AI Models Get More Precise, Privacy Gets More Broken
Three stories today that show how fast things are moving — and where the gaps are widening.
Qwen Drops a 27B Model That Codes Like the Big Boys
Alibaba’s Qwen team released Qwen3.6-27B, a coding model that supposedly matches flagship performance in a much smaller package. The benchmarks look good — competitive with models 3x its size on programming tasks.
This matters because smaller models that actually work mean lower inference costs. If a 27B model can replace a 70B+ model for coding tasks, that’s real money saved on compute. For companies building AI-powered dev tools or code generation features, this could be the difference between profitable and burning cash.
The trend is clear: we’re getting more capability per parameter. Which means AI features that were too expensive six months ago might be viable now.
Firefox Had a Privacy Bug That Defeats Tor
Security researchers found a Firefox vulnerability that creates stable identifiers linking supposedly anonymous Tor browsing sessions. The bug uses IndexedDB storage to track users across different “private” identities.
This is bigger than it sounds. Tor users expect true anonymity. When that breaks, it’s not just a privacy issue — it’s a safety issue for journalists, activists, and whistleblowers. Firefox patched it, but the fact that it existed for years shows how hard true privacy is to achieve.
For businesses, this is a reminder that privacy-by-design isn’t just marketing speak. If Mozilla can miss something this fundamental, your internal tools probably have similar blind spots.
Apple Patches the Cop Phone Hack
Apple fixed a bug that let law enforcement extract deleted messages from iPhones during forensic examinations. The messages were supposed to be gone but were still accessible through specific extraction tools.
The technical details matter less than the pattern: even “deleted” data often isn’t. This applies to your business data too. That customer information you thought was purged? Those old employee records? They might still be sitting in some backup or cache you forgot about.
What This Means for AI Teams
These stories connect to a bigger theme: AI systems are getting more capable while our understanding of their security and privacy implications lags behind. At Kerios, we see this daily — companies want autonomous AI teams handling sensitive business processes, but they haven’t thought through what happens when those systems inevitably have access to everything.
The solution isn’t to slow down AI adoption. It’s to build systems that assume breaches will happen and design around that reality.
See how Kerios builds AI teams that work securely by default