Anthropic'sMythosCracksUKAISIRanges;EDRFallsNext

◆ DEEP DIVES

1. 01

   AI Cyber Offense Hit a Discontinuity — Your Security Architecture Just Became the Threat Model

   The Capability Step-Change

   The right way to read this week's results is not as another incremental gain in AI-assisted hacking. It is a category change. Anthropic's Mythos became the first AI model to clear both of the UK AI Security Institute's hardest simulated attack ranges, achieving full autonomous network takeover rather than persistence or lateral movement. OpenAI's GPT-5.5-cyber cleared one of the two. Both models are outperforming a trend line in which AI cyber task completion was already doubling every few months.

   The security posture calibrated to adversaries from twelve months ago is already wrong, and will be wrong again twelve months from now.

   Three Converging Attack Surfaces

   TrustedSec ran LLMs against five commercial EDR products and found all five share identical architectural patterns: YARA rules, behavioral logic, allowlists, Lua scripting engines readable after a single decryption pass. Work that took skilled reversers weeks now takes days. The endpoint detection category was running on obscurity, and AI made that obscurity transparent to an order of magnitude more attackers.

   The exploitation window has compressed to 4 hours. PraisonAI was weaponized the same day it was disclosed. Microsoft's MDASH system found 16 exploitable flaws in a single Patch Tuesday using multi-model analysis. Mozilla found 271 real bugs in Firefox using Anthropic models with custom harnesses. The defenders' patch cycle has not moved. The attackers' cycle just accelerated by 10x.

   The Government Signal

   Congress is holding closed-door demos of Mythos and routing access through NSA rather than CISA. That tells you which mission is being prioritized: offensive intelligence, not civilian defense. A reasonable skeptic would note that interagency turf has always looked like this. The reasonable skeptic is correct. What the skeptic does not explain is why the same hearings double as the leading edge of a multi-year federal buying cycle for AI cyber capability. The private sector is on its own for the next several years.

   AI Infrastructure Is Now an Active Target

   CISA added LiteLLM, Ollama, and OpenClaw to the Known Exploited Vulnerabilities catalog in the same window. A single honeypot disguised as an AI stack absorbed 113,000 attacks per month, with tooling that evolved mid-experiment to detect and evade the researchers. That is not opportunistic scanning. That is staffed operations targeting AI infrastructure specifically.

   ---

   What This Forces

   Security architecture built around quarterly patching, annual pen tests, and the assumption that weaponization was the slow step is architecture built on a false premise. The slow step is now your patch cycle, not the adversary's exploit development. Identity, network telemetry, and behavioral analytics above the endpoint are the compensating controls that matter over the next eighteen months. The board-deck version of this is that AI raised the cyber threat level. The complete version is that the patch cycle, not the exploit, is now the binding constraint.

   Action items

   • Commission a red-team exercise specifically targeting your EDR with AI-assisted reverse engineering by end of Q3
   • Rewrite patch SLAs: 72 hours max for critical internet-facing assets, 7 days for high-severity
   • Deploy AI-augmented vulnerability scanning against your own codebase using custom harnesses this quarter
   • Audit all AI infrastructure tooling (LiteLLM, Ollama, model registries) for security review status by end of month

   Sources:Clint Gibler · The Information AM · CyberScoop · AINews · The Hacker News · SANS AtRisk

2. 02

   xAI Capitulates, Anthropic Hits $30B ARR, ServiceNow Blows Its Budget — The AI Vendor Landscape Just Restructured

   The Numbers That Changed the Map

   Anthropic disclosed that it grew 80x against a planned 10x, which means it operated at roughly 12% of required capacity for extended stretches. ARR moved from $9B to over $30B in about four months. Total capital raised now stands at $75B, and the current round prices the company at $900B-$950B, above OpenAI's $854B mark in March. Enterprise software has not produced a curve like this before, and the financing market has stopped pretending it has a comparable.

   When Elon Musk, who publicly called Anthropic 'misanthropic and evil,' agrees to lease them 220,000 GPUs, the financial logic has overwhelmed the competitive logic.

   xAI's Concession Is the Bigger Signal

   A reasonable skeptic would call the xAI lease a routine capacity trade. It is not. Leasing 45% of Colossus 1 to a direct competitor is a statement that Grok has not found B2B or B2C traction, lags open-source models in developer surveys, and generates less revenue per GPU than the tenant does. The implication is that the population of viable frontier labs is contracting, and the surplus is moving onto a lease market that could reprice compute for everyone else over the next 12-18 months.

   The Enterprise Cost Governance Crisis

   ServiceNow blew its full-year Anthropic budget by May. The cause was not overspending. Anthropic ships no SLAs, no usage telemetry, and no enterprise-grade cost controls, so the CDIO built the workaround in-house, called it AI Control Tower, and is now selling it to other enterprises. That is the market routing around a vendor deficiency rather than waiting for the vendor to fix it.

   The pattern is consistent across vendors. Google, OpenAI, and Anthropic are all admitting they cannot deploy without expensive human services layers. Google is hiring hundreds of forward-deployed engineers. OpenAI bought a 150-person consulting firm. Once FDEs at $300-500K loaded cost are included, true program cost runs 3-5x the model fees, which is the number that should be in the board deck and rarely is.

   The Subsidy Window

   OpenAI answered Anthropic's pricing move with 2 months of free Codex for enterprise switchers within hours. Both vendors are running the standard platform-competition playbook, and the window in which both will pay customers to move is roughly 6 months. After that, lock-in calcifies. The engineering team that builds a thin abstraction layer now, takes subsidies from both sides, and defers the consolidation decision will hold leverage at the next renewal. The team that consolidates inside the subsidy window will have the least leverage at the moment it needs the most.

   Action items

   • Conduct immediate AI vendor concentration audit — map every production dependency and establish multi-model routing capability within 90 days
   • Negotiate aggressive terms with BOTH OpenAI and Anthropic this quarter while the subsidy window is open
   • Audit AI consumption spend vs. budget with per-team attribution and implement cost governance tooling before Q3 budgeting
   • Model true AI program cost at 3-5x model fees and present revised investment envelope to the board

   Sources:The Pragmatic Engineer · StrictlyVC · TLDR AI · Laura Bratton · Martin Peers · AINews

3. 03

   SAP vs ServiceNow vs Apple: The Agent Execution Layer Is Being Claimed This Quarter

   Why This Collision Is Different

   SAP and ServiceNow both used this week to claim the same job: the execution layer where AI agents touch systems of record and commit writes. This is not a marketing overlap. Agents acting across finance, HR, IT, and procurement need one authoritative place to reconcile state, because two authoritative places is zero authoritative places. The last decade of integration middleware exists precisely because nobody wanted to answer that question. Agents are forcing the answer this year.

   The architectural bets are incompatible by design. SAP is building a vertically integrated Knowledge Graph that makes its own agents contextually superior inside SAP's data universe. ServiceNow adopted MCP (Model Context Protocol) servers as the communication standard for its Action Fabric, a headless and open-interoperability approach. These are two competing theories of how the agent economy organizes itself.

   The Value Migration Evidence

   Vercel's production telemetry across 200K+ teams shows 59% of all AI token volume is now agentic workloads taking autonomous actions rather than humans conversing. a16z estimates $150B+ of GTM software value is migrating from CRM systems of record to the AI orchestration layer. The Lemkin data point makes it concrete: one customer is running 80% fewer human seats, 83% higher total spend, 20+ agents.

   The CRM stops being where the work happens and becomes where the work is recorded. That is a different claim with different consequences — the first implies a replacement cycle, the second implies a procurement problem.

   Apple's Gating Move

   A reasonable skeptic would say Apple's agent posture is just standard platform housekeeping. The skeptic is partly right. The less reasonable read is that the language about agents that "spin up smaller apps on the spot" is incidental. Apple sees agent sub-spawning as both a safety risk and a revenue leak, and is building governance that prevents agents from routing around the 30% tax. For any company whose AI roadmap includes consumer-facing agents on iOS, this is a new constraint layer that needs to be priced into product economics before WWDC makes it a fait accompli.

   The Pricing Model Shift

   SAP is not charging per-seat for autonomous finance agents. ServiceNow's headless architecture implies consumption-based pricing on agent API calls. The transition from seat-based to agent-based pricing is being framed right now, this quarter, and the companies that model per-action and per-outcome economics now will hold a structural advantage over those that discover seat cannibalization reactively next year.

   Action items

   • Conduct an 'agent readiness' audit: can third-party agents discover, invoke, and orchestrate your platform's workflows without a human UI?
   • Decide whether SAP or ServiceNow owns the execution layer for your processes that cannot stop — this quarter
   • Model per-action/per-outcome pricing scenarios against your current seat-based revenue and run pilot with 3-5 customers
   • Audit iOS agent roadmap for Apple distribution dependency and model fee/approval structure into unit economics before WWDC

   Sources:TLDR IT · TLDR · a16z · Simplifying AI · Techpresso · ben's bites