June 15 is a stress test for everything you didn't instrument

Three numbers landed in the same week, and they make the same argument from different angles.

Anthropic disclosed it grew 80x against a 10x capacity plan, and is closing the 70-90% implicit subsidy that subscription-priced Claude gave third-party harnesses — Cursor, Cline, Zed, OpenCode — on June 15. ServiceNow's CDIO admitted the company burned its full-year Anthropic budget by May because the vendor ships no per-user telemetry and the customer didn't build it. Vercel's AI Gateway, sitting in front of 200,000+ teams, now reports 59% of token volume is agentic — multi-turn, tool-calling traffic that single-turn eval harnesses don't measure and per-seat cost models don't price.

Three weeks until the pricing change. Most teams will not finish the work in time.

The cost model you have is wrong by an order of magnitude

A developer running Claude through Cursor today costs roughly $20/month in effective spend against the subscription. After June 15, the same usage pattern bills against API rates and lands closer to $200. Same prompts, same outputs, ten times the invoice. Anthropic is doing this on purpose — they hired a CFO, are likely targeting an October IPO, and the old per-user economics don't produce numbers a public market underwrites. The 50% rate-limit bump through July 13 is sugar on a structural price increase.

ServiceNow is the cautionary tale, not the outlier. PagerDuty and National Life Group report the same gap. National Life's CIO put it bluntly: Anthropic is great for consumers and not great for companies. No SLAs, no per-user attribution, no budget alerts. ServiceNow's response was to staff an internal AI Control Tower with dedicated headcount. Most teams don't have that headcount to spare, and most haven't realized they need it until the invoice clears.

OpenAI saw the window and jumped through it: two months of free Codex for any enterprise that switches inside 30 days. That's displacement pricing aimed at the exact week the Cursor invoice changes. Ramp data has Anthropic at 34.4% of business AI spend versus OpenAI at 32.3% — the lead changed hands recently and OpenAI is buying back the developers Anthropic just alienated. Run the comparison even if you don't switch. The data is free and the leverage at renewal is not.

Your eval harness is measuring the minority of production

The 59% number deserves a second look. Six months ago agentic traffic was under 20%. The composition shifted faster than anything since chat replaced completion, and most stacks were architected before the shift started. The spend-versus-volume split inside that number tells you the architecture is already tiered in production whether your code reflects it or not: Anthropic captures 61% of spend on Opus-class reasoning, Google captures 38% of volume on Flash-class throughput. Expensive models for planning, cheap models for utility, no vendor loyalty.

The failure mode this creates is specific. Cost models pinned to a 3:1 input-output ratio are off by roughly 5x against real agentic traffic, which runs closer to 15:1. Single-turn benchmarks miss the metrics that determine whether an agent works in production — tool-call precision, steps-to-completion, recovery from error, cost per successful task. If 59% of your tokens are agentic and 100% of your evals are single-turn, you are flying instruments-out on the majority surface.

Claude Code's /goal command makes this concrete. It runs multi-turn coding sessions to completion with no token budget and a Haiku evaluator that reads the conversation transcript — not the file system, not the test output. If the coding model claims tests pass and the transcript stays internally consistent, the goal is satisfied. The default failure mode is uncapped spend on a loop that looks like progress at turn five and is a $200 invoice at turn forty. Wrap it in a wall-clock timeout and a token meter you control before you point it at anything that matters.

The edge is the part you patch tonight

While finance recalibrates and product rewrites the eval harness, security has a 48-hour window. NGINX disclosed an 18-year-old unauthenticated RCE in the rewrite module that ships on the vast majority of production deployments. Traefik shipped two CVSS 10.0 auth bypasses the same day — the rubric ran out of knobs. MOVEit pushed a 9.8 auth bypass whose shape matches the 2023 Cl0p campaign. Argo CD at 9.6 leaks plaintext Kubernetes secrets to low-privilege users. LiteLLM is on CISA KEV under active exploitation. The chain from internet-facing Traefik through Argo CD to cluster-admin is not theoretical.

The pattern across every one of these is authentication failure, not memory corruption. EDR is blind to it. The PraisonAI CVE went from disclosure to weaponized exploit in four hours, which is not a patch window — it is a containment window. Mass scanning on the NGINX advisory is the base case inside 48 hours. Patch order: internet-facing Traefik first, NGINX second, Argo CD with secret rotation third, MOVEit immediately if you still run it, and start the conversation about replacing it.

What to do this week

Stop calling this three problems. It is one problem with three deadlines.

The operator move is build the abstraction layer you've been deprioritizing. Deploy a gateway — LiteLLM, Portkey, OpenRouter, or in-house — that tags every call with team, feature, and request ID, logs input and output tokens per call, aggregates by tag, and trips a circuit breaker when spend crosses a threshold. That single piece of infrastructure solves the cost-attribution problem ServiceNow couldn't solve, gives you a 48-hour failover path between Anthropic and OpenAI while both vendors are paying you to switch, and creates the inspection point where DLP and egress monitoring for agentic traffic actually has somewhere to live.

Do the patching tonight. Build the gateway this sprint. Run the Codex evaluation before July 13. The window where every layer of this stack is simultaneously under-instrumented and over-trusted closes when the June 15 invoice arrives.