Two stories this week show AI’s growing power and our infrastructure’s growing vulnerabilities. One machine proved mathematicians wrong. Another exploit hit thousands of developers where they work every day.

AI Cracks 50-Year Math Problem

OpenAI’s latest model just disproved the Kneser conjecture in discrete geometry — a problem mathematicians couldn’t solve for five decades. The model found a counterexample that human researchers missed, essentially rewriting part of mathematical theory.

This isn’t just academic bragging rights. Mathematical breakthroughs often become the foundation for new algorithms and optimization techniques. When AI can solve problems humans can’t, it suggests we’re entering a phase where AI doesn’t just automate existing work — it discovers new possibilities.

For businesses, this points to AI’s potential beyond chatbots and content generation. Companies building custom AI agents should think about problem-solving applications, not just conversation. The same reasoning capabilities that cracked geometry could optimize supply chains, find network vulnerabilities, or discover new product configurations.

VSCode Extension Compromises 3,800 Repos

GitHub confirmed that a malicious VSCode extension breached 3,800 repositories. The attack used a popular development tool — something developers install without thinking twice — to steal source code and credentials.

This wasn’t a sophisticated zero-day exploit. It was a supply chain attack that used developers’ own tools against them. The extension looked legitimate, passed basic security checks, and gained access to everything developers could access.

The business impact is immediate. Those 3,800 repos likely contain proprietary code, API keys, database credentials, and customer data. Companies now face the nightmare scenario of not knowing what was stolen or how it’s being used.

The Security Reality

These stories connect in an uncomfortable way. As AI gets more powerful at solving complex problems, our development infrastructure becomes more complex and vulnerable. We’re building AI systems faster than we’re securing the tools that build them.

Every VSCode extension, every npm package, every Docker image is a potential attack vector. When we automate infrastructure and deploy AI agents, we’re also automating the spread of compromises.

For companies building custom AI solutions, security can’t be an afterthought. Your AI agent might solve complex business problems, but if it’s built on compromised infrastructure, you’ve just automated your security breach.

This is why infrastructure automation needs security built in from day one. Not compliance theater — actual threat modeling, dependency scanning, and access controls that assume compromise will happen.