The Board Room
Anthropic's Mythos became the first model to achieve full autonomous network takeover
OpenAI simultaneously launched Daybreak with eight major security vendors. Your defensive stack's implicit assumption — that attacking it costs more than it's worth — expired this week across three independent vectors at once.
Security Operating Model Collapses: Full Autonomous Takeover + EDR Transparency
Mythos cleared both UK AISI attack ranges (GPT-5.5 cleared one). AI reverses all 5 tested EDRs in days vs weeks. PraisonAI exploited within 4 hours of disclosure. NSA, not CISA, gets Mythos access — offense over defense. OpenAI's Daybreak with 8 vendors opens AI security platform war.
Agent Execution Layer War: SAP, ServiceNow, Apple, and Notion Race to Own the Surface
59% of all AI token volume is now agentic workloads. SAP bet €100M on Knowledge Graph vertical integration. ServiceNow adopted MCP for headless Action Fabric. Apple is gating agent distribution on 3B+ devices this summer. Notion launched a developer platform positioning as agent-hosting infrastructure. The layer agents route through becomes the next system of record.
Enterprise AI Governance Vacuum: Budgets Blown, Foundations Missing
ServiceNow blew its full-year Anthropic budget by May. Anthropic grew 80x against 10x planning — operating at ~12% of required capacity. 85% of organizations spending millions on agentic AI lack adequate data foundations. Every major AI vendor now converging on forward-deployed engineer model at $300-500K loaded cost each, making true AI deployment 3-5x model fees.
AI Liability Architecture Being Written — Courts Moving Faster Than Congress
a16z published a comprehensive lobbying blueprint advocating user-liability defaults and damages caps, spending $115.5M on 2026 midterms. Active litigation could impose penalties on developers for downstream misuse before any framework exists. ODNI and Commerce fighting over who evaluates models — intelligence community wants pre-release gating. Developer-liability regimes threaten open-source model availability.
Workforce Compression Wave Hits Infrastructure Companies
103K tech layoffs by mid-May approaching 2025's full-year 124K. Cloudflare cut 20% citing 'agentic AI era.' LinkedIn cut 5% explicitly for AI reshaping. Lovable dissolved growth management, replaced with autonomous HI-C operators — attracting VP-level talent who prefer craft over coordination. Cisco stock up 15% on same day as 4,000 cuts.
Your Security Stack Just Became Transparent — Three Vectors, One Quarter to Respond
The Capability Discontinuity
The honest read on this week's results is that the curve broke upward, not that it continued. Anthropic's Mythos became the first model to clear both of the UK AI Security Institute's simulated attack ranges — full autonomous network takeover, not persistence. OpenAI's GPT-5.5 cleared one. Both are outperforming a curve that already doubled AI cyber task completion every few months. The researcher consensus, confirmed across multiple intelligence sources, is that models now find and chain exploits in something close to real time.
The security posture assumptions written into the last board pack were drafted against a threat model that no longer describes the ground. Rewriting them now is cheaper than defending them later.
Three Independent Failures
Vector 1: EDR Architecture. TrustedSec ran LLMs against five commercial EDR products and found the same internals in all five — YARA-style rules, behavioral logic, allowlists, Lua scripted engines readable after a single decryption pass. Work that took a skilled reverser weeks now takes days. The category ran on security-through-obscurity. The obscurity left.
Vector 2: Exploit Velocity. PraisonAI was actively targeted within 4 hours of disclosure. Microsoft's MDASH found 16 exploitable flaws in a single Patch Tuesday using multi-model AI analysis. Patch SLAs written for 30-day windows are now being measured against 4-hour weaponization. A honeypot dressed as an AI stack was indexed by Shodan in 3 hours and absorbed 113,000+ attacks per month.
Vector 3: Platform Restructuring. OpenAI launched Daybreak with CrowdStrike, Palo Alto Networks, Cisco, Cloudflare, Oracle, Zscaler, Akamai, and Fortinet. The board-deck version is that this is a partnership. The complete version is that within 3-5 years, today's security vendors risk becoming feature providers on OpenAI's platform.
The Defender's Dilemma
The Foxconn breach, with 8TB exfiltrated from a single contract manufacturer holding Apple, Google, Intel, and Nvidia designs, settles the question of whether this is theoretical. The AI infrastructure layer — LiteLLM, Ollama, OpenClaw — already carries 5 KEV entries and was adopted faster than security review could keep pace. An 18-year-old RCE in NGINX's rewrite module confirms that foundational infrastructure auditing has systematic gaps.
Mozilla found 271 real bugs in Firefox using custom Claude harnesses. The same model scanning curl produced 1 low-severity CVE. The variable is the harness, not the model. Organizations building target-specific AI scanning infrastructure get real outcomes. Those buying generic AI scanning get slide decks.
The NSA Signal
Congress is holding closed-door Mythos demos, and access routes through NSA, not CISA. The government is prioritizing offensive and intelligence operations over civilian defense, which means the private sector is on its own for several years. The same hearings mark the leading edge of a multi-year federal buying cycle.
- Update: Anthropic ARR hit $30B (from $9B in ~4 months) while raising at $900B+ valuation — the displacement is accelerating, not stabilizing
- Update: xAI leased 45% of Colossus (220K GPUs) to Anthropic — compute financialization means the GPU lease market could meaningfully alter enterprise pricing within 12-18 months
- Fervo Energy IPO at $10B+ with 33% first-day pop — Google holds option for 3GW (60+ data centers) from single supplier, validating power as the binding AI infrastructure constraint
- a16z published comprehensive AI liability lobbying blueprint advocating user-liability defaults and damages caps — open-source model availability directly threatened by developer-liability regimes
- Duolingo CEO publicly admits blanket AI mandate failed — quantified at ~20% 'slop tax' on AI-generated content requiring human QC, validating performative adoption concerns
- Abridge raised at $5.3B valuation on 80-100M+ medical conversations — rebranded from 'ambient scribe' to 'clinical intelligence layer,' compressing prior auth from 45 days to minutes
- ODNI vs Commerce fight for AI model evaluation authority — intelligence community proposal would function as licensing regime for frontier AI, extending release timelines by months
- Amazon killed Rufus standalone to embed AI into Alexa shopping — 'Buy for Me' completes purchases on third-party sites from Amazon's surface, claiming the transaction layer of the open web
The security operating model, the enterprise software stack, and AI cost governance all broke this week from multiple directions simultaneously. Anthropic's Mythos achieved full autonomous network takeover while every tested commercial EDR became transparent to AI-assisted reverse engineering. Meanwhile, 59% of AI traffic is now agentic — and SAP, ServiceNow, Apple, and Google are all racing to own the execution layer your agents route through. ServiceNow blowing its full-year Anthropic budget by May while 85% of organizations lack data foundations for the agents they're deploying means the gap between AI ambition and AI governance is now a first-order financial risk. The decisions being made this quarter about where detection lives, which execution layer to commit to, and how to govern AI spend will define competitive position for the next two years.