Chinese Tech Daily — 2026-05-11#

Top Story#

Vibe coding tools are causing a massive enterprise security headache. Security firm RedAccess revealed that rapid AI development platforms like Lovable, Replit, and Netlify have inadvertently exposed over 380,000 applications to the open web, with nearly 2,000 leaking highly sensitive corporate data, medical records, and internal financial documents. As “shadow AI” allows non-engineers to bypass traditional DevSecOps pipelines, the ease of prompt-to-app generation is turning internal workflows into major public vulnerabilities. You can read the full report at 38万应用暴露、2000+应用泄密！AI编程把“内网”变公网.

Engineering & Dev#

Figma has completely rebuilt its caching layer by developing Figma自研了Redis代理，实现六个9可用性, an in-house Redis proxy named FigCache. This architecture decoupled frontend connection management from backend execution, helping the team achieve six nines of uptime by mitigating “thundering herd” connection failures. In the security space, GitHub has upgraded its code analysis engine in GitHub升级CodeQL：以声明式安全建模实现更快且更灵活的分析, shifting toward a “models-as-data” approach that allows teams to define custom data sanitizers via YAML instead of writing complex queries.

On the AI tooling front, Mistral released Mistral Medium 3.5, bringing asynchronous capabilities in Mistral为Le Chat新增远程智能体与Work模式 to allow agents to execute cloud-based workflows, modify code, and interact with external systems. Anthropic also detailed the safety architecture of its new autonomous system in Claude Code的Auto模式深度解析：Anthropic带有人类审批门控的自治编码系统, implementing a two-stage classification pipeline that acts as a human-approval gate for high-risk operations. To help enterprises safely adopt these workflows, NetEase launched its enterprise platform in AI工具用了不少，利润为何不涨？网易智企发布CodeWave，直击 AI Coding 提效难题 to standardise AI-generated code and enforce architectural constraints, while Tencent Cloud open-sourced Cube Sandbox in 有奖征文｜4 天 4000 Star的 Agent 沙箱，等你来开箱赢奖励 to provide a secure, isolated execution environment for AI agents.

On the business impact of AI, AppLovin’s CEO revealed in 靠AI把股价干涨735%，这家公司开始成批裁掉可替代岗，全员招聘须CEO点头 that over 80% of the company’s code is now AI-generated. This extreme capability density allowed them to purge redundant roles, dramatically boosting efficiency and driving a 735% stock surge. Academically, Chinese institutions are dominating global AI research, as noted in 中国拿下这届 AI 顶会半壁江山，清华一家单挑斯坦福加 MIT, contributing to 43.7% of accepted papers at ICLR 2026. This surge is largely driven by a pragmatic, low-friction organizational culture within Chinese AI labs, unburdened by legacy tech debates.

Products & Digital#

Ahead of Apple’s upcoming developer conference, rumors suggest a UI refinement in 苹果或「小幅重新设计」macOS 27 的液态玻璃界面 to fix text readability issues on the “Liquid Glass” interface for LCD Mac screens. Beyond aesthetics, tech commentators are speculating on a native AI overhaul in 下个月的苹果 WWDC，假如 iCloud 变成 iClaw……?, proposing a system-level orchestration protocol that deeply integrates third-party models with user context.

For digital journaling, the Android app featured in 派评 | 近期值得关注的 App called Momentum is gaining traction for automatically stitching daily photos into elegant montage videos, utilizing Google’s MediaPipe for face stabilization. On the desk setup front, a popular crossover has restocked: 监工水獭 × 明基挂灯：老朋友回来了，新福利也一并送到 introduces a custom SSPai Otter figurine designed to rest perfectly on BenQ ScreenBar lamps as a physical “supervisor” for productivity. Finally, for coffee geeks, a deep dive into WBrC champion pour-over recipes in 手冲咖啡进阶指北：如何让「冠军参数」变成「你的日常」 highlights the growing trend of multi-stage temperature-varied extraction to perfectly balance acidity and sweetness.

News & Commentary#

As the Trump-Xi summit approaches, the Chinese internet is rife with a new geopolitical meme discussed in 从“美国斩杀线”看中国人危险的自大情绪, the “American execution line” (美国斩杀线), which portrays the US as fragile and on the brink of collapse. This hubristic narrative is reshaping public opinion and may harden Beijing’s geopolitical stance against Washington. Concurrently, global middle powers are actively hedging their bets, as analysed in 中等国家为何对“习特会”感到担忧？, stepping up independent military and trade agreements due to a lack of trust in both superpowers.

On the tech side, a deep dive into the gray market of API reselling in 川普、孙宇晨都来当 AI 黄牛了，这门暴利生意的水有多深？ reveals how “AI Middlemen” bypass geo-blocks. These shadow APIs often bait-and-switch expensive models for cheaper ones, truncate contexts, and pose massive data security risks by intercepting sensitive prompts. In the publishing world, the rise of AI-generated content is scrutinised in 我买了这些畅销书，但作者不是人, exposing how scammers are flooding Amazon with low-quality, AI-authored books, which not only dilutes the market but risks future “model collapse” by polluting the internet’s training data.

Also Noted#

• ByteDance has dramatically raised its 2026 AI capital expenditure to over 200 billion RMB, heavily increasing procurement of domestic AI chips, as noted in 早报｜微信灰测「组合支付」功能/苹果或重新设计macOS27「液态玻璃」/哈啰回应员工脚踩青桔美团.
• Nvidia CEO Jensen Huang delivered a commencement speech and was awarded an honorary doctorate at CMU, robed by Intel CEO Lip-Bu Tan, fuelling rumors of deepened foundry ties in 黄仁勋被授予 CMU 荣誉博士！陈立武亲自为其授袍，不用英特尔为其代工的英伟达，改策略了？.
• Amazon CloudWatch has introduced public preview support for OpenTelemetry Metrics, bringing PromQL capabilities and high-cardinality data support directly to AWS, covered in Amazon CloudWatch 预览支持 OpenTelemetry Metrics.
• Cloudflare launched an edge-native feature flag service built on the OpenFeature standard, detailed in Cloudflare推出Flagship：基于OpenFeature的边缘原生特性开关服务.
• Security researchers have flagged an SQL injection vulnerability in the Tiandy Easy7 video surveillance management system, reported in 天地伟业Easy7 /Easy7/rest/user/getAuthorityByUserId SQL注入漏洞.