the computational cost.

The research team, led by scientists from both MIT and Harvard's School of Engineering and Applied Sciences, frames this as evidence that inference-time compute — spending more processing cycles on each individual query rather than always pre-training bigger models — can be a dramatically more efficient path to capable AI systems. For domains like medical diagnosis, scientific research, and complex planning, where AI agents need to ask the right questions rather than generate fluent text, this approach could be transformative.

Microsoft's MAI-Thinking-1: The First Real Challenger to Anthropic Opus

At Microsoft Build 2026, the company did something it has never done before: it unveiled a reasoning model built entirely in-house — no OpenAI partnership required. MAI-Thinking-1 represents a strategic inflection point for Microsoft's AI ambitions, and the benchmark numbers suggest they're not just participating in the reasoning model race, but leading it in some dimensions.

The model is a 35-billion active parameter, roughly 1-trillion total parameter sparse Mixture of Experts architecture with a 256,000-token context window. Despite being significantly smaller than models like GPT-5 or Claude Opus 4.6 in total parameter count, it achieves 97.0% on AIME 2025 and 94.5% on AIME 2026 — benchmarks that test mathematical and multi-step scientific reasoning. On SWE-Bench Pro, the software engineering benchmark that measures real-world coding capability, Microsoft claims it matches Claude Opus 4.6 directly.

In blind human side-by-side evaluations conducted with Surge's pool of professional raters across 1,276 tasks, MAI-Thinking-1 was preferred over Claude Sonnet 4.6 — a result that, if replicated across broader evaluation, would make it the first non-Anthropic model to consistently win human preference comparisons at this tier.

What makes this particularly significant is the infrastructure story. MAI-Thinking-1 runs on Microsoft's own Maia 200 AI accelerators in Azure, not on NVIDIA GPUs. Mustafa Suleyman, CEO of Microsoft AI, presented the model as proof that Microsoft's vertically integrated AI stack — custom silicon, custom models, custom cloud — can compete with the best offerings from Anthropic, Google, and OpenAI. The model is available in private preview through Microsoft Foundry, and supports function calling and multi-layered instruction following via the Chat Completions API format.

HTTP/2 Bomb: How OpenAI Codex Discovered a Novel DoS Attack

Perhaps the most unsettling cybersecurity story this week isn't about a sophisticated nation-state attack or a zero-day in a popular application. It's about what happened when a security researcher gave an AI coding model free rein to find novel ways to break web servers.

According to a Cloud Security Alliance research note published on June 4, researcher Quang Luong at offensive security firm Calif — working with OpenAI's Codex AI model — identified a completely novel denial-of-service technique that chains two long-established but never-previously-combined HTTP/2 weaknesses: HPACK header compression amplification and flow-control window stalling. The result is an attack that can exhaust server memory in seconds from a single residential connection.

Every major HTTP/2 implementation is affected: nginx, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare's Pingora proxy. The combined exposure is estimated at more than 880,000 public-facing websites. The amplification ratios are staggering — ranging from 68:1 on IIS to an extraordinary 5,700:1 on Envoy, meaning an attacker sending a small volume of carefully crafted HTTP/2 frames can force a proportionally massive memory allocation on the target server.

Patches are available for nginx (version 1.29.8, released April 2026) and Apache HTTPD (mod_http2 v2.0.41, tracking CVE-2026-49975). However, Microsoft IIS, Envoy, and Cloudflare Pingora had not released fixes at the time of public disclosure. The discovery illustrates a critical new dynamic in cybersecurity: AI coding and reasoning models, when directed by skilled researchers, can identify novel vulnerability classes by recombining documented primitives in ways that may never surface through traditional manual review.

One-Click GitHub Token Theft in VSCode

While the HTTP/2 Bomb represents AI-assisted offense, a more traditional but equally concerning vulnerability surfaced in one of the most widely used developer tools: VSCode for the Web (github.dev).

Security researcher Ammar Askar published a detailed disclosure of a critical vulnerability that allows an attacker to steal a user's GitHub OAuth token with nothing more than a single click. The issue lies in the webview security model used by github.dev — specifically, how OAuth tokens posted from github.com to github.dev aren't scoped to a specific repository but instead carry full access to all of a user's repositories, including private ones.

By manipulating the postMessage mechanism between iframes and the main window, an attacker can extract these tokens. The vulnerability is particularly relevant for developers who regularly use github.dev for code reviews, quick edits in the browser, or collaborative coding sessions. It effectively means that a carefully crafted link in a GitHub issue comment, email, or chat message could compromise an entire organization's private codebase.

Askar responsibly disclosed the vulnerability, and Microsoft has since implemented fixes. But the disclosure raises important questions about the security architecture of browser-based development tools — a category that's growing rapidly as remote and hybrid work patterns become permanent. As previous supply chain incidents have shown, the developer toolchain is increasingly the attack surface of choice for sophisticated threat actors.

GitHub Copilot's MAI Code One: The End of OpenAI Dependency

The other shoe dropped at Microsoft Build: GitHub Copilot is replacing GPT-4 Turbo with MAI Code One, Microsoft's in-house coding model, as the default for all subscribers starting August 2026. Alongside MAI-Thinking-1, MAI Code One is part of a broader seven-model launch that represents Microsoft's most aggressive move yet toward AI independence.

MAI Code One — initially referred to by the codename "Project Polaris" in third-party reporting — is a Mixture of Experts coding model built end-to-end using commercially licensed data. It's rolling out across all GitHub Copilot tiers, including Free, Pro, Pro+, and Max plans. The model features adaptive thinking: it can deliver concise responses for simple tasks while allocating more reasoning budget for complex problems, resulting in up to 60% fewer tokens consumed compared to Claude Haiku 4.5.

On SWE-Bench Pro, MAI Code One's flash variant achieves 51.2% compared to Claude Haiku 4.5's 35.2% — a 16-point lead that underscores how far Microsoft's in-house AI development has progressed. The broader MAI model family also includes image generation models, transcription models, and voice models, all running on Microsoft's own Maia 200 accelerators.

For the broader AI industry, this migration signals something bigger than just a product update. Microsoft — OpenAI's largest investor and closest partner — is systematically replacing OpenAI's models in its core developer products with alternatives built entirely in-house. Whether this reflects confidence in MAI's quality, a desire for cost control, or strategic positioning for a future where Microsoft competes directly with OpenAI, the message is clear: the era of Microsoft as OpenAI's exclusive distribution channel is ending.

What This Week Tells Us About AI's Trajectory

Read together, these five stories reveal several intersecting trends. First, the AI arms race is diversifying beyond raw parameter count. MIT's inference-time strategy and Microsoft's MoE architecture both suggest that efficiency and architecture are becoming more important than sheer scale. Second, AI is becoming a dual-use technology in the most literal sense — the same Codex model that helps developers write code also helped discover a novel DoS attack affecting 880,000 websites.

Third, the competitive landscape is restructuring. Microsoft's simultaneous launch of seven in-house models and the Copilot migration away from OpenAI represent a tectonic shift in the AI platform wars. Companies that bet everything on a single model provider may find themselves at a growing disadvantage as the ecosystem fragments.

And finally, as we've noted before, the intersection of AI capabilities and cybersecurity is accelerating faster than most organizations can adapt. From one-click token theft to AI-discovered protocol attacks, the threat landscape is evolving at machine speed. The question isn't whether your infrastructure is ready — it's whether you have the monitoring and response capabilities to detect attacks that haven't been invented yet.