The Bottom Line (No Jargon Edition)

• GitHub got hit twice this week. First, a CISA public repo leaked active AWS GovCloud credentials that stayed live for nearly 48 hours. Then a compromised VS Code extension pulled internal GitHub repos by exploiting a stolen contributor token. Neither attack required sophisticated hacking. Both required slow detection.

• A 90-day blind spot is emerging in government security systems. When credentials sit exposed for days before anyone responds, capability investments don't matter. The detection gap is the actual liability.

• Microsoft cancelled most of its internal Claude Code licenses after just six months. Engineers got redirected to GitHub Copilot CLI. Uber burned through its full 2026 AI budget in four months using Claude Code. The consumption pricing model is landing like a grenade inside enterprise finance departments.

• Anthropic closed its $30 billion funding round at a reported $900 billion valuation. That puts it above OpenAI's current $852 billion mark. Capital is concentrating fast, and the operators showing revenue discipline are capturing it.

• OpenAI filed confidentially for its IPO this week, targeting a September debut. Current valuation sits at $852 billion. Polymarket traders are calling a first-day market cap north of $1.4 trillion. The AI era is going public whether enterprises are ready or not.

The Take That Started the Week

Google I/O dropped this week with Gemini 3.5 Flash as the headline model. now powering the Gemini app and AI Mode in Search. Gemini 3.5 Pro follows next month. The response at the conference was, charitably, a groan. Attendees expected the full Gemini 3.5 Pro release. Google gave them the Flash version and a promise.

That groan matters more than it sounds. Google is sitting on model capability that arguably rivals anyone in the space. What it keeps stumbling on is the deployment story. Flash ships when Pro should. Features demo when products should. After 30 years of watching tech cycles, I recognize this pattern: the engineering org moves at a different speed than the product org, and the gap shows up in keynotes.

The irony is that "not releasing its biggest model" is actually the right call if the production infrastructure isn't ready. But the market doesn't reward good judgment at a keynote. It rewards shipping. Microsoft built an empire on shipping before perfect. Google keeps building showcases.

Meanwhile, OpenAI used the same week to file confidentially for an IPO. No stage. No keynote. Just a quiet S-1 draft and Goldman Sachs on the phone. When your competitor is moving toward public markets and you're generating groans at your flagship conference, the gap isn't in the models. It's in the narrative.

Cloud Roundup

AWS

The most significant AWS story this week didn't come from AWS directly. It came from a GitHub repository named "Private-CISA." GitGuardian researcher Guillaume Valadon found the repo on May 14 with active AWS GovCloud credentials sitting exposed. He reported it to CERT/CC the same day and to CISA directly on May 15. Those credentials remained valid for nearly 48 hours after initial notification. The security industry is now pressing CISA for answers.

AWS GovCloud is designed for sensitive government workloads. The credentials being live that long isn't an AWS architecture failure. It's a credential hygiene failure compounded by a slow incident response cycle. The lesson for any team running AWS: rotation policies are only as good as your detection speed. If you don't know the key is out, you don't rotate it.

Separately, Braintrust disclosed on May 5 that an attacker gained unauthorized access to its AWS account storing customer API keys for cloud AI models. The breach was detected May 4. One customer confirmed affected at the time of disclosure. Three more under investigation. The AI platform layer is now a credential attack surface that most teams haven't fully scoped.

Azure

Microsoft had a complicated week. The company is reporting that its AI cost structure is becoming a real internal problem. The cancellation of most direct Claude Code licenses after six months signals something important: even Microsoft, which has a $5 billion Foundry deal with Anthropic and $30 billion in Azure compute commitments, found the per-token consumption model unsustainable for thousands of developers.

GitHub Copilot CLI is now the internal standard. Flat pricing beats consumption pricing when you have 10,000 engineers and no token budget guardrails. Microsoft's India data center is on track to go live mid-2026, which extends Azure's regional coverage for AI workloads in that market.

The GitHub supply chain breach this week also lands on Microsoft's plate. GitHub is a Microsoft property. The Nx Console VS Code extension attack (version 18.95.0, May 18) exploited a compromised contributor token to push a malicious commit. Internal GitHub repositories were pulled. The extension was live on the VS Code Marketplace for 11-18 minutes before removal. That's fast detection. The problem is the attack had already completed.

GCP

Google I/O 2026 was GCP's big week. Gemini 3.5 Flash is now the default for the Gemini app and AI Mode in Search. Gemini 3.5 Pro lands next month. Google also introduced Gemini Omni. a multimodal family capable of generating video from text, photos, video, and audio inputs. Gemini Spark rounds out the new model lineup.

The framing Forbes put on Google I/O is the right one: Google wants Gemini to be an operating layer, not a chatbot. Agent platform, not assistant product. The Antigravity announcement (autonomous agent task handling) and Universal Cart (AI-powered commerce integration) signal where Google thinks the revenue comes from. The infrastructure play is Vertex AI absorbing these models for enterprise deployment.

The "groans at I/O" story is real but overstated. Google shipped real infrastructure this week. What it failed to do is control the narrative around what it shipped.

AI Model Roundup

OpenAI

OpenAI's biggest move this week was off-model: the company filed confidentially for an IPO targeting a September public debut. Goldman Sachs and Morgan Stanley are on the deal. Current valuation is $852 billion. Polymarket has first-day trading predictions above $1.4 trillion.

The IPO move creates accountability pressure that didn't exist before. Public company quarterlies require revenue discipline that private rounds don't. OpenAI has raised $122 billion in funding to date, including its recent round. The transition from "raise more" to "earn more" is now on a public clock.

OpenAI also confirmed it's discontinuing its AI video app Sora. Generative video gets a lot of coverage. Apparently it doesn't get enough paying users.

Anthropic

Anthropic closed its $30 billion fundraising round at a reported $900 billion valuation this week, moving past OpenAI's current mark. The Gates Foundation partnership for $200 million in AI tools for healthcare, education, and agriculture gives the round a public-benefit narrative that fits Anthropic's brand.

The Claude Code story cuts both ways. Microsoft cancelling internal licenses and Uber burning through its annual AI budget in four months shows that consumption pricing for agentic tools creates genuine enterprise pain. On the other hand, Anthropic is projecting $10.9 billion in revenue for the June 2026 quarter. more than double the $4.8 billion from March. The companies paying those consumption bills are real and growing.

Anthropic also reinstated third-party agent usage on Claude subscriptions after banning it April 4. The ban was a prompt cache efficiency play. The reinstatement means the technical tradeoff resolved in users' favor.

Google AI

Gemini 3.5 Flash is the shipping news. Gemini 3.5 Pro is the withheld news. Gemini Omni is the multimodal play. Gemini Spark is the lightweight entry. Google shipped a model family this week, not a single flagship.

The pattern here is Google spreading capability across tiers while competitors concentrate around a lead model. Flash-first, Pro-later creates a gap in the market for teams that needed Pro this week. Anthropic and OpenAI filled that gap for some of those teams already.

The agent platform framing from I/O is where Google's actual competitive position sits in 2026. Not in head-to-head chatbot benchmarks. In whether Gemini becomes the connective tissue across Search, Workspace, Android, and GCP. That's a distribution moat that no model benchmark measures.

The Pattern I'm Watching

In 1998, I watched enterprises deploy early web infrastructure that was genuinely capable. The technology worked. What failed was the operational wrapper around it. Patch cycles ran quarterly. Incident response ran on paper. Credentials rotated when someone remembered. The breaches that followed in the early 2000s weren't technology failures. They were operations failures against capable technology.

We're in that same gap right now, just with AI at the center instead of web servers. GitHub's supply chain got hit twice in a week. CISA exposed live AWS GovCloud credentials for 48 hours after notification. AI exploitation windows have shrunk from 63 days mean time to remediation in 2024 to 38 days in 2025. because attackers are also using AI to move faster. The infrastructure running AI workloads is being attacked by AI-assisted tooling. The detection and response capabilities protecting it were designed for a slower threat tempo.

The Microsoft Claude Code cancellation ties into this same pattern from a different angle. When a technology is operationally expensive beyond what the organization can absorb, adoption stalls regardless of capability. In the 1990s, organizations that wanted to deploy client-server architectures hit the same wall: the technology was real, the operational cost of running it was not yet manageable, and the teams that won were the ones that built the operational discipline first. Capability isn't the bottleneck right now. Operational rigor is. Which means the organizations investing in audit quality, detection speed, and credential hygiene this quarter will run more AI in two years than the ones chasing the next benchmark release. What are you doing right now to close your detection window before your threat actors close it for you?

Weekly AI and cloud breakdowns from someone who's been in the game since the early days of the internet. No ads. No filler. The signal.