The week the AI moats cracked, and nobody adjusted the dashboards

The Artificial Analysis Intelligence Index now puts Opus 4.7 at 57.3, Gemini 3.1 Pro at 57.2, and GPT-5.4 at 56.8. That's a 0.9-point spread with no confidence interval worth mentioning — three frontier labs separated by measurement noise. On the same day, DeepSeek confirmed it's rewriting its core stack from CUDA to Huawei's CANN framework, with V4 targeting the Ascend 950PR. Jensen Huang called it "a horrible outcome" on Dwarkesh's podcast. He's not posturing — he's watching his most durable competitive advantage face its first credible exit.

If you read only one signal this week, read those two together. Model capability has converged. Hardware lock-in is becoming optional. Both pillars of the AI investment thesis — "the frontier model is the moat" and "CUDA is the moat" — moved from defensible to debatable inside a single week.

And then the productivity numbers showed up.

The 3-8x gap underneath every AI coding deck

Waydev disclosed data from 50 enterprise customers and 10,000+ engineers using Cursor, Claude Code, and Codex. Initial AI code acceptance: 80-90%. Code that survives revision churn — review feedback, test failures, the second commit 48 hours later that quietly rewrites the first one — 10-30%. That's a 3-8x gap between the metric on the slide and the code that actually shipped.

This lands the same week Cursor is closing $2B+ at a $50B valuation, with Nvidia in the round. Either Thrive and a16z see a quality curve the Waydev cohort doesn't, or capital is being priced against a number that doesn't exist yet. The cultural tell is "tokenmaxxing" — engineers treating token consumption as a productivity badge. We discredited lines-of-code as a metric a decade ago. We've reinvented it with a wrapper.

The boardroom version of this problem is worse, because nobody has instrumented the gap. Every roadmap built on a "2-3x velocity from AI assist" assumption is, statistically, a commitment your team can't make. You won't find out in the OKR review. You'll find out in the postmortem.

The harness, not the model, is the lever

Three independent data points landed this week saying the same thing: scaffolding moves the needle further than model swaps.

On LongCoT-Mini, Qwen3-8B scored 0/507 vanilla. With dspy.RLM scaffolding — same model, no fine-tune — it scored 33/507. One hundred percent of the lift came from the harness. Anthropic's leaked Claude Code architecture is a thin loop wrapped in thick scaffolding: simple planning constraints, careful context management, explicit permission models. They explicitly chose this over "fancy AI scaffolds." And a financial-analyst pipeline study found that most reported "model bugs" were actually instruction and interface bugs — fix the harness, the model works.

When the top three frontier models are within a percentage point of each other, the model isn't where you compete. The orchestration is. If your team is debating whether to upgrade to the next API tier this quarter, that's the wrong meeting. The right meeting is the one where you instrument your agent pipeline to distinguish harness failures from model failures, and stop paying to upgrade something that isn't the bottleneck.

The risk side has already repriced

While product teams chase velocity, three structural risks are repricing the cost of running AI in production — and most balance sheets haven't caught up.

Insurance carriers are quietly excluding AI workloads from cyber and E&O policies. The actuarial models can't price unpredictable outputs, so they're not pricing them at all. If your SOC 2 reps or vendor questionnaires claim adequate cyber coverage, and your renewal silently dropped AI exclusions in, that's a disclosure problem that surfaces in litigation, not audits. Pull the policy this week.

The supply chain underneath agent tooling is poisoned at scale. OpenClaw — described as the fastest-growing open source project in history — has 60x curl's security incident rate and 20%+ confirmed malicious contributions. Community review doesn't scale against organized adversaries when growth outpaces maintainer capacity by an order of magnitude. Blocklisting is insufficient at a 1-in-5 poison rate; you need explicit allowlisting with cryptographic verification.

And the agents themselves are now economic actors. Non-human identities outnumber humans 100:1 in financial services. x402 is moving real (post-wash-trading) volume of $1.6M/month — Bloomberg's $24M figure was 93% inorganic, and the correction came from a16z, not Bloomberg. Stripe and Tempo's MPP processed 34,000 transactions in week one. Codex Computer Use can drive Slack, browsers, and arbitrary desktop apps under legitimate user sessions. A compromised computer-use agent is functionally indistinguishable from an insider threat — except it operates at machine speed, doesn't sleep, and your DLP rules don't fire on UI-level data movement.

There is no production KYA standard. The proposal exists. The implementation does not.

What to do this week

Pick one number on your dashboard that everyone treats as ground truth — AI coding velocity, agent transaction volume, model upgrade ROI, AI insurance coverage — and instrument the gap between the reported number and the survival number. For code: 7-day and 30-day revision-and-revert rates on AI-touched PRs. For agent volume: adversarial deduplication before the dashboard, not after. For insurance: a written answer from your broker on AI exclusions, by Friday. For model upgrades: a log line on every agent failure tagging whether prompt/context fixed it or model swap fixed it.

You don't need a strategy offsite. You need one honest measurement. Every assumption your AI roadmap is resting on was built when the moats looked permanent. They don't anymore.