The Board Room
Your security stack's three core assumptions failed simultaneously this week
The patch cycle, the EDR moat, and the assumption that exploit development is expensive — all three are now wrong at the same time. The architectural bet you make this quarter about where detection lives determines whether the next disclosure is an incident or a Tuesday.
Security Architecture Fails From Three Directions at Once
AI collapsed EDR reverse-engineering from weeks to days across all 5 tested vendors. Mythos cleared both AISI attack ranges (full network takeover). PraisonAI exploited in 4 hours. Microsoft MDASH found 16 exploitable flaws in one Patch Tuesday. Defenders' patch windows are calibrated to adversaries that no longer exist.
The Execution Layer War: SAP, ServiceNow, and the $150B GTM Migration
SAP launched a €100M fund plus Knowledge Graph to own vertical agent intelligence. ServiceNow adopted MCP servers as its headless Action Fabric standard. a16z staked a public position that $150B+ of GTM value is migrating from CRM to the AI orchestration layer. The question of which system becomes the single authoritative state for AI agents is being decided now.
Compute Gets Locked Up: Cerebras IPO + Power Infrastructure Repricing
Cerebras debuted at $56B (70% first-day pop) backed by OpenAI's $20B commitment. Fervo Energy IPO'd at $10B+ (33% pop) on AI datacenter demand. Nebius reports 4:1 demand-to-supply ratio at 684% revenue growth. The marginal gigawatt and the marginal GPU are both being pre-sold in blocks only 3-4 players can afford.
The Management Layer Dissolves: HI-C Roles Replace Coordination Tax
Lovable dissolved its growth management layer in Dec 2025, replacing it with autonomous High-Impact IC contributors — VPs who ship enterprise features solo in hours. Five months in, the model is expanding. Cloudflare cut 20%, GitLab restructured, 103K tech layoffs by mid-May. The economic case for middle management is collapsing as AI compresses coordination costs.
AI Liability Regime Writing Has Started — Three Jurisdictions, One Window
a16z published the industry's lobbying blueprint for AI liability (user-liability defaults, damages caps). Active court cases are deciding precedent before any legislation lands. The ODNI vs Commerce fight inside the White House determines whether frontier models face pre-release evaluation. Open-source AI strategies carry unpriced liability exposure. The window to influence is 12-18 months.
Your EDR Is Now a Glass Box — The Defensive Stack's Core Assumptions Just Failed
The Convergence No Single Newsletter Shows You
Seven independent intelligence sources this week describe the same structural failure from different angles. TrustedSec ran LLMs against five commercial EDR products and reported them architecturally identical: YARA-style rules, behavioral logic, allowlists, Lua scripted engines readable after a single decryption pass. Work that used to take a skilled reverse engineer weeks now takes days. In the same window, Anthropic's Mythos became the first model to clear both UK AISI simulated attack ranges, and the bar cleared was not persistence. It was full network takeover. PraisonAI was weaponized within 4 hours of disclosure.
The security model was built on the premise that understanding the agent cost more than bypassing it for most adversaries. That premise is no longer true for a growing share of the threat population.
The Numbers That Matter
Microsoft's MDASH system found 16 exploitable flaws in a single Patch Tuesday using multi-model AI analysis. CISA added 5 AI infrastructure tools (LiteLLM, Ollama, OpenClaw) to the Known Exploited Vulnerabilities catalog. These tools are already being exploited in production, not theoretically vulnerable. A honeypot dressed as an AI stack absorbed 113,000 attacks per month, with 23% targeting AI-specific endpoints. Mozilla found 271 real bugs in Firefox using custom AI harnesses, against curl's 1 CVE from generic scanning.
Where Sources Disagree
Sources diverge on timeline. A reasonable skeptic from any security vendor will argue EDR products will adapt, as they have adapted before. The reasonable skeptic is not wrong about the past. The TrustedSec data says the refresh cycle on bypass techniques is now days, not quarters. The architectural bet underneath the disagreement is whether detection logic belongs on the endpoint, where it is now transparent, or in identity, network telemetry, and behavioral analytics above the endpoint. The compensating controls above the endpoint are the ones that matter in the next 18 months.
The AI Infrastructure Layer Is Unprotected
SANS reports LiteLLM was added to CISA KEV on May 8th. Traefik carries a CVSS 10.0 authentication bypass. Argo CD enables plaintext Kubernetes secret extraction at CVSS 9.6. The adoption curve for AI infrastructure ran well ahead of the security review curve, and that gap is now being exploited in production. Most organizations brought these tools in without the controls they routinely apply to traditional enterprise software.
The Foxconn Compound
8 terabytes of IP from Apple, Google, Intel, and Nvidia left through a single contract manufacturer. The custody model, meaning what data the partner holds, for how long, and under whose keys, was designed for a supply chain. It was not designed for an intelligence target. AI hardware designs, accelerator specs, and cooling geometries are concentrated at a small number of assembly partners. Concentration of capacity is concentration of target value.
- Update: Anthropic discloses 80x demand spike against a planned 10x — xAI leasing 220,000 GPUs (45% of Colossus 1) to cover the gap, confirming compute is financializing
- Update: Anthropic restructures third-party pricing June 15 — Cursor/Zed users lose 70-90% discount, get capped credits then API rates; OpenAI offering 2 months free Codex for switchers
- ServiceNow blew its full-year Anthropic budget by May — no SLAs, no usage telemetry, no comment from Anthropic; ServiceNow now selling 'AI Control Tower' workaround to other enterprises
- Sigstore provenance forgery now public: TeamPCP/Shai-Hulud extracts OIDC tokens from CI/CD runner memory, forges supply chain verification — npm packages of TanStack, UiPath, and Mistral AI already compromised
- Only 15% of organizations have data foundations adequate for agentic AI — 95.2% of data modeling pain is organizational (ownership, training, time), not tooling (4.8%)
- Google's Gemini Intelligence ships this summer as Android's agent OS layer — 97%+ market share in key markets means the agent-mediation surface is being claimed by default on 3B+ devices
- Abridge raises at $5.3B valuation with 80-100M+ medical conversations creating irreplicable data moat — prior authorization compressed from 45 days to minutes, 250 health systems signed
- US-China chip deal includes 25% revenue-share extraction on H200 sales to Alibaba, Tencent, and 8 others — a 'controlled engagement' template, not decoupling
- a16z AI liability blueprint proposes user-liability defaults and damages caps — simultaneously deployed $115.5M in midterm spending, largest disclosed US political donor of 2026 cycle
The security operating model, the enterprise software stack, and the org chart are all being rewritten this quarter by the same force: AI compressed the cost of understanding, coordinating, and attacking complex systems by roughly an order of magnitude. EDR products that took weeks to reverse-engineer now take days. Management layers that existed to coordinate 15-person teams are being replaced by single operators with agents. The execution layer that determines which platform AI agents route through is being claimed by SAP and ServiceNow simultaneously. And the compute to run any of it is being locked up in $20B bilateral deals. The decisions being deferred aren't getting cheaper — they're getting made by default.