AnthropicMythosClearsUKAISIAttackRanges,ResetsBar

◆ DEEP DIVES

1. 01

   Your Security Architecture Was Built for Last Year's Adversary — The Adversary Just Got Replaced

   The Discontinuity

   The temptation with this week's results is to file them under incremental capability and move on. That is the wrong file. Anthropic's Mythos became the first model to clear both UK AISI simulated attack ranges, and the qualifying task was full network takeover, not persistence. OpenAI's GPT-5.5-cyber completed one of the two. Independent assessors agree that frontier models can now find and chain exploits in something close to real time. The UK AISI reports AI cyber task completion is doubling every few months, and the latest numbers broke above the trend line.

   The vulnerability disclosure and patch cycle the industry runs on is measured in days to weeks. The adversary's capability cycle is now measured in hours.

   EDR Is Now a Glass Box

   TrustedSec ran LLMs against five commercial EDR products and found the same architecture in every one: YARA-style rules, behavioral logic, allowlists, prefilters, Lua scripting engines readable after a single decryption pass, and local ML classifiers. The reverse engineering that used to take a skilled human weeks now takes days with AI assistance. The endpoint detection category was running on security-through-obscurity. The obscurity is gone.

   A reasonable skeptic would point out that EDR was never the only control, and that is correct. The controls that matter over the next eighteen months are identity, network telemetry, and behavioral analytics above the endpoint. Teams that keep treating the agent on the box as the load-bearing control will learn what load-bearing means when the adversary can read the agent.

   ---

   The Exploit Window Collapsed

   PraisonAI went from disclosure to active exploitation in 4 hours. Microsoft's MDASH system found 16 exploitable flaws in a single Patch Tuesday using multi-model AI analysis. Mozilla's custom harness found 271 real bugs in Firefox, including sandbox escapes, against curl's single low-severity CVE under generic scanning. The variable is not the model. The variable is the harness.

   Patch SLAs written for a thirty-day window were calibrated for a world where weaponization was the slow step. Weaponization is no longer the slow step. Procurement is.

   Supply Chain Under Active Exploitation

   Foxconn lost 8TB of confidential designs belonging to Apple, Intel, Google, and Nvidia to Nitrogen ransomware. CISA added 5 AI infrastructure tools to the Known Exploited Vulnerabilities catalog, with LiteLLM, Ollama, and OpenClaw among them. The AI tooling adopted last year for speed is now being targeted in production before most organizations have finished inventorying what they deployed.

   Attack Surface	Old Assumption	Current Reality
   EDR bypass	Weeks of expert work	Days with AI
   Exploit development	Days to weeks	4 hours
   Vuln discovery	Expensive human research	271 bugs/model cycle
   AI infra security	Experimental layer	5 KEV entries, actively exploited

   Action items

   • Commission red team exercise targeting your EDR with AI-assisted reverse engineering to quantify actual detection gap
   • Rewrite patch SLAs to 72 hours for critical internet-facing assets and establish automated containment for the gap
   • Inventory all AI infrastructure tooling (LiteLLM, Ollama, model registries) adopted without security review in the past 12 months
   • Evaluate building custom AI vulnerability scanning harnesses for your 3 most critical codebases this quarter

   Sources:Clint Gibler · The Information AM · CyberScoop · The Hacker News · SANS AtRisk · TLDR InfoSec

2. 02

   The Agent Execution Layer Is Being Claimed — Your Platform Is Either the Surface or the Plumbing

   The 59% Number Deserves a Second Look

   Vercel's AI Gateway production index is the closest thing this market has to ground truth, and it now reports that 59% of all AI token volume is agentic workloads. A reasonable skeptic would point out that one vendor's gateway is not the whole market. The reasonable skeptic is correct. The reasonable skeptic also has to explain why every other production telemetry source we looked at this year tells the same story. A roadmap built around adding a chatbot is now optimizing for the minority case.

   The question is no longer which model is best. It is which layer coordinates the models, tools, memory, and handoffs, and who owns that layer.

   SAP and ServiceNow Picked Different Architectures

   Both companies told the market in the same quarter that the UI-centric era is ending. They disagree on what replaces it.

   • ServiceNow adopted MCP servers as the communication standard for its Action Fabric. The message to the ecosystem is that agents talk to ServiceNow through an open protocol.
   • SAP is building a vertically integrated €100M Knowledge Graph so its own agents are contextually superior inside SAP's data universe. The message is the inverse.

   These are two competing theories of how the agent economy organizes: open interoperability against data-moat integration. Both can win in different segments at the same time. The enterprise running both vendors has to decide which one owns the execution layer for processes that cannot stop, and that decision is harder than either slide deck makes it look.

   Orchestration Is Where Lock-In Actually Lives

   Notion launched a developer platform built for agents to sync data and trigger workflows. Intercom rebranded the entire company to Fin, where the agent is the product. Amazon killed Rufus and embedded the capability into Alexa's shopping flow. Three different companies, one shared conclusion: the platform that hosts where agents live captures the distribution and switching cost that model vendors are quietly giving up.

   Vercel's data shows Anthropic captures 61% of spend on the expensive reasoning side, while Google captures 38% of volume on cheap throughput. Model selection has stopped being a strategic decision and started being a routing problem. The strategic decision is whether a company owns the orchestration surface or becomes the commodity infrastructure underneath someone else's agent.

   The Pricing Signal

   The Lemkin number is the one worth keeping on a sticky note: 80% fewer human seats, 83% higher total spend, 20+ agents running. Consumption pricing is accretive against seat pricing in a way the seat-pricing incumbents have not absorbed yet. SAP is not charging per-seat for autonomous finance agents. ServiceNow's headless posture implies consumption pricing on agent API calls. The per-seat era is ending in production contracts being signed this quarter, which is a more useful place to watch than the analyst-day deck.

   Action items

   • Conduct agent-readiness audit of your platform — determine if third-party AI agents can discover, invoke, and orchestrate your workflows without a human UI
   • Decide whether your product is the orchestration surface or the infrastructure underneath it, and allocate engineering accordingly
   • Model consumption-based pricing scenarios and pilot with 3-5 customers if you currently charge per-seat for workflows agents will consume
   • Stand up AI governance function with authority over tool/vendor rationalization before Q3 budgeting

   Sources:TLDR IT · a16z · TLDR · ben's bites · Simplifying AI · Lenny's Newsletter

3. 03

   Both Frontier Vendors Are Paying You to Switch — The 6-Month Window to Lock Optionality

   The Subsidy Phase Has a Clock

   Anthropic and OpenAI are running the full platform competition playbook at the same time, which means customers are being paid to move. Anthropic concedes it grew 80x against a planned 10x, which left it at roughly 12% of required capacity for extended periods. OpenAI answered Anthropic's June 15 pricing change with two months free Codex for enterprise switchers inside the same news cycle. ServiceNow's CDIO says they blew their full-year Anthropic budget by May, against a vendor that offers no SLAs, no usage telemetry, and no enterprise-grade cost governance.

   The window where both vendors are paying customers to move is roughly six months. After that, the lock-in calcifies, and the sticker price is the price.

   What June 15 Actually Changes

   Anthropic's programmatic metering separates first-party usage from third-party usage, which is the part of the announcement worth reading twice. Third-party tools that were enjoying 70-90% effective discounts get capped credits, then API rates. This is an IPO-driven margin play. Anthropic has hired a CFO and is likely targeting an October listing, and the 50% rate limit increase for two months is sugar on a structural price increase.

   A reasonable skeptic would point out that taking incentives from both vendors is not a strategy. The reasonable skeptic is half right. The other half is the arbitrage opportunity sitting in plain view: build a thin abstraction over both, accept the engineering tax, and use the next eighteen months to keep two vendors honest.

   The Capacity Fragility Problem

   A provider that planned for 10x and got 80x was operating at roughly 12% of required capacity for extended stretches. Developers on the platform were getting degraded service, and probably lower-quality model responses, without disclosure. xAI leasing 45% of its compute (220,000 GPUs) to Anthropic, after Musk publicly called them 'misanthropic and evil,' tells you that financial logic has overwhelmed competitive logic. The inference market is financializing.

   The Enterprise Cost Governance Gap

   ServiceNow is already building the workarounds, calling it the 'AI Control Tower,' and selling it to other enterprises. That is not partnership. That is the market routing around a vendor deficiency, and every major AI player now concedes it cannot deploy without an expensive human services layer. If forward-deployed engineers cost $300-500K loaded each and a meaningful deployment needs five to ten of them, the true cost of the program is 3-5x the model fees. The board-deck version of the AI budget is the model fees. The complete version is the services layer underneath, and it is where next year's overrun lives.

   Decision	Cost Now	Cost in 18 Months
   Single vendor, no abstraction	Lowest	No negotiating leverage at renewal
   Thin abstraction, dual vendor	10-15% engineering tax	Full pricing leverage, swap in weekend
   Defer decision	Zero	Lock-in from vendor you didn't choose

   Action items

   • Negotiate aggressive terms with both OpenAI and Anthropic before June 15 — use each vendor's switching offers as leverage against the other
   • Build or validate a model abstraction layer that enables provider swap within 48 hours for production workloads
   • Audit all AI model consumption spend with per-team and per-use-case attribution — determine your actual total cost including services layers
   • Evaluate building internal 'AI Control Tower' capability for cost governance, or acquire emerging observability tooling

   Sources:TLDR AI · Laura Bratton · The Pragmatic Engineer · AINews · StrictlyVC · Techpresso