OpenAI Locks Up Big Four Consulting as Anthropic Splits Off

◆ DEEP DIVES

1. 01

   The Enterprise AI Ecosystem Fork: OpenAI's Consulting Lock-In vs. Anthropic's Vertical Agent Play

   <p>The enterprise AI market split into two distinct ecosystems this week, and the strategic implications are more consequential than any model benchmark. <strong>OpenAI launched 'Frontier Alliances'</strong> — multiyear partnerships with McKinsey, Accenture, BCG, and Capgemini to deploy its enterprise agent management platform. These four firms collectively influence technology spending decisions at virtually every Fortune 500 company. When a McKinsey engagement team recommends an AI agent architecture, they'll be recommending OpenAI's Frontier platform. This is the Salesforce/SAP playbook executed at AI-native speed.</p><h3>Two Theories of Enterprise Disruption</h3><p>The divergence with Anthropic is not just tactical — it's philosophical. On February 24, <strong>Anthropic unveiled Claude Cowork</strong> with integrations into DocuSign, LegalZoom, and Salesforce, plus vertical agent plugins for finance, engineering, and design. Anthropic's head of economics, Peter McCrory, explicitly stated the strategy: <em>replace the worker, not the software</em>. OpenAI told investors the opposite — its agents would replace Salesforce, Workday, Adobe, and Atlassian, showing their combined revenues as OpenAI's addressable market.</p><blockquote>The market's initial read was telling: Figma jumped 10%, Salesforce rose 4%, and ServiceNow inched up 1.4% on the Anthropic announcement — investors exhaling that at least one major AI lab wants to be a partner, not a predator.</blockquote><h3>The CrowdStrike Canary</h3><p>A cybersecurity executive replaced a <strong>CrowdStrike product costing over $100,000 annually</strong> with a Torq AI agent — powered by both OpenAI and Anthropic models — that connected directly to raw Microsoft login data and replicated core functions at dramatically lower cost. CrowdStrike's response — that it 'lets AI agents connect to its software' — is the defensive posture of a company that knows it can't block the disruption. This template will repeat across every category where the core value proposition is <em>data aggregation plus rules</em>.</p><h3>The Pricing Trap</h3><p>Buried in OpenAI's investor math: at <strong>$25/month per worker with claimed savings of $50/day</strong>, OpenAI is capturing approximately 2.5% of delivered value. They explicitly told investors they're 'only capturing a small fraction' of business value — relying on estimates from Ark Invest, their own shareholder. Read between the lines: <strong>this is a company telegraphing massive enterprise price increases</strong>. Any strategic plan built on current AI pricing is planning on someone else's generosity.</p><h3>The Contradiction That Matters</h3><p>OpenAI's own COO publicly acknowledged that AI has 'not yet really seen AI penetrate enterprise business processes.' If the company best positioned to drive enterprise penetration admits it hasn't started, the 'SaaS is dead' narrative is running ahead of reality. But Anthropic's vertical plugins represent the first credible mechanism for that penetration to begin. <strong>The window between 'hasn't started' and 'locked in' is narrower than it appears.</strong></p>

   Action items

   • Audit your top 20 SaaS contracts by annual spend, scoring each on 'AI agent displacement vulnerability' — specifically which products primarily aggregate data via APIs vs. which have deep proprietary workflow logic
   • Make a deliberate ecosystem alignment decision between Anthropic's partnership model and OpenAI's replacement model by end of Q2 — this is a platform bet, not a vendor selection
   • Renegotiate SaaS contracts coming up for renewal in the next 6 months with explicit AI agent access and data portability clauses
   • Model OpenAI enterprise pricing at 3x-5x current rates in your 3-year AI budget projections

   Sources:Oracle Shares Dip After Stargate Report · Applied AI: Anthropic and OpenAI Strike Different Tone On Disrupting Software Incumbents · The Briefing: Anthropic: Foe or Frenemy? · OpenAI COO says 'we have not yet really seen AI penetrate enterprise business processes' · ChatGPT Pro Lite 🤖, Anthropic distillation 🧪, Perplexity Messages credits 💬 · Gemini tops benchmarks, again

2. 02

   The Pentagon's AI Coercion Playbook: Supply Chain Risk Designation as a Weapon Against Safety

   <p>Today's meeting between Anthropic CEO Dario Amodei and Defense Secretary Hegseth may be the most consequential AI governance conversation of the quarter. The Pentagon has threatened to designate Anthropic a <strong>'supply chain risk'</strong> — a classification historically reserved for foreign adversaries like Huawei — unless it removes safety restrictions on military use of Claude. This isn't about a $200M contract. It's about whether the US government can use procurement power to strip ethical guardrails from AI systems industry-wide.</p><h3>The Competitive Landscape Has Already Split</h3><table><thead><tr><th>AI Provider</th><th>Military Restrictions</th><th>Government Status</th></tr></thead><tbody><tr><td>Anthropic</td><td>Seeks limits on mass surveillance, autonomous weapons without human oversight</td><td>Only AI cleared for classified data; faces supply chain risk designation</td></tr><tr><td>OpenAI</td><td>Removed restrictions for unclassified use</td><td>Compliant</td></tr><tr><td>Google/Alphabet</td><td>Dropped military usage restrictions</td><td>Compliant</td></tr><tr><td>xAI</td><td>Removed safeguards for unclassified use</td><td>Compliant</td></tr></tbody></table><p>The 'supply chain risk' designation would go beyond canceling Anthropic's contract — it would <strong>require every Pentagon contractor to certify they've severed ties with Anthropic entirely</strong>. For any enterprise using Claude in government-adjacent work, this creates immediate vendor continuity risk.</p><h3>The Strategic Paradox</h3><p>Anthropic is simultaneously positioning itself as a <strong>victim of Chinese IP theft</strong> (24,000 fake accounts, 16 million exchanges extracting Claude's capabilities) while resisting the government's unrestricted use demands. This creates an interesting leverage dynamic: the company arguing it needs government protection from foreign adversaries is the same company the government is threatening to designate as a domestic adversary. Whether Anthropic can exploit this tension to negotiate better terms may determine the outcome.</p><blockquote>If the Pentagon succeeds, it establishes that AI companies must provide unrestricted access or face exclusion from the entire defense ecosystem. For any technology leader considering government contracts, this is the moment to develop a clear, board-approved position on ethical AI use — before you're forced to make that decision under pressure.</blockquote><h3>Second-Order Effects for Enterprise Buyers</h3><p>The bifurcation creates a new axis of vendor risk that most procurement frameworks don't account for. <strong>European and international customers may actively prefer vendors that resist unrestricted military use.</strong> US government contractors will be forced toward compliant vendors. Your AI vendor selection is now a geopolitical positioning decision with reputational, regulatory, and commercial consequences that belong in the boardroom, not the CTO's office.</p>

   Action items

   • Conduct an immediate AI vendor risk assessment mapping all Anthropic/Claude dependencies against government-adjacent or defense-related workloads, with fallback options identified
   • Develop a board-ready position paper on your organization's stance on AI ethics in government and military applications by end of Q2
   • Monitor today's Amodei-Hegseth meeting outcome and brief leadership within 48 hours on implications for your vendor strategy

   Sources:Last Week in AI #336 · Inside Anthropic's existential negotiations with the Pentagon · The Pentagon Calls Anthropic on the Carpet · Claudus belli · Benedict's Newsletter: No. 631

3. 03

   AI-Powered Attacks Hit 89% Surge With 29-Minute Breakout — Your Security Architecture Is Structurally Inadequate

   <p>CrowdStrike's 2026 Global Threat Report delivers a verdict that should force a strategic reckoning: <strong>AI-driven attacks are up 89% year-over-year</strong>, average breakout times have collapsed to <strong>29 minutes</strong> (fastest observed: 27 seconds), and <strong>82% of intrusions are now malware-free and credential-based</strong>. The traditional security operating model — detect, triage, investigate, contain — cannot physically respond fast enough to prevent lateral movement in the majority of attacks.</p><h3>The LLM Attack Pipeline Is Industrialized</h3><p>A single threat actor built a fully automated, <strong>LLM-powered attack pipeline targeting 2,516 FortiGate appliances across 106 countries</strong>, evolved from an open-source framework in roughly eight weeks. The tooling uses a 'dual-model' approach — selecting whichever LLM (DeepSeek or Claude Code) is most permissive per task — creating a race-to-the-bottom dynamic that no single AI company's safety measures can solve. The custom architecture (ARXON as an MCP server bridging LLM analysis with attack scripts, CHECKER2 as a Docker-based orchestrator) represents a pattern that <strong>will be commoditized and replicated</strong>.</p><h3>Patching No Longer Equals Protection</h3><p>The Ivanti EPMM zero-day exploitation is arguably the most strategically significant finding. Two critical vulnerabilities are being actively exploited to gain unauthenticated access to enterprise MDM servers — the systems that <strong>manage and control entire mobile device fleets</strong>. The critical detail: <strong>compromise persists even after patches are applied</strong>. Attackers deploy backdoors architecturally independent of the original vulnerability. Any organization that ran vulnerable Ivanti instances may be compromised even if patched.</p><h3>The Supply Chain Vector Is Evolving</h3><p>An npm supply chain attack silently installed the OpenClaw AI agent on <strong>4,000 developer machines</strong> via a compromised token. A separate 'Sandworm_Mode' attack carries naming conventions linked to Russia's GRU. Microsoft 365 MFA bypass campaigns trick employees into registering attacker-controlled devices, obtaining <strong>OAuth tokens that provide persistent access</strong> independent of the original phishing vector. The convergence of AI-powered offense, supply chain compromise, and identity-based attacks creates a threat environment where no single defensive layer is sufficient.</p><blockquote>The multi-billion-dollar endpoint protection market — built on detecting and blocking malicious software — is defending against a shrinking minority of actual attack techniques. The future of enterprise security is identity-centric.</blockquote><h3>The Organizational Gap</h3><p>Multiple sources converge on a structural recommendation: <strong>the CISO-reports-to-CIO model is broken</strong>. When AI adoption accelerates, the CIO's mandate expands into AI infrastructure and data pipelines — making the conflict with security sharper. Organizations that elevate the CISO to direct CEO/board reporting will have a governance advantage that compounds over years.</p>

   Action items

   • Direct your CISO to conduct an immediate forensic assessment of all Ivanti EPMM and Fortinet deployments — assume compromise regardless of patch status
   • Benchmark your mean-time-to-detect and mean-time-to-respond against the 29-minute breakout standard; if MTTR exceeds 15 minutes, initiate an automated detection/response investment by end of Q1
   • Rebalance security investment: shift 20-30% of endpoint security spend toward identity threat detection, cloud security posture management, and phishing-resistant authentication (FIDO2/passkeys) this quarter
   • Evaluate CISO reporting line restructuring to CEO or board-level committee at the next governance review

   Sources:The rise of the evasive adversary · It's time to rethink CISO reporting lines · Hacked? You've only got 30 minutes. · New 'Sandworm_Mode' Supply Chain Attack · LLM Powered FortiGate Attacks 🤖, Pulsar RAT in NPM PNGs 🖼️, Paypal SSN Leak 🔓

4. 04

   AI Compute Fragmentation: Meta's $100B AMD Bet, Taalas's Silicon Gambit, and the $96B Data Center Wall

   <p>The AI compute landscape is fragmenting across three dimensions simultaneously — supply chain structure, hardware architecture, and physical deployment — in ways that create both risk and opportunity for every organization making infrastructure commitments.</p><h3>Meta Reinvents the Hyperscaler-Chipmaker Relationship</h3><p>Meta's deal with AMD — <strong>$100B+ with performance-based equity warrants covering up to 10% of AMD's outstanding shares (160M shares)</strong> — is not procurement. It's quasi-vertical integration. The first gigawatt deployment on custom MI450 architecture begins in H2 2026. If this deal structure works, <strong>every hyperscaler will demand similar terms</strong>, Nvidia's pricing power erodes, and the GPU market shifts from seller-dominated to buyer-dominated within 2-3 years. Combined with OpenAI's $10B Cerebras deal for 750MW through 2028, the compute market is diversifying away from Nvidia faster than most infrastructure plans assume.</p><h3>Model-on-Silicon: The Radical Alternative</h3><p>Taalas's HC1 chip physically etches Llama 3.1 8B model weights into silicon transistors, achieving <strong>17,000 tokens per second per user</strong> — compared to Cerebras at 2,000 and Nvidia's B200 at 350-594. The tradeoffs are severe: you can never update the model, aggressive quantization causes quality degradation, and scaling to frontier models would require ~30 separate chip tape-outs. But the strategic signal isn't about Taalas specifically — it's that <strong>the inference bottleneck is data movement, not compute</strong>, and multiple startups are attacking this from fundamentally different architectural angles. If model improvement rates plateau, purpose-built silicon could deliver transformative cost advantages.</p><h3>The Physical-World Constraint</h3><p><strong>Twenty data center projects representing $96 billion were blocked or delayed in Q2 2025</strong>, while vacancy rates sit at 1%. Two hundred bills were introduced across US states, forty became law, and ten new moratorium proposals landed in the past month alone. This isn't NIMBY — it's being codified into law. Regulations pushing data centers to rural locations or requiring self-powered operations are creating a new infrastructure asset class at the <strong>energy-compute intersection</strong>. Scale Microgrids' acquisition of Reload and Forgent Power Solutions' IPO are early signals of capital flowing to this convergence.</p><blockquote>Your 2027 compute capacity assumptions may already be obsolete. The capital is abundant, but the permission to deploy it is not.</blockquote><h3>ASML's EUV Breakthrough</h3><p>ASML announced its EUV breakthrough could enable <strong>50% more semiconductor production by decade's end</strong>, easing supply constraints — but primarily benefiting companies that can afford to buy at scale. Together with the Meta-AMD deal and Cerebras IPO (potential April 2026), the picture is of an infrastructure layer consolidating rapidly where the capital requirements to compete are becoming prohibitive.</p>

   Action items

   • Audit your AI infrastructure dependencies and compute procurement strategy against jurisdictions facing data center moratorium proposals or restrictive legislation by end of Q2
   • Model inference cost scenarios at 10x and 20x reduction within 18 months and stress-test any business model dependent on current pricing
   • Evaluate whether your compute procurement strategy should adopt equity-linked deal structures similar to Meta-AMD for any commitments exceeding $50M
   • Monitor Cerebras IPO (potential April 2026) as a benchmark for AI chip market diversification and potential partnership opportunity

   Sources:Techpresso · Axios Pro Rata: AI speed bump · A Foundational Guide to Evaluation of LLM Apps · Gemini tops benchmarks, again · Benedict's Newsletter: No. 631 · Dealmaker: Why OpenAI, Anthropic Are Missing Their Own Margin Forecasts