AnthropicMythosandLLMEDRCracksUpendSecuritySLAs

◆ DEEP DIVES

1. 01

   Your Security Architecture Just Lost Three Load-Bearing Assumptions in Seven Days

   The Convergence That Matters

   Three independent security assumptions failed this week. Each one in isolation is manageable. Together they constitute an architectural revision, not a patch cycle. The board-deck version says raise the security budget. The complete version says the operating model has to change before the budget question becomes useful.

   The cost of understanding your EDR agent exceeded the value of bypassing it for most adversaries. That premise is no longer true for a growing share of the threat population.

   Assumption 1: EDR Obscurity Buys Time

   TrustedSec ran LLMs against five commercial EDR products and found all five share identical architectural patterns: YARA-style rules, behavioral logic, allowlists, prefilters, scripted engines (some readable as Lua after a single decryption pass), and local ML classifiers. Work that took a skilled reverser weeks now takes days. The population of attackers capable of this expanded by an order of magnitude, and the bypass refresh cycle moved from quarters to days.

   Assumption 2: Weaponization Is the Slow Step

   AISI confirmed Anthropic's Mythos became the first model to clear both end-to-end cyber ranges: full network takeover, not just persistence. OpenAI's GPT-5.5-cyber cleared one. Palo Alto Networks' AI-driven scanning surfaced dozens of serious vulnerabilities across 130+ products. A 4-hour exploit window on PraisonAI confirms the new baseline. The 30-day patch SLA was calibrated for attackers who needed 30 days. They no longer do.

   Assumption 3: Supply Chain Verification Works

   The TeamPCP/Shai-Hulud framework forges Sigstore provenance, extracts OIDC tokens from CI/CD runner memory, and persists through AI coding tools. It has already compromised npm packages for TanStack, UiPath, and Mistral AI. Foxconn separately lost 8TB of IP from Apple, Google, Intel, and Nvidia through a single breach. The trust anchor for software supply chain verification is now an attack surface.

   ---

   The Compensating Controls That Matter

   The endpoint agent is no longer the load-bearing control. The compensating controls for the next 18 months are identity (blast radius), network telemetry (behavioral analytics above the endpoint), and recovery architecture (hours, not weeks). OpenAI's Daybreak launch with CrowdStrike, Palo Alto, Cisco, Cloudflare, and four others signals the platform war for AI-native defense has begun. The question this quarter is whether defensive AI sits inside the firm or is rented from the vendor that shipped the offensive capability. That choice sets the dependency map for the next several years.

   Where Sources Diverge

   The intelligence community, with Congress routing Mythos access through NSA over CISA, has prioritized offense. The private sector is on its own for defensive AI for several years. A reasonable skeptic would say benchmark jumps outrun operational reality. The 4-hour PraisonAI window says otherwise.

   Action items

   • Commission red team exercise targeting your EDR with AI-assisted reverse engineering — surface the actual detection gap before adversaries do
   • Compress critical vulnerability patch SLA from 30 days to 72 hours for internet-facing assets
   • Audit all CI/CD pipelines for OIDC token exposure, GitHub Actions cache poisoning, and Sigstore provenance trust assumptions
   • Evaluate kernel-level isolation (Firecracker microVMs, gVisor) for CI/CD and multi-tenant workloads by end of Q3

   Sources:Clint Gibler · The Information AM · CyberScoop · The Hacker News · SANS AtRisk · TLDR InfoSec

2. 02

   The Execution Layer War: Where AI Agents Live Determines Who Captures the Next Decade

   The Decision Being Forced

   Three of the largest enterprise platforms used the same quarter to announce that the UI-centric era is ending. SAP's Autonomous Enterprise, ServiceNow's Action Fabric, and Salesforce's Agentforce are not competing features in any meaningful sense. They are three different bets on who owns the surface that AI agents call. The settled question is which software humans use. The open question is which API agents invoke.

   Agents that act across finance, HR, IT, and procurement need one authoritative place to reconcile state. Two authoritative places is zero authoritative places.

   Two Incompatible Architectures

   Dimension	SAP	ServiceNow
   Strategy	Vertically integrated Knowledge Graph	Open Action Fabric via MCP
   Moat thesis	Data superiority inside SAP's universe	Protocol adoption across all systems
   Agent model	SAP's agents are contextually superior	Any agent can call ServiceNow
   Bet	Data moat integration	Open interoperability wins

   ServiceNow adopting MCP (Model Context Protocol) as the communication standard pulls the rest of the ecosystem toward that protocol. A company with workflow gravity across IT, HR, and customer service declaring that agents talk to it via MCP is a legitimization event for the protocol itself. SAP is playing a different game. The bet is that its own agents will be so contextually superior inside SAP's data universe that customers never reach for an external orchestrator.

   The $150B Value Migration

   a16z estimates more than $150 billion of GTM value is migrating from CRM to the AI orchestration layer. The thesis is that whoever owns the reasoning layer synthesizing across CRM, email, calls, telemetry, and billing becomes the new system of record. The Lemkin data point makes the abstraction concrete: 80% fewer human seats, 83% higher total spend, 20+ agents running. Consumption-based AI pricing is already dramatically accretive against seat-based models.

   The Platform Tax Arrives

   Anthropic's June 15 pricing restructure separates first-party from third-party usage. Third-party tools like Cursor and Zed get capped credits, then API rates. This is a platform tax in everything but name. Notion launched a developer platform positioning Claude and Codex as "teammates" on Notion infrastructure. Intercom rebranded entirely to "Fin." A reasonable skeptic would call this rebranding theater, and on a single-quarter view the skeptic is correct. The pattern across all three moves is consistent: the agent-hosting platform is the next defensible category, and the hosting decisions are being made now, while the market is still fluid.

   The 12-18 Month Window

   Startups are reportedly shipping agentic fabric faster than Salesforce and ServiceNow. That window closes when the incumbents' API-first AI offerings mature. Any platform whose roadmap still assumes a human-in-the-UI is the primary consumer has roughly 12-18 months before agents route around it rather than through it. Being bypassed is not disruption. Disruption leaves a seat at the table. Bypass does not.

   Action items

   • Conduct an 'agent readiness' audit — determine whether third-party AI agents can discover, invoke, and orchestrate your workflows without a human UI
   • Evaluate MCP as a strategic standard for your platform roadmap — build or integrate MCP server capabilities by end of Q3
   • Model consumption-based pricing scenarios and pilot with 3-5 customers this quarter if you sell seat-based software touching GTM workflows
   • Stand up an AI governance function with authority over tool/vendor rationalization before Q3 budgeting

   Sources:TLDR IT · a16z · TLDR · Simplifying AI · ben's bites · Techpresso

3. 03

   AI Infrastructure Is Being Pre-Sold in $10B+ Blocks — The Spot Market Assumption Just Died

   The Market Structure Shift

   Cerebras opened day one at a $56 billion fully diluted valuation, priced sixteen percent above a range that was already generous, and closed the session up seventy percent. The proximate cause was OpenAI's $20 billion procurement commitment in December 2025, which converted a regulatory cautionary tale into the best-performing tech IPO in five years. A single anchor buyer did the work an entire roadshow used to do. The signal worth taking seriously is that frontier AI compute is now allocated through relationship-based bilateral commitments rather than open-market clearing.

   The marginal unit of frontier AI capacity now has a named buyer for the rest of the decade, and that buyer is not you.

   xAI Concedes — Compute Becomes Financial Instrument

   Elon Musk, who recently described Anthropic in public as "misanthropic and evil," has agreed to lease them 220,000 GPUs (45% of Colossus 1). The financial logic outran the competitive logic, which is what tends to happen once Grok fails to find traction and the lease revenue clears what those GPUs would earn running inference. The population of viable frontier labs is contracting, and excess infrastructure is moving onto the lease market. Enterprise compute economics will feel that over the next twelve to eighteen months.

   Energy Infrastructure Validates as Platform Business

   Fervo Energy went public at a $10B+ valuation with a thirty-three percent first-day move, and the demand story was AI datacenter load, not decarbonization. Google holds an option for 3 gigawatts against the 658 MW currently under contract, which at fifty megawatts per large facility implies sixty-plus datacenters out of one supplier. Power contracts signed this year set competitive position in 2028 through 2030. Community resistance is now numerate — four thousand complaints against a single project, states drafting outright bans — which means permitted, interconnected capacity trades at a scarcity premium that is still rising.

   The $100B Disclosure

   Microsoft's commitment to OpenAI, surfaced through the Musk lawsuit at over $100 billion by June 2026 with thirty billion of direct revenue offsetting it, is the cleanest read on what frontier model participation actually costs. OpenAI has committed another $280B to Microsoft servers on top. Fewer than five companies on earth can carry that math. If the best-positioned buyer in the world is paying this, every other buyer is looking at a floor rather than a ceiling.

   Where Sources Diverge

   One reading says the xAI lease and the Cerebras print together ease compute scarcity as excess capacity reaches the market. The other says bilateral lock-ups at ten to twenty billion dollars leave 2026 buyers with access but not 2024 pricing. Both are correct for different tiers of buyer, which is why the procurement discipline now required of CIOs looks like the discipline energy and semiconductor buyers adopted a decade ago.

   Action items

   • Audit compute capacity contracts and model the cost of 12-18 month lock-in versus spot pricing exposure — present options at next board meeting
   • Explore whether becoming a 'transformational customer' for an emerging AI chip or infrastructure company could secure strategic advantage
   • Secure long-term power supply agreements or partnerships for any planned AI infrastructure expansion
   • Accelerate M&A conversations with AI infrastructure targets before IPO window fully reprices expectations

   Sources:Katie Roof · StrictlyVC · The Information AM · Martin Peers · The Pragmatic Engineer · Bloomberg Technology