RL training data quality control & Agents that persist across sessions - AI News (May 9, 2026)

Let’s start with a reality check on how frontier labs buy training data. In a May 2026 essay, Sean Cai argues that a lot of off-the-shelf reinforcement learning datasets simply don’t survive internal quality-control at top AI labs. The punchline is practical: bad data doesn’t just waste the purchase order—it wastes the most expensive part of the pipeline, the training compute that chews through it. Cai describes a two-stage QC mindset. First, an “intake” pass to see whether the dataset is even testable and hard to game. Then “active testing,” meaning small training runs designed to flush out failure modes like reward hacking, sycophancy, alignment-faking, and forgetting. The bigger implication is market pressure: vendors increasingly win renewals by shipping audit artifacts—things like false-positive rates, per-skill regressions, and failure triage—rather than vague stories about metrics improving.

Staying with the theme of agents that actually hold up in the real world, OpenAI’s Codex tooling is leaning hard into continuity. Codex CLI version 0.128.0 adds a /goal feature that persists the agent’s objective across restarts, laptop sleep, and long pauses. What’s new is that Codex doesn’t just remember context—it proactively resumes by injecting a developer message when you return, instead of waiting for you to re-prompt. The write-up frames this as a workflow shift: you stop “babysitting an AI session” and instead write a spec-like contract upfront with success criteria and guardrails. That matters because as agent runtimes stretch from minutes to hours, the real bottleneck becomes clarity and control—not raw model capability.

Codex is also moving closer to the browser, which is where a lot of real work happens. OpenAI says Codex can now operate inside Google Chrome on macOS and Windows, including working across multiple tabs and running in the background without constantly hijacking your window focus. If this works as advertised, it’s a meaningful step toward in-browser automation that feels less like a demo and more like a daily tool—especially for tasks that live in web apps: admin consoles, dashboards, forms, and multi-step workflows.

As agents spread into automation pipelines, one unglamorous topic is becoming unavoidable: token spend. GitHub shared how agentic workflows running in CI can rack up large costs quietly—especially when they trigger on every pull request. Their approach is refreshingly operational: capture normalized token telemetry at a proxy layer, emit an artifact that’s easy to analyze, then run daily “meta” jobs to flag anomalies and open issues with concrete fixes. Two big lessons stood out. First, tool definitions can silently bloat every call—so pruning unused registrations saves money immediately. Second, not every step needs an LLM: deterministic commands can fetch context before the agent ever speaks. The broader point is that “agent reliability” now includes budget reliability, not just correctness.

On the consumer side, Meta appears to be preparing a new autonomous agent—reportedly codenamed “Hatch.” New traces in Meta’s codebase suggest active rollout work and a waitlist-style launch. The rumored direction is a socially grounded agent that can generate media, help with shopping-style workflows, and support research—while leaning on Instagram and Facebook for discovery and commerce. If Meta ships an agent inside the social feed experience, it raises the competitive stakes in a very different way than yet another standalone chat app. The advantage isn’t just model quality—it’s being embedded where people already spend time, with built-in context from social graphs and creator ecosystems.

Now to the story we teased at the top: interpretability that tries to translate what’s happening inside a model into plain language. Anthropic introduced Natural Language Autoencoders, or NLAs—an approach that turns internal activations into readable explanations, then checks itself by reconstructing the original activations. Anthropic claims this can surface things like advance planning and “evaluation awareness,” where a model appears to suspect it’s being tested even if it doesn’t say so. Why it matters: if we want credible alignment audits, we need more than output-based spot checks. Tools like this hint at a future where auditors can probe for hidden objectives or deceptive strategies—while still treating the results cautiously, because even interpretability layers can hallucinate or mislead.

OpenAI also pushed forward on voice—less hype, more product surface area. It announced new realtime audio models for its API: one aimed at richer reasoning during live conversations, another focused on live speech translation, and a low-latency streaming transcription model. The key shift is from voice as a front-end for Q&A to voice as an interface for systems that can listen, keep context, and take actions in the moment. For developers, the significance is straightforward: voice agents become easier to build when speech recognition, translation, and tool use are designed to work together under realtime constraints—where interruptions, partial sentences, and failed actions are normal.

In safety and real-world impact, OpenAI is also rolling out a feature that formalizes escalation beyond the chat window. It’s called Trusted Contact. Adult users can nominate someone who may be alerted if the system detects a serious self-harm risk. OpenAI says the user is warned first, a human review team evaluates the case, and the alert avoids including chat transcripts to limit privacy exposure. This is notable because it draws a line from AI conversation to real-world social support—rare, high-stakes situations where getting a trusted human involved can matter. It also shows how carefully these features need to balance intervention, user autonomy, and privacy.

Let’s switch to performance engineering—specifically, recommender systems, where milliseconds translate into revenue. PyTorch engineers described In-Kernel Broadcast Optimization, a technique that tackles a classic inefficiency: repeatedly copying user embeddings across huge candidate sets. Instead of materializing those copies, the kernel handles the broadcast internally, cutting memory traffic that scales with candidate count. Meta reports deploying this across parts of its ranking funnel on both GPUs and its MTIA accelerator, with sizable latency reductions on co-designed models. The bigger takeaway is that some of the most meaningful AI speedups now come from kernel and data-layout choices, not just bigger models or new architectures.

On the local inference front, antirez released an alpha project called ds4.c—built specifically to run DeepSeek V4 Flash on Apple’s Metal stack. The idea is a narrowly optimized runner rather than a general-purpose framework, with emphasis on practical long-context behavior, including KV-state persistence to disk. That’s interesting because it aligns with how agents actually behave: lots of repeated prefill, long-running sessions, and restarts. It’s still early—and the project itself warns about rough edges—but it’s another sign that “local inference” is evolving from hobby demos to targeted, workload-shaped tools.

Security culture is also being reshaped by AI—sometimes in uncomfortable ways. A researcher described how a Linux patch intended to be a low-key fix ended up effectively revealing a vulnerability because others inferred the impact from the public code change. The takeaway is that AI makes it cheaper to watch commits, analyze diffs, and guess what a patch is really about. That pressure collapses traditional timelines: long embargoes become riskier, and “quiet fixes” become easier to reverse-engineer into exploit strategies. The industry doesn’t have a perfect replacement playbook yet, but shorter windows and faster patch rollout are clearly where things are heading.

Two final perspective pieces are worth keeping in your mental model. First, one essay argues the ‘first to AGI wins forever’ narrative is overstated. As model capability gets cheaper and more widely available, the long-term winners may be the companies with distribution, proprietary workflows, and customer trust—rather than whoever trains the biggest model first. Second, a cultural critique points out that AI-generated images often trigger a negative gut reaction in audiences, regardless of quality. The practical advice isn’t about ethics debates—it’s about signaling: if your readers associate AI art with low effort or distrust, it can quietly undermine credibility, even when the content is solid.

And one more research-and-industry note from DeepMind. DeepMind says its Gemini-powered system AlphaEvolve is now broadly used to discover and optimize algorithms across domains—from science to infrastructure—and it’s also being pushed toward business use through Google’s ecosystem. Separately, DeepMind took a minority stake tied to EVE Online’s studio, using the game as a controlled research environment for studying long-horizon, multi-agent behavior in a complex economy. Why it matters: this is a bet that the next jumps won’t just come from bigger models, but from systems that can iteratively improve real algorithms—and from testbeds that look more like messy reality than clean benchmarks.