The week the moats moved: distribution, trust, and physical ground

Four things happened this week that don't belong in the same paragraph, and that's exactly why they belong in the same paragraph.

Iran's IRGC physically struck AWS me-south-1 in Bahrain after designating eighteen US tech companies as military targets. Apple removed a vibe-coding app called Anything under Guideline 2.5.2, the same week App Store submissions hit 235,800 in Q1 — up 84% YoY against an eight-year decline. H Company's Holo3, Apache 2.0 and downloadable today, scored 78.85% on OSWorld-Verified, beating GPT-5.4 and Opus 4.6 at roughly a tenth the inference cost. And Adversa AI's red team found that Claude Code's permission deny rules silently stop enforcing after 50 subcommands — a deliberate token-economy decision, discovered because Anthropic shipped 512K lines of source to npm via misconfigured source maps.

Four different stories. One conclusion: every assumption about where defensibility lives in a software business just got re-tested simultaneously, and most of them failed.

The model layer is not the moat anymore

Holo3 is the cleanest signal of the week. An open-weight MoE that activates 10B of 122B parameters, beating frontier closed models on autonomous computer use, free to download. Google's TurboQuant cuts KV cache to 3 bits and accelerates attention 8x on H100s with zero retraining. Alibaba's Qwen-3.6-Plus ships drop-in OpenAI/Anthropic API compatibility — a one-line config change reroutes your data to Chinese infrastructure, and your API gateway inspects format, not destination.

The paradox is that capital is flooding the opposite direction. Over $2B deployed across AI infrastructure in a single week — Mistral's $830M debt round, Rebellions at $2.34B, ScaleOps at >$800M, Starcloud at $1.1B Series A. OpenAI killed Sora to free GPU for Codex, which went 100K to 2M developers in three months. Anthropic is throttling 7% of users. H100 rentals at 18-month highs.

Both things are true and they resolve in one direction. Raw compute is getting commoditized faster than it's being built. The capital that wins is the orchestration, governance, and reliability layer between hardware and production workloads — Qodo for AI code governance, ScaleOps for Kubernetes resource management, the Model Council pattern Perplexity is monetizing as a Max-tier feature. The picks-and-shovels thesis is right; the picks aren't GPUs anymore.

Distribution is the new moat, and the platform owners noticed

235,800 new App Store apps in one quarter is not a marketing data point. It's the sound of the engineer-hours barrier — the implicit moat under most consumer software for fifteen years — evaporating. If your product can be rebuilt by a solo founder with Claude Code in a weekend, your moat was never the code.

Apple's response to this is Guideline 2.5.2 enforcement, escalated from update blocks to full removal in a single week. There is no technical workaround. Vibe coding generates code dynamically; App Review is static. Apple is defending the developer fee and 30% revenue share against tools that let anyone build apps without entering Apple's ecosystem at all. This is durable. Don't bet your iOS roadmap on it reversing.

Meanwhile Salesforce, ServiceNow, and Snowflake each lost ~30% in Q1 — the market pricing in agent substitution of the workflows those platforms own. Microsoft hit its internal Copilot sales target and lost 23% YTD anyway. The message from public markets is unambiguous: capability execution doesn't clear the bar. ROI does.

The trust layer is where the next product category lives

Anthropic surveyed 81,000 people via an AI interviewer. The top desire from AI is professional excellence — 19%, ranked first. Time savings ranked fourth. The top fear is hallucinations and unreliability — directly blocking the top desire.

That gap is a product category. The winning frame isn't "finish your report faster." It's "produce a report your VP couldn't write without AI." Confidence scores, source citations, explicit uncertainty, multi-model consensus where it matters, human-in-loop escalation where it doesn't. Perplexity is already charging for this. The cost of running three models in parallel today is less than running one was in Q3 2025.

The darker version of the trust gap is operational. A team built a 29,000-line agent with Codex in four days. The next few weeks delivered credential leaks, silent event-loop deaths, and cascading failures. ServiceNow and Mila published research the same week showing terminal-only agents match complex tool-augmented agents at lower cost and higher resilience. Both findings point the same direction: stop overbuilding and start instrumenting.

What to do this week

Pick one workload running in AWS me-south-1, Azure UAE North, or GCP me-central1, and execute a cross-region failover today. Not a tabletop. The actual cutover. Document what breaks. Your DR was designed for AZ failures and you just learned the threat model includes missiles.

While that's running, instrument session-length monitoring on every Claude Code seat in your org and segment any session touching production at fewer than 50 subcommands. Run npm audit against Axios across every Node service. Add destination-provider validation at your API gateway — not request format, the actual upstream URL — and alert on Alibaba Model Studio endpoints.

Then look at your roadmap and tag every item defensible or replicable. If more than 40% is replicable by a solo founder with Claude Code in a weekend, the conversation with your CEO this Friday isn't about prioritization. It's about what business you're actually in.