AICollapsestheEDRMoat:ThreeAssumptionsFailatOnce

◆ DEEP DIVES

1. 01

   Your EDR Is Now a Glass Box — The Defensive Stack's Core Assumptions Just Failed

   The Convergence No Single Newsletter Shows You

   Seven independent intelligence sources this week describe the same structural failure from different angles. TrustedSec ran LLMs against five commercial EDR products and reported them architecturally identical: YARA-style rules, behavioral logic, allowlists, Lua scripted engines readable after a single decryption pass. Work that used to take a skilled reverse engineer weeks now takes days. In the same window, Anthropic's Mythos became the first model to clear both UK AISI simulated attack ranges, and the bar cleared was not persistence. It was full network takeover. PraisonAI was weaponized within 4 hours of disclosure.

   The security model was built on the premise that understanding the agent cost more than bypassing it for most adversaries. That premise is no longer true for a growing share of the threat population.

   The Numbers That Matter

   Microsoft's MDASH system found 16 exploitable flaws in a single Patch Tuesday using multi-model AI analysis. CISA added 5 AI infrastructure tools (LiteLLM, Ollama, OpenClaw) to the Known Exploited Vulnerabilities catalog. These tools are already being exploited in production, not theoretically vulnerable. A honeypot dressed as an AI stack absorbed 113,000 attacks per month, with 23% targeting AI-specific endpoints. Mozilla found 271 real bugs in Firefox using custom AI harnesses, against curl's 1 CVE from generic scanning.

   Where Sources Disagree

   Sources diverge on timeline. A reasonable skeptic from any security vendor will argue EDR products will adapt, as they have adapted before. The reasonable skeptic is not wrong about the past. The TrustedSec data says the refresh cycle on bypass techniques is now days, not quarters. The architectural bet underneath the disagreement is whether detection logic belongs on the endpoint, where it is now transparent, or in identity, network telemetry, and behavioral analytics above the endpoint. The compensating controls above the endpoint are the ones that matter in the next 18 months.

   The AI Infrastructure Layer Is Unprotected

   SANS reports LiteLLM was added to CISA KEV on May 8th. Traefik carries a CVSS 10.0 authentication bypass. Argo CD enables plaintext Kubernetes secret extraction at CVSS 9.6. The adoption curve for AI infrastructure ran well ahead of the security review curve, and that gap is now being exploited in production. Most organizations brought these tools in without the controls they routinely apply to traditional enterprise software.

   ---

   The Foxconn Compound

   8 terabytes of IP from Apple, Google, Intel, and Nvidia left through a single contract manufacturer. The custody model, meaning what data the partner holds, for how long, and under whose keys, was designed for a supply chain. It was not designed for an intelligence target. AI hardware designs, accelerator specs, and cooling geometries are concentrated at a small number of assembly partners. Concentration of capacity is concentration of target value.

   Action items

   • Commission a red team exercise specifically targeting your EDR with AI-assisted reverse engineering within 30 days
   • Rewrite patch SLAs to 72 hours for critical internet-facing assets by end of quarter
   • Audit all AI infrastructure tooling (LiteLLM, Ollama, model registries) for production exposure within 2 weeks
   • Evaluate kernel-level isolation (Firecracker microVMs, gVisor) for CI/CD and multi-tenant workloads this quarter
   • Map supply chain IP custody — audit which contract manufacturers hold your crown-jewel designs and under what deletion guarantees

   Sources:Clint Gibler · The Information AM · CyberScoop · The Hacker News · SANS AtRisk · TLDR InfoSec

2. 02

   The Execution Layer War Has Started — SAP, ServiceNow, and the $150B Value Migration

   Two Incompatible Architectures, One Decision Window

   SAP and ServiceNow stopped talking past each other this week. Both are now explicitly pitching themselves as the execution layer where AI agents touch systems of record and actually do things. This is not marketing overlap. Agents that write across finance, HR, IT, and procurement need one authoritative place to reconcile state. Two authoritative places is zero authoritative places.

   Dimension	SAP	ServiceNow
   Architecture	Vertically integrated Knowledge Graph	Headless Action Fabric via MCP
   Agent model	Own agents contextually superior inside SAP's data	Any agent communicates via open protocol
   Investment	€100M fund	MCP server standard adoption
   Strongest claim	Where process IS the transaction (O2C, R2R)	Where process spans multiple systems

   Agents that commit writes cannot run on two authoritative state systems. The last decade of integration middleware exists precisely because nobody wanted to answer this question. The answer is now being forced.

   a16z Just Named the Prize: $150B+ in GTM Value Migrating

   a16z published its thesis that most of the next-decade enterprise value in GTM software accumulates in the AI orchestration layer, not in the CRM system of record, and staked capital behind it through Stitch. A reasonable skeptic would call this a fund talking its book. The reasonable skeptic would also have to explain the Lemkin data point: 80% fewer human seats, 83% higher total spend, 20+ agents running. That is consumption-based AI pricing being accretive against seat-based models inside the same account.

   The CRM does not die. It stops being where the work happens and becomes where the work is recorded. The intelligence layer is whoever owns the reasoning that synthesizes across CRM, email, calls, telemetry, and billing. That layer becomes the new system of record. Switching costs migrate from data lock-in to workflow/reasoning lock-in, which is arguably stickier.

   The MCP Standard Is Consolidating

   ServiceNow adopting MCP servers pulls the enterprise ecosystem toward that protocol. Notion launched a developer platform built for agents to sync data and trigger workflows via MCP. Vercel's production data shows 59% of token volume is now agentic. Whether orchestration matters is no longer the open question. The open question is who owns the surface agents pass through.

   The Pricing Model Breaks

   SAP is not charging per-seat for autonomous finance agents. ServiceNow's headless architecture implies consumption-based pricing on agent API calls. Any per-seat business whose customers run agents through workflows that previously required human users sees its TAM transform, not shrink, but only with a pricing model that captures agent-driven consumption.

   Action items

   • Conduct an agent-readiness audit: can third-party AI agents discover, invoke, and orchestrate your workflows without a human UI?
   • Decide this quarter which vendor owns the execution layer for processes that cannot stop — SAP for transactional, ServiceNow for cross-system workflow
   • Model consumption-based pricing scenarios and pilot with 3-5 customers if you sell software with seat-based pricing touching workflows
   • Stand up an AI governance function with authority over tool/vendor rationalization before Q3 budgeting

   Sources:TLDR IT · a16z · TLDR · ben's bites · Simplifying AI · Laura Bratton

3. 03

   Compute and Power Are Being Pre-Sold in Decade-Long Blocks — The Optionality Assumption Is Gone

   The Week Compute Became a Strategic Asset Class

   Cerebras debuted at $56B fully diluted, 16% above an already-elevated range, with a 70% first-day pop. The catalyst was a $20B procurement commitment from OpenAI in December 2025. One customer commitment converted a regulatory cautionary tale into the most successful tech IPO in five years. Tiger Global's entry at $89/share produced $311 on day one, a 249% return in 8 months.

   Fervo Energy IPO'd at $10B+, with shares jumping 33% above an already-raised price, driven explicitly by AI datacenter demand. Google holds an option on 3 gigawatts from Fervo against only 658 megawatts currently contracted. At roughly 50 MW per large data center, 3 GW is 60-plus facilities from a single supplier.

   The optionality most infrastructure plans were quietly relying on — that capacity would be available, somewhere, at some price, when the workload showed up — is the line item being deleted.

   The Demand-Supply Imbalance Is Structural

   Nebius reports 4+ customers competing for every GPU it brings online, while growing revenue 684% year-over-year toward $3-3.4B projected. A reasonable skeptic would point out that GPU shortages have been called structural before and resolved within a year. The skeptic is usually right. The skeptic is not right this time, because demand is expanding faster than fabrication, construction, and power delivery can answer, and those are multi-year cycles. The firms shipping AI product on schedule today are the ones that locked capacity 12 to 18 months ago.

   The IPO Window Changes M&A Math

   The window reopened after roughly five years, and Cerebras proves it works for AI infrastructure names. Eclipse Capital turned $146.5M into $2.5B over a decade, a 17x return. The board-deck version of the consequence is that acquisition targets now have leverage. The complete version is more useful: a credible alternative reprices every negotiation, including ones already in motion. Acquirers who were planning to be patient this year will discover that patience is more expensive than it was last year.

   Grassroots Opposition Compounds the Constraint

   A 40,000-acre, 9GW facility faced community revolt and a referendum. States are entertaining outright data center bans. One proposed project drew 4,000 complaints. The scarcity premium on permitted, connected, powered compute is no longer a rounding error in the model. It is the model. The companies that secured sites early did not have foresight about politics. They had foresight about timelines, which turned out to be the same thing.

   Action items

   • Audit compute contracts and model cost of 12-18 month capacity lock-in versus spot exposure within 30 days
   • Secure long-term power supply agreements or partnerships for any planned compute expansion this quarter
   • Accelerate any in-progress M&A conversations with AI infrastructure targets before IPO window fully reprices expectations
   • Evaluate becoming a 'transformational customer' for an emerging compute or energy company to secure allocation advantage

   Sources:The Information AM · Martin Peers · StrictlyVC · Katie Roof · Bloomberg Technology · Morning Brew

4. 04

   The Economic Case for Middle Management Is Collapsing — The HI-C Model Arrives

   What Lovable Proved in Five Months

   In December 2025, the AI-native startup Lovable dissolved its growth management layer and replaced it with autonomous High-Impact Individual Contributors, or HI-Cs. Former VPs now work alone, shipping enterprise features in hours that used to require cross-functional squads and weeks. Five months in, the model is expanding rather than retreating. Elena Verna reports 90% of her time on high-value building rather than coordination tax.

   If one person with the right tools replaces the squad, the squad was partly a tooling workaround. The interesting number is not the speed. It is the headcount that used to sit between the VP and the output.

   The Signal Is Not One Company

   The same pattern surfaces across multiple AI-native firms, and the traditional side of the industry is not quiet either. 103,000 layoffs by mid-May have already brought the running total close to 2025's full-year mark of 124,000. Cloudflare cut 20% and GitLab restructured, both citing the "agentic AI era" by name. LinkedIn's cuts are "tied to reshaping operations around AI." Cisco's stock moved up 15% on AI orders the same day it announced 4,000 job cuts. The market is pricing the substitution narrative explicitly.

   Why This Time Is Different

   Every previous management-compression thesis failed because coordination remained expensive. AI collapses that cost. A single agent synthesizes across ten systems at once, and the layers of management that existed to move information between humans become friction when the headcount is smaller and leverage comes from the model rather than the team. A VP who ran 40 people to produce one unit of output now watches a peer at a 50-person company produce three units with six engineers and a pager.

   The Talent Drain Mechanism

   VPs are voluntarily taking IC roles at smaller companies. Recruiter calls are getting answered, and the reason is not compensation. The ratio of building to meetings has inverted. An organization whose top senior leaders are one compelling HI-C offer away from leaving has a design problem, not a retention problem. Title inflation will not hold them.

   The Duolingo Counter-Signal

   A reasonable skeptic would point to Duolingo, which walked back its blanket AI mandate after discovering a ~20% "slop tax" on AI-generated output. The skeptic is correct that forced adoption produced performative compliance rather than productivity. The lesson is not that AI fails. The lesson is that mandates without review architecture fail. The useful question for the org model is not whether to use AI. The useful question is which layers existed because tools required them and which exist because the work requires them. The two answers do not produce the same headcount.

   Action items

   • Audit your org for coordination-only management layers — identify every role whose primary value is alignment rather than output
   • Pilot a HI-C track for your top 5% of senior ICs and managers who've expressed interest in returning to craft
   • Replace blanket AI mandates with role-specific augmentation playbooks including quality metrics and review architecture
   • Model your FY27 engineering capacity plan assuming 2-3x individual productivity for well-scoped tasks and determine implications for team size

   Sources:Lenny's Newsletter · TLDR Marketing · Techpresso · Clint Gibler · TLDR Dev