AIReverseEngineeringStripsEDRObscurityinDays

◆ DEEP DIVES

1. 01

   The Defensive Stack Just Went Transparent — Endpoint Security's Obscurity Moat Collapsed in a Week

   The Finding That Changes the Math

   TrustedSec ran LLMs against five commercial EDR products and found all five built to the same template: YARA-style rules, behavioral logic, allowlists, prefilters, Lua scripting engines readable after a single decryption pass, and local ML classifiers. Work that took a skilled reverse engineer weeks now takes days with AI assistance. The entire endpoint detection category was running on security-through-obscurity. The obscurity is gone.

   The security model of the defensive stack was built on the premise that the cost of understanding the agent exceeded the value of bypassing it for most adversaries. That premise is no longer true for a growing share of the threat population.

   The Offensive Capability Crossed a Discontinuity

   Anthropic's Mythos became the first model to clear both UK AISI simulated attack ranges, benchmarks designed specifically to test autonomous offensive cyber capability. Mythos and OpenAI's GPT-5.5-cyber are both outperforming what was already an exponential doubling trend. Congress is holding closed-door demos and routing access through NSA rather than CISA. The signal there is unambiguous: the government has decided offensive advantage matters more than civilian defense.

   Exploit Timelines Have Collapsed

   PraisonAI was weaponized four hours after disclosure. An 18-year-old NGINX RCE sat undetected in rewrite module parsing logic deployed on virtually every web application. Microsoft's MDASH found 16 exploitable flaws in a single Patch Tuesday using multi-model AI analysis. CISA added LiteLLM, Ollama, and AI gateway tools to the Known Exploited Vulnerabilities catalog, meaning AI infrastructure adopted in the last twelve months is already on the attacked list.

   Supply Chain Compound

   Foxconn lost 8 terabytes of confidential designs from Apple, Google, Intel, and Nvidia to the Nitrogen ransomware group. A Raspberry Pi honeypot dressed as an AI stack was indexed by Shodan in 3 hours and absorbed 113,000+ attacks per month, with 23% targeting AI-specific endpoints. The Sigstore provenance forgery finding means the supply chain verification mechanism boards were told to trust is, in its current form, theater.

   ---

   What This Means Architecturally

   A reasonable skeptic would point out that defenders have absorbed step-changes in offensive tooling before, and the endpoint agent survived. The skeptic is correct about the past. The compensating controls that matter in the next 18 months are not the endpoint agent. They are identity, network telemetry, behavioral analytics above the endpoint, and kernel-level isolation (Firecracker microVMs, gVisor). Teams that keep treating the endpoint agent as the load-bearing control will learn what load-bearing means when the control becomes transparent to the adversary.

   Action items

   • Commission a red-team exercise specifically targeting your EDR with AI-assisted reverse engineering within 30 days
   • Rewrite critical vulnerability patch SLAs from 30-day to 7-day windows for internet-facing assets this quarter
   • Audit all AI infrastructure tooling (LiteLLM, Ollama, model registries) for security posture by end of month
   • Evaluate kernel-level isolation for CI/CD and multi-tenant workloads this quarter
   • Map supply chain IP custody — which third parties hold your designs, under whose keys, with what deletion guarantees

   Sources:Clint Gibler · CyberScoop · The Hacker News · SANS AtRisk · TLDR InfoSec · The Information AM

2. 02

   Compute Supply Locked Up in $10B+ Bilateral Deals — The Spot Market Assumption Just Died

   The IPO Week That Changed Market Structure

   Cerebras priced at $56 billion fully diluted, sixteen percent above an already elevated range, and printed a 70% first-day pop. The proximate cause is not multiple expansion. It is a quiet twenty-billion-dollar procurement commitment from OpenAI in December 2025. One customer turned a company that had pulled its own filing over regulatory concerns into the best tech IPO in five years. Tiger Global booked a 249% return in eight months.

   Fervo Energy debuted at $10B+ valuation with a 33% first-day surge, and the prospectus did not pretend the catalyst was anything but AI datacenter load. Google holds an option for 3 gigawatts against 658 MW currently contracted. That gap is roughly sixty-plus data center facilities sourced from a single supplier.

   Compute is being allocated through bilateral relationship commitments now, not open market clearing. The marginal buyer arriving in 2026 will get compute. The marginal buyer will not get the 2024 terms.

   GPU Financialization Is Here

   xAI is leasing 45% of its Colossus cluster (220,000 GPUs) to Anthropic, a company Elon Musk has publicly called "misanthropic and evil." A reasonable skeptic would say the lease cannot be real because the rivalry is real. The lease is real. Grok never reached meaningful traction, and lease revenue almost certainly clears what Grok could earn on the same silicon. Nebius reports 4+ customers competing for every GPU brought online, with 684% revenue growth tracking toward $3-3.4B.

   The Supply-Demand Math

   Signal	Data Point	Implication
   Microsoft→OpenAI	$100B committed	Best-positioned buyer paying this = floor, not ceiling
   OpenAI→Cerebras	$20B commitment	Pre-selling supply at decade scale
   Nebius demand ratio	4:1	Structural, not cyclical constraint
   Fervo→Google option	3 GW	Power is the binding constraint through 2030

   What This Forces

   The optionality most infrastructure plans quietly assumed — that capacity would be available, somewhere, at some price — is the line item being deleted. Plans drawn against three viable suppliers in eighteen months may now be drawn against one and a half. The window to lock favorable multi-year terms is closing while most enterprise AI roadmaps are still scoped quarter to quarter. Those two planning horizons do not reconcile, and the one that gives way first is the shorter one.

   Action items

   • Audit compute procurement contracts and model 12-month capacity lock-in vs. spot pricing exposure by next board meeting
   • Evaluate strategic partnerships with alternative compute or energy providers — become a 'transformational customer' for an emerging infrastructure player
   • Accelerate M&A conversations with AI infrastructure targets before the IPO window fully reopens
   • Secure long-term power supply agreements for any planned AI infrastructure expansion

   Sources:StrictlyVC · Katie Roof · Martin Peers · Bloomberg Technology · The Information AM · The Pragmatic Engineer

3. 03

   The Enterprise Execution Layer War — SAP, ServiceNow, and the $100M Budget Blowouts

   The Collision

   SAP and ServiceNow are both pitching themselves, in the same words, as the execution layer where AI agents commit writes to enterprise systems of record. This is not a marketing overlap. Agents that act across finance, HR, IT, and procurement need one authoritative place to reconcile state. Two authoritative places is zero authoritative places. The run-both compromise that held for the last decade does not survive contact with agents that need to commit writes.

   Two Incompatible Architectures

   ServiceNow adopted MCP (Model Context Protocol) servers as the communication standard for its headless Action Fabric, declaring that any agent talks to ServiceNow via MCP. A company with workflow gravity across IT, HR, and customer service is pulling the ecosystem toward one protocol.

   SAP is playing a different game: a vertically integrated Knowledge Graph backed by a €100M fund that makes SAP's own agents contextually superior inside SAP's data universe. These are two competing theories of how the agent economy organizes: open interoperability vs. data-moat integration. Both can be right for a while. Only one can be right for the processes that cannot stop.

   The decision this quarter is which vendor owns the execution layer for the processes that cannot stop, and which one gets relegated to integration. That call sets up the next three years of licensing leverage.

   The Budget Crisis Nobody Planned For

   ServiceNow's CDIO disclosed that the company blew its full-year Anthropic budget by May. A reasonable skeptic would call that a planning failure at one company. The reasonable skeptic is half right. The other half is that AI model providers still lack enterprise-grade telemetry, SLAs, and predictable pricing. Anthropic does not offer SLAs. It does not provide usage telemetry. It has no comment when enterprise customers publicly describe budget blowouts. ServiceNow is already building workarounds in AI Control Tower and selling them to other enterprises, which is what routing around a vendor deficiency looks like when the deficiency is durable.

   The Data Foundation Gap

   Only 15% of organizations have adequate data foundations for agentic AI. Of 334 practitioners surveyed, 4.8% cited tooling as the bottleneck. The remaining 95.2% pointed to training, clearer requirements, time, and dedicated ownership. The 85% without foundations will not buy their way out. They will restructure ownership and governance, or they will keep funding agents that cannot be trusted with production data.

   ---

   The Pricing Model Shift

   SAP is not charging per-seat for autonomous finance agents. ServiceNow's headless architecture implies consumption-based pricing on agent API calls. The per-seat model breaks when agents replace human users, but only if pricing captures agent-driven consumption. The decision this quarter is whether to model that scenario now, or explain it later when customers ask why they are paying for seats their agents made redundant.

   Action items

   • Conduct an 'agent readiness' audit of your platform architecture — can third-party AI agents discover, invoke, and orchestrate your workflows without a human UI?
   • Conduct immediate audit of all AI model consumption spend vs. budget with per-team and per-use-case attribution
   • Stand up AI governance function with authority over tool/vendor rationalization before Q3 budgeting
   • Commission agentic AI readiness assessment focused on data quality, lineage, and governance across top 3 AI investment areas

   Sources:TLDR IT · Laura Bratton · TLDR Data · a16z · ben's bites

4. 04

   The AI Liability Regime Is Being Written This Quarter — Your Open-Source Strategy May Become Uninsurable

   Three Jurisdictions, One Window

   The AI liability framework is being drafted in three places at once: US courts and Congress, EU AI Act implementation, and UK sector-specific guidance. Into that window, a16z dropped what is, on any honest reading, the most comprehensive lobbying blueprint the AI industry has produced — user-liability defaults, damages caps, federal preemption of the state patchwork. The same firm has deployed $115.5 million into 2026 midterms, the largest disclosed political spend of the cycle.

   The frame to take from this is straightforward. The venture class has decided that the legal architecture of the next decade is worth spending real political capital on now, rather than litigating case by case in a regime someone else wrote.

   The Open-Source Threat

   If developer-liability for downstream use becomes the standard, the economic logic of releasing an open-source model stops working. No rational actor open-sources a model that generates unbounded liability for every downstream application. The supply chain restructures toward proprietary foundation models, and product strategies that quietly assume continued access to open weights — which is most of them — carry an unpriced dependency on a regulatory outcome that has not been decided yet.

   Deep pockets prefer strict liability for the same reason they prefer any rule that prices out the challenger. The liability regime determines which companies still exist in five years.

   Courts Are Moving Before Congress

   A reasonable skeptic would say this is a legislative question and legislation is slow. The skeptic is half right. Active cases in front of judges right now could impose substantial penalties on general-purpose AI developers for downstream misuse. The likely sequence is that precedent-setting rulings arrive before any comprehensive federal framework, producing a patchwork of judicial standards that subsequent legislation has to work around rather than replace. Firms not watching those dockets are not managing the exposure.

   The Interagency Fight

   Inside the Trump administration, ODNI and Commerce are fighting over AI model assessment authority. CAISI published voluntary testing agreements with Google, Microsoft, and xAI, then retracted them inside the same week. An IC-led regime means release gating and classified compliance obligations. A Commerce-led regime means expensive-but-navigable disclosure requirements. Planning for the wrong one is not a rounding error.

   The Competitive Moat Reframe

   The board-deck version of this is that AI moats come from model quality. The complete version is that over the next five years the moat is the quality of the audit trail, the defensibility of the evaluation process, and the contractual allocation of residual risk with upstream vendors. Firms that treat those as compliance artifacts will pay for them twice. Firms that treat them as product will charge for them.

   Action items

   • Commission a legal exposure audit against three competing liability scenarios (strict, safe harbor, user-liability presumption) to quantify financial exposure under each
   • Begin building audit-ready AI governance infrastructure (model cards, safety testing docs, incident reporting) that would satisfy proposed safe harbor requirements
   • Evaluate open-source AI dependencies and develop contingency plans for a world where open-source model availability contracts
   • Engage in federal legislative process — join industry coalitions advocating for federal preemption before a16z's preferred framework becomes the default by inertia

   Sources:a16z AI Policy Brief · Risky.Biz · Morning Brew · The Download from MIT Technology Review