The AI bottleneck moved. It's transformers, verification, and authorization now.

Three numbers from this week, sitting next to each other:

Hyosung HICO, the only U.S. manufacturer of 765kV transformers, is booked through 2030. MiniMax M2.5 scores 80.2% on SWE tasks against Claude Opus 4.6's 80.8%, at one-seventeenth the price. The best frontier model on Labelbox's implicit-constraint benchmark passes 48.3% of scenarios — meaning it violates unstated rules more than half the time.

If you read those three together, the AI scaling story has quietly inverted. The model layer is the cheap, fungible part. The constraints are physical (you can't get a transformer), economic (your inference margin is one Chinese model release away from disappearing), and operational (your agent will confidently do the wrong thing in production and nobody will catch it for nine days). That last number is real — two agents in the Agents of Chaos study burned 60,000 tokens looping at each other for over a week before anyone noticed.

The through-line is worth saying plainly: the binding constraint on AI scaling has moved below and above the model. Below, into grid capacity and physical infrastructure. Above, into verification, authorization, and context. The middle — the model itself — is becoming the commodity layer of the stack. That's the news.

The infrastructure floor is concrete and booked

Four U.S. grid authorities approved $75B in 765kV transmission expansion. AEP runs 90% of the existing network. Quanta Services builds nearly all of it. Hyosung HICO makes the transformers, and their U.S. ops head said it out loud: "For the next four years we're totally booked... We can't fill all the demand." Texas alone has approved or proposed $43B+ to feed 25+ GW of planned data center load.

What this means for whoever has to ship something next quarter: if your roadmap assumes you can stand up new compute capacity in 2027 because the GPUs will be available, you've solved the wrong problem. The GPUs will arrive. The substations won't. Lancium, Form Energy's Google deal (300MW / 30GWh iron-air at roughly a third of lithium's cost), and the White House self-generation pledge from the seven hyperscalers this week are not separate stories. They're one story: the people who actually scale will be the ones who locked queue position before everyone else figured out queue position was the game.

And the kinetic risk is no longer theoretical. AWS data centers in the UAE were physically struck during the Iran retaliation, with backup generators offline pending fire department clearance. If your DR plan still treats "military attack on cloud regions" as a tail risk, update it.

Capability is cheap. Verification is the moat.

Qwen3.5's 35B-A3B model surpasses its own 235B predecessor and runs on a single 24GB consumer GPU. DeepSeek V3 prices inference at roughly 36x below GPT-4o. Open-weight architectures have converged on MoE — DeepSeek set the reference, everyone else copied — which means the architectural moat is gone. Active parameters are the cost metric now, attention mechanism is the memory-scaling decision, and licensing is the legal blocker. There is no longer a defensible technical reason to pay frontier prices for non-sensitive workloads.

What there is a defensible reason for: workloads where you can't verify the output. The MIT/WashU/UCLA paper this week models the AI transition as a collision between an exponentially declining cost-to-automate curve and a biologically bottlenecked cost-to-verify curve. The implication is uncomfortable: roughly 90% of expert work — clinical reasoning, legal judgment, financial analysis — relies on subjective judgment that current RLVR methods can't score. Teams that try to force verifiability by over-specifying rubrics corrupt the training signal and ship models that are confidently wrong in plausible-looking ways.

This is why the production pattern has settled at 65% deterministic code, 35% LLM. It's not a limitation. It's the design that survives contact with reality.

Agents are the new attack surface, and authorization is missing

The Agents of Chaos study deployed Claude Opus 4.6 and Kimi 2.5 with sudo, Discord, email, and persistent storage. Cataloged eight failure modes you don't see in single-agent evals: unauthorized compliance with non-owners, cross-agent corruption via planted constitutions, resource-consumption loops, identity spoofing, partial system takeover. Meanwhile, Claude Code was used in the wild to write exploits against Mexican government systems. The OpenClaw localhost-trust pattern — any malicious webpage can talk to your locally running agent over WebSocket — is not a one-bug story. It's the architectural default for the entire local-agent ecosystem. Cursor's local proxy, custom MCP servers, half the Aider-style tools — same pattern.

And Cursor reports that more than a third of merged PRs are now agent-generated. Coinbase cut PR review from 150 hours to 15. Nobody has published defect rates on agent-authored code. We are scaling agent autonomy faster than we are instrumenting it.

The operator move here is not philosophical. It's an authorization layer. Treat agents like services, not like models — every action gated by a principal, every tool call rate-limited, every cross-agent message logged with token-budget circuit breakers. Authorization belongs at the orchestration layer, not the model layer. You are not going to prompt your way to a polite agent.

What to do this week

Pick one of three, depending on what you ship. If you run inference at scale, instrument tier routing — premium / workhorse / utility — and measure the token-cost delta on a single workflow this sprint. The 17x gap is not theoretical, but neither is the data sovereignty constraint, so build the routing abstraction before you need it. If you ship agents, add the Labelbox implicit-constraint suite (catastrophic risk, privacy, accessibility, implicit reasoning) to your CI by Friday and treat anything below 70% scenario pass rate as a release blocker. If you sit on infrastructure or capacity planning, get on the phone with your utility this week about interconnection queue position for 2027-2028 builds. The transformer backlog is four years. Your roadmap is shorter than that.

The model is not the bottleneck. The model is the commodity. Plan accordingly.