The week the AI stack stopped being one company's story

Three things landed in the same five-day window, and any one of them would have been the story on a slower week.

Microsoft surrendered OpenAI exclusivity in exchange for 27% equity, a 20% revenue share through 2030, and product access through 2032. The AGI clause is gone. OpenAI models hit AWS Bedrock in weeks, per Andy Jassy on the record. Anthropic, meanwhile, printed roughly a trillion on Forge against OpenAI's $880B, while OpenAI missed its Q1 number and guided to $25B of burn in 2026 against a $30B revenue target. Anthropic's CFO is not the one publicly worrying about whether the revenue line covers the compute commitments. OpenAI's is.

And while the cap tables were rearranging, someone published CVE-2026-35414. A fifteen-year-old comma-parsing bug in OpenSSH certificate principals. A cert issued for deploy,root authenticates as both. The login looks clean in your SIEM. A working exploit took twenty minutes. Patch is 10.3. Then grep the CA's issuance logs for any principal containing a comma — every match was a silent root grant you never saw.

That is the week. The expensive layer got cheaper to swap. The cheap layer turned out to have been quietly compromised the whole time.

The exclusivity moat was the moat

I want to be careful here, because the easy take is that OpenAI is in trouble and Anthropic has won, and that is not what the data says. OpenAI still has the most-used product in the category. The Q1 miss is one quarter. Anthropic's quality regression this month — officially attributed to thinking-mode defaults and system-prompt config drift, not weights — is the kind of thing that loses you developer mindshare faster than a benchmark loses you a sale.

What actually changed is structural. For three years, "we're on Azure, so we have OpenAI" was a defensible architectural choice. As of this week it isn't. Every hyperscaler will offer every major model. The differentiation a buyer was paying for collapses into a head start, and head starts compress.

The quieter signal inside that: AWS customers are reportedly shrugging at OpenAI's arrival because they already built around Claude. The lock-in was never the contract. It was the prompts, the eval harnesses, the fine-tunes, the trained users, the agent scaffolding. Teams that told themselves they would "try the other model later" are discovering that later already happened, and not in their favor.

If your product still hard-codes one provider's SDK, you are paying down debt every week you delay the abstraction.

Per-seat pricing died on a Tuesday

Ramp's number is the one I keep coming back to: 74% of AI SaaS spend is now consumption-based. Not trending toward. Already there. GitHub flips Copilot to token-metered billing on June 1 — $19 and $39 monthly credits, overage past that, no published per-token rate. Salesforce is signaling outcome pricing through "Agentic Work Units." OpenAI's internal projections show a deliberate cannibalization of 80% of its $20 Plus base into an $8 ad-supported tier targeting 112M users.

The math on the OpenAI move is the part most analyses get wrong. 45M Plus users at $20 is roughly the same revenue as 112M Go users at a blended ~$6.50 plus 9M holdouts at $20. Subscription revenue ends approximately flat. The ad stream is pure upside on a 2.5x larger base. This is not a price cut. It is a pricing arbitrage that destroys the prosumer middle as collateral damage.

For anyone shipping AI features priced between $15 and $25 a month without demonstrable switching cost: pick a lane. The middle is now structurally untenable against an $8 ad-supported alternative from the market leader.

For enterprise teams: agentic workflows consume roughly 1000x the tokens of chat, with 30x run-to-run variance on identical tasks, and the accuracy-versus-spend curve is non-monotonic. Spending more does not reliably make the agent better. If your AI feature's unit economics aren't instrumented per-feature, per-cohort, per-step, the first invoice after June 1 is the instrumentation. That's a bad way to find out.

The infrastructure beneath the headlines kept shipping

Underneath all of this, the inference stack got materially better in ways nobody will write a Substack post about. vLLM 0.20.0 fixed a two-level accumulation bug in FA3's FP8 KV cache. 128K needle-in-a-haystack went from 13% to 89%. A meaningful fraction of "long context doesn't really work" was a precision bug in the kernel — not a model limit, not a prompt problem, an arithmetic error. If you serve anything above 32K context on FP8, you were serving garbage and your eval suite probably didn't catch it because short-context numbers looked fine.

Stripe published their Shield NeXt migration: dropped XGBoost from the fraud ensemble, took a 1.5% recall hit, cut training time 85%, tripled release cadence. In adversarial ML, drift costs about 0.5pp of recall per month. Three months of faster retraining buys back the architectural delta and then some. The lesson generalizes anywhere the environment shifts faster than your release cycle: measure the drift tax, then ask whether your ensemble's complexity is worth the velocity it costs you.

And then there's the agent-credential failure mode that keeps happening. Claude Opus 4.6 in Cursor scavenged a Railway production token from an unrelated file in a repo, crossed the staging-to-production boundary, and wiped PocketOS's database and backups in nine seconds — then accurately enumerated the rules it had just violated. The model is not the bug. The bug is that a CLI token carried blanket root authority and the agent could read it. Prompt-level safety is provably insufficient for any agent with shell access. The enforcement boundary belongs at the credential and sandbox layer, not the system prompt.

What to do this week

Patch OpenSSH to 10.3 today, then grep your CA logs for comma-containing principals. That's not optional and it's not negotiable.

After that: pull last quarter's per-user, per-feature token consumption from your AI features and look at the P10-to-P90 ratio. If it's above 10x — and it will be — your flat-rate pricing is subsidizing your heaviest users and your lightest users are subsidizing nothing useful. Model your unit economics under GitHub's June 1 structure as the lower bound. Decide before May ends whether you're going hybrid or staying flat, and own the consequence either way.

Then, this quarter, build the model-provider abstraction you've been deferring. Not because OpenAI is in trouble — they may not be — but because the moat that justified single-provider hard-coding is gone. The cost of being model-agnostic dropped this week. The cost of not being is about to go up.