Daily Briefing
    By Krishna Goli

    FCA warns on AI risk as chip boom, ransomware reshape market

    Britain's financial regulator has called for tighter oversight of AI just as Illinois signs America's toughest frontier-model safety law, memory chip profits soar, and researchers document the first agentic ransomware attack.

    Editorial illustration showing a financial regulator's shield overlaid on a semiconductor chip and a warning ransomware icon, symbolising AI risk and opportunity colliding

    Regulators, chipmakers and cybercriminals are all moving at once. Today's briefing covers a landmark UK review of AI in finance, a first-in-nation US safety law, a record-breaking chip earnings season, a wave of AI-linked layoffs, and the ransomware attack that security researchers say marks a genuine turning point.

    FCA tells UK to prepare for AI-driven finance by 2030

    The Financial Conduct Authority has published a major review warning that artificial intelligence will become "a defining force" in UK retail financial services within the decade, and that regulation needs to catch up fast.

    Commissioned from executive director Sheldon Mills, the report found that a fifth of UK adults are already open to letting AI make financial decisions for them, including on savings and borrowing, even though these tools sit outside regulatory protection. Separately, more than a quarter of UK consumers say they trust tools like ChatGPT, Claude and Gemini for financial advice, often unaware that the safeguards applied to regulated advice don't extend to general-purpose chatbots.

    Mills' seven recommendations include:

    Mills described the situation bluntly to the Financial Times, saying regulators are in an "arms race" to keep up with AI's pace of change. The review also flags concentration risk: widespread reliance on the same handful of model providers and cloud platforms could create correlated failures across the financial system.

    Illinois signs America's strictest frontier AI law

    While the UK debates future rules, Illinois has already legislated. Governor JB Pritzker signed the Artificial Intelligence Safety Measures Act into law, requiring developers of the most advanced AI models to evaluate catastrophic risks, undergo independent third-party audits, and report critical safety incidents within 72 hours.

    Key details:

    "Where the federal government is unwilling to step up, states must venture once more unto the breach," Pritzker said at the signing. Notably, both OpenAI and Anthropic supported the bill as it moved through the legislature, a sign that at least some frontier labs would rather have clear state rules than none at all.

    Memory chips are having their best year ever

    The AI infrastructure boom is showing up directly in Asian chipmakers' earnings. Samsung Electronics forecast a 19-fold jump in quarterly profit to roughly 89 trillion won (£44bn), driven almost entirely by AI memory demand, even as its shares fell 4% on the news.

    SK Hynix, meanwhile, is bringing that boom to Wall Street. The company plans to sell around 17.8 million shares via a US IPO, potentially raising $28 billion through American depositary receipts, with pricing expected Thursday and trading from Friday. Its first-quarter revenue rose almost 200% year-on-year.

    That's part of a much bigger national bet: SK Group has unveiled a 2,100 trillion won ($1.36 trillion) investment roadmap covering domestic chip manufacturing and AI data centres, with chairman Chey Tae-won saying South Korea should "export intelligence itself" rather than just AI products. Analysts caution the supply build-out is a gamble — Bernstein's Mark Newman called the shortage "RAMageddon" and warned that today's record margins could reverse if new capacity outpaces demand once it finally comes online.

    Microsoft cuts 4,800 jobs while pouring billions into AI

    Microsoft confirmed it is eliminating about 4,800 roles, roughly 2% of its global workforce, with the deepest cuts hitting Xbox and commercial sales.

    • Xbox will lose around 3,200 jobs through fiscal 2027, with four studios spun off or sold and a fifth, Arkane, entering a French works-council consultation that could lead to closure.
    • Chief people officer Amy Coleman said the eliminated roles are "not being replaced by AI," while acknowledging automation is reshaping how work gets done.
    • The cuts build on Microsoft's $2.5 billion push to embed 6,000 engineers with enterprise clients to accelerate AI adoption.
    • Xbox CEO Asha Sharma called the division "not healthy," with margins 3-10 times lower than rivals.

    TechCrunch's running tally puts total 2026 tech layoffs citing AI at close to 120,000 roles so far this year.

    First documented agentic ransomware attack, with an asterisk

    Cybersecurity firm Sysdig says it has found the first documented case of agentic ransomware, dubbed JadePuffer, in which an LLM handled reconnaissance, credential theft, lateral movement and extortion largely on its own — even writing its own ransom note and fixing a failed login in 31 seconds.

    But a follow-up interview adds important nuance: Sysdig's Michael Clark confirmed a human still chose the victim, provisioned the infrastructure, and supplied the stolen credentials used for initial access. Microsoft researcher Geoff McDonald still warned the barrier to running large-scale ransomware campaigns has dropped to whatever it costs to operate an agent.

    Chinese models gain ground as Western token costs bite

    Cost pressure is pushing US enterprises toward Chinese alternatives. CNBC reports that Chinese-built models from DeepSeek and Z.ai are gaining traction with American companies as token prices rise at OpenAI and Anthropic. Meituan added weight to that trend by open-sourcing LongCat-2.0, a 1.6-trillion-parameter model trained entirely on domestic Chinese compute, which reportedly outperforms Gemini 3.1 Pro and GPT-5.5 on the SWE-bench Pro coding benchmark.

    The Hexalink view

    The through-line today is that AI's economics and its oversight are colliding at the same moment. Chip supply is scarce enough to hand Samsung and SK Hynix record profits, regulators on both sides of the Atlantic are moving from guidance to enforceable law, and the same agentic capability that boosts productivity is now demonstrably usable for autonomous extortion. None of these trends is separable from the others: the money flooding into infrastructure is precisely what's making frontier models cheap enough to weaponise and expensive enough to make Chinese alternatives attractive.

    Our advisory position: treat the Illinois law and the FCA review as previews of where every major market is heading, not as regional curiosities — audit trails, incident-reporting timelines and third-party safety audits are becoming table stakes, so build for them now rather than retrofitting later. On the security side, JadePuffer is a warning to test agentic exposure on any internet-facing tool the way you'd test for a known CVE, because the "human in the loop" gap is narrower than most incident-response plans assume.

    Join us tomorrow for the next AI Storm briefing, or check back for the five-minute audio rundown on the AI Storm Daily podcast.