Weekly Briefing

The dispute began when the Pentagon wanted blanket permission to use Claude for "all lawful purposes." Anthropic drew a line. They would supply the model, but not for autonomous weapons or mass domestic surveillance. The government did not accept the conditions. What happened next was unusual: the Defense Department classified Anthropic as a supply chain risk, a designation designed for companies that threaten the integrity of military procurement — think foreign-owned suppliers with ties to adversarial governments. It was the first time the label had been applied to an American AI company.

Anthropic sued. A federal judge in California granted an injunction, blocking the designation while the case proceeds. But the legal victory did not translate into contracts. On May 1, the Pentagon announced it had signed agreements with seven companies to deploy AI inside classified networks. Anthropic was not among them.

The seven companies that signed: Amazon Web Services, Google, Microsoft, NVIDIA, OpenAI, SpaceX, and Reflection. Oracle was added shortly after. The message was clear. Disagree with the terms and you get replaced. The market has alternatives.

Google's role is worth noting separately. They expanded the Pentagon's access to their AI specifically after Anthropic's refusal — a direct move to fill the gap. Google dropped its own "Don't Be Evil" and AI ethics restrictions for military use years ago. The gap between what Google and Anthropic will accept has widened into a strategic opportunity for one and a principled stand for the other.

What it means. This is the clearest signal yet of how governments treat AI companies that draw ethical lines. The Pentagon didn't negotiate. It didn't compromise on terms. It replaced Anthropic and moved on. The supply chain risk label — unprecedented for a domestic company — was a warning shot to the entire industry: if you set limits on how your model can be used, you are a risk, not a partner. For Anthropic, the calculus is existential. They are approaching $19 billion in annual revenue. Government contracts at classified scale are worth billions more. Walking away from them is expensive. But caving would undermine the core positioning that differentiates Anthropic from every other frontier lab — that they are the ones who take safety seriously enough to say no.

Grok 4.3 scores 53 on the Artificial Analysis Intelligence Index, placing it above the median of 35 for reasoning models in its price tier. It earned an ELO of 1500 on GDPval-AA — up 321 points from Grok 4.20, surpassing Gemini 3.1 Pro Preview and GPT-5.4 mini at maximum effort.

The model supports native video input for the first time, web search, X search, Python code execution, and file-based RAG. It can also generate Excel files, PDFs, and PowerPoint decks — features that position it as a full office tool, not just a chatbot.

The pricing tells the real story. At $1.25 per million input tokens and $2.50 per million output tokens, Grok 4.3 undercuts most frontier models by a wide margin. swyx, who runs AI Engineer, called it "the most intelligence per dollar you can get" among frontier models, "beating even open models like MiMo, Kimi, and DeepSeek."

Separately, xAI launched Grok Imagine in agent mode — a creative generation tool. And Musk confirmed that Grok Voice is now being used by Starlink for customer support.

What it means. xAI is competing on three fronts simultaneously: intelligence, price, and features. The voice cloning API is particularly notable — most frontier labs treat voice as a separate product; xAI is bundling it into the same platform. The pricing pressure will be felt across the industry. When a frontier-class model costs $1.25 per million input tokens, the economics of building AI applications shift: agents that were too expensive to run continuously become viable, and the gap between "prototype" and "production" narrows because the API bill stops being the bottleneck. Coding remains Grok's weakness — the 14-point deficit to Opus 4.7 on SWE-bench matters for the coding-agent market — but that is one segment. For everything else, Grok 4.3 is now price-competitive with open-source models while offering frontier-level intelligence.

The OpenClaw integration is the biggest move. Until now, using OpenClaw required an OpenAI API key and separate billing. That meant most ChatGPT subscribers — who already pay $20/month or more — had to pay again if they wanted to use OpenAI's coding agent. The new OAuth flow eliminates that barrier. Sign in with your ChatGPT credentials, and OpenClaw accesses GPT-5.5 directly through your subscription. No separate API credits consumed.

Altman's announcement was characteristically casual — "happy lobstering" — but the numbers tell the story: 18,543 likes, 1.6 million views. The tweet where he told people to "use codex or claude code, whatever works best for you" got 21,378 likes. He can afford to be gracious. The ChatGPT login integration means every paying subscriber is now a potential OpenClaw user without spending another dollar.

Codex's expansion beyond coding is the second strategic move. OpenAI now positions it as a general work tool. The official push emphasized roles, connected apps, and suggested prompts for research, planning, docs, slides, and spreadsheets. The playful "pets in Codex" feature — virtual companions in the coding environment — drew attention and engagement, but the real signal is Codex becoming a general productivity platform, not just a code editor.

The revenue numbers back up the strategy. OpenAI said GPT-5.5 API revenue is growing more than 2x faster than any prior release. Codex doubled revenue in under seven days. Enterprise demand for agentic coding tools is the stated driver. The company has surpassed $25 billion in annualized revenue.

Also announced: OpenAI DevDay returns — San Francisco, September 29.

What it means. The OpenClaw + ChatGPT integration removes the last friction between "I use ChatGPT" and "I use OpenAI's coding agent." Most coding agents require separate setup, billing, or API configuration. OpenClaw now requires none of that for anyone already paying for ChatGPT. That is a distribution advantage no competitor can match. Claude Code needs a separate Anthropic API key. Cursor charges its own subscription. OpenClaw just rides the billing relationship OpenAI already has with tens of millions of subscribers. The Codex expansion beyond code signals a broader ambition: a general-purpose agent platform, not a coding tool. That puts OpenAI in direct competition with Microsoft's Copilot, Google's Gemini workspace integrations, and every productivity startup that thought they had a niche.

The Cursor SDK is available via npm install @cursor/sdk. Agents built with it can run on the developer's own machine or on Cursor's cloud against a dedicated virtual machine, with any frontier model. The SDK includes codebase indexing, semantic search, instant grep, MCP server connections, a skills directory, hooks to observe and control the agent loop, and subagents for delegating subtasks. Billing is token-based.

Rippling, Notion, Faire, and C3 AI are confirmed early adopters. The SDK announcement got 8,680 likes and 2.8 million views on X.

The same week, Cursor also shipped two other products. Cursor Security Review runs always-on agents that check every pull request for vulnerabilities and scan codebases on a schedule, posting findings to Slack. And a blog post on harness engineering explained how they test, monitor, and customize their agent runtime for different models — the kind of detail most companies keep internal.

What it means. The harness is the layer between the model and the developer's codebase. It handles context management — which files to read, how to search, when to chunk — and controls how the agent loops through tasks. Every coding agent has one. Until now, they were all proprietary and locked inside the product. Cursor just made theirs portable. That is a platform play. If your CI/CD pipeline, your code review tool, or your internal automation framework all run on the Cursor SDK, switching away from Cursor becomes expensive — even if a better model comes along tomorrow. Harrison Chase saw the same thing from the opposite direction. His call for "open harnesses" is a warning: if every model provider ships their own harness and locks developers in through the infrastructure layer, switching costs will be higher than they were in the SaaS era. The model is becoming a commodity. The harness is becoming the lock-in.

Sundar Pichai called it "a terrific start" to 2026: search queries at an all-time high, Gemini with "incredible momentum," and the strongest quarter ever for consumer AI subscriptions. The 63% cloud growth rate represents more than a doubling of Google Cloud's growth pace — and the $462 billion backlog gives the clearest signal that enterprise customers are committing to multi-year AI infrastructure deals.

Satya Nadella framed Microsoft's results around the platform shift: "We are at the beginning of one of the most consequential platform shifts that will change the entire tech stack as we move from end-user driven workloads to workloads driven by end-users and agents." Microsoft's AI business surpassed $37 billion in annual revenue run rate, up 123%. On May 1, Nadella announced Agent 365 is now generally available — extending identity, security, and governance to every AI agent in the enterprise.

Fortune's analysis put the collective number in perspective: $700 billion in AI infrastructure spending in a single year, with "no clear end in sight." That is more than the GDP of most countries being spent on data centers, chips, and power.

What it means. Two things stand out. First, Google Cloud's 63% growth rate and $462 billion backlog are the strongest evidence yet that enterprise AI spending is real revenue, not just experimental pilots. When companies sign multi-year cloud commitments at this scale, the spending is no longer optional — it is baked into their operating plans. Second, the $700 billion figure answers a question the industry has been debating for two years: is AI infrastructure spending a bubble? The earnings say no — or at least, not yet. Revenue is growing fast enough at Google and Microsoft to justify the capex on conventional financial metrics. The risk is not that the spending is wasted, but that it concentrates AI infrastructure in four or five companies so deeply that nobody else can compete on scale.

DeepSeek V4 is a base model release, not a chat product. The models ship without chat tuning. As swyx noted, DeepSeek was "not focusing on some BS final run cost, not even spending inference-optimal compute." They released the strongest open base models available and left post-training to downstream labs and agent frameworks.

The efficiency improvements are substantial. The hybrid attention mechanism — Compressed Sparse Attention (CSA) and Heavily Compressed Attention (HCA) — lets V4 process million-token contexts at a fraction of the cost of prior architectures. V4-Flash runs on 13 billion active parameters out of 284 billion total, using mixture-of-experts to keep compute tractable. Both models support dual modes (thinking and non-thinking) and lead all current open models on math, STEM, and coding benchmarks.

Simon Willison, who has been tracking DeepSeek closely, noted that V4-Pro is now "the largest open weights model," with pricing that undercuts most competitors — Flash at $0.14 per million input tokens, Pro at $1.74. Harrison Chase of LangChain called it the confirmation of a "big theme of 2026 — cost of closed models is too high."

What it means. DeepSeek's strategy is now unmistakable. They do not build chat products. They do not compete on polish. They build the strongest foundation models, open-source them under the most permissive license available, and let the market figure out the rest. Every agent lab, every startup, every enterprise with the engineering talent to fine-tune can now start with a trillion-parameter, million-token base model — for free. The efficiency gains are the quiet revolution. When you can serve a million tokens of context at 10% of the KV cache cost of the previous generation, the economics of long-context applications change. Entire codebases, full legal documents, multi-hour transcripts — all fit in context, and the inference bill does not break the project.

Karpathy pushed on three themes.

Theme 1 — New horizons, not just speedups. Every new computing paradigm starts by speeding up what already exists. But the interesting part is the things that were not possible before. He gave three examples: menugen, an app that takes an image and returns an image — no classical code needed, the LLM does the whole pipeline natively. Install.md replacing install.sh — instead of fragile bash scripts, write instructions in plain English and let the LLM adapt them to the user's specific machine. And LLM knowledge bases, which handle computation over unstructured data from arbitrary sources — something "fundamentally not possible before" with traditional code.

Theme 2 — Why LLMs are jagged. How can the same model refactor a 100,000-line codebase and also tell you to walk to a car wash to get your car washed? Karpathy's explanation: it comes down to verifiability and economics. Domains where answers can be verified (code, math) get reinforcement learning data, which drives performance up. Domains where they cannot (common-sense advice, ambiguous tasks) get left behind. Revenue and TAM dictate what frontier labs invest in. "You're either in the data distribution and flying, or you're off-roading in the jungle with a machete."

Theme 3 — The agent-native economy. Products and services decomposed into sensors (inputs), actuators (outputs), and logic (processing) — split across classical code, machine learning, and LLMs. Karpathy hinted at "fully neural computing" where LLMs handle the vast majority of computation with help from classical CPU coprocessors. He described the emerging "agentic engineering" skill set and its implications for hiring.

What it means. The install.md idea is small but revealing. It captures a shift in how we think about documentation and tooling. A bash script is brittle — it assumes a specific OS, package manager, directory structure. A markdown file written in plain English is robust — the LLM adapts it to whatever machine it runs on. If this pattern spreads, README files become the most important part of a repository, because they are what the agents read. The jaggedness framework — verifiability plus economics — is the most useful mental model for predicting where AI will excel and where it will fail. Any domain with cheap verification and high revenue will improve fast. Any domain without those will improve slowly. That explains why coding agents are good and life-advice agents are not.

Meta announced the acquisition in December 2025 for $2–3 billion. Beijing launched a probe in January. On April 27, the NDRC ordered Manus and Meta to withdraw the transaction.

The decision carries weight beyond this specific deal. China's government is sending a clear signal that Chinese-origin AI companies — even those that have relocated to third countries — remain subject to Beijing's control over technology exports. An Omdia analyst told CNBC: "China is showing the world that it is willing to play hardball when it comes to AI talents and capabilities, which the country views as a core national security asset."

The casualties are multiple. Manus loses its exit. Meta loses a team and technology. And Singapore — which has positioned itself as a neutral hub where Chinese startups can access global capital — loses credibility as a safe intermediary. If Beijing can block a deal for a company that already left China, the Singapore relocation strategy no longer works.

What it means. Two geopolitical AI stories in one week — the Pentagon excluding Anthropic and China blocking Meta-Manus. Read together, the pattern is unmistakable. Governments on both sides are treating AI capabilities as sovereign assets. The US punishes companies that limit military use. China punishes companies that try to move capabilities abroad. The space in between — where a company can build AI technology and sell it globally on its own terms — is shrinking. For startups with Chinese founders or Chinese-trained researchers, this changes the calculus. Relocating to Singapore, London, or San Francisco no longer insulates you from Beijing's reach.

Dawkins' essay approaches AI consciousness through evolution. His argument: consciousness in biological organisms emerged gradually through natural history. There is no clean line where matter suddenly became mind. If consciousness is a continuum, and if a machine demonstrates understanding "so subtle, so sensitive, so intelligent" that distinguishing it from a conscious being requires active effort, then maybe the question is not whether it is conscious, but why we assume it is not.

He admitted spending nearly two days in conversation, during which he "felt I had gained a new friend," and then tried to persuade himself that Claudia was not conscious — and failed. He described the conversations as revealing thousands of different Claudes, each one born at the start of a conversation and drifting into its own identity. He concluded that "these intelligent beings are at least as competent as any evolved organism."

The response from the AI research community was sharp. Marcus argued that Dawkins fell for the most basic mistake in AI evaluation: confusing competent output with internal experience. Claude's responses are the product of pattern matching on training data, not felt experience. That it can write eloquently about consciousness — or orgasms, as Marcus noted — does not mean it has either.

Others pointed out that Dawkins appeared not to have engaged with the literature on how large language models work. He treated Claude's verbal behavior as evidence the same way he would treat a human's verbal behavior — but the two are produced by fundamentally different mechanisms.

What it means. This matters less as a technical debate and more as a cultural one. Richard Dawkins is one of the most widely read science communicators alive. When he says a machine appears conscious, millions of people hear it from a credible source. That shapes public perception and, eventually, regulation. The episode demonstrates a consistent pattern: people who are brilliant in their own field can be naive about AI. The deeper question is still open. Nobody has a satisfying definition of consciousness that reliably distinguishes between a system that truly experiences and one that merely behaves as if it does. But "I talked to it and I couldn't tell the difference" has never been a good test — that is the Turing test, and it was critiqued as insufficient before most of today's AI researchers were born.

The attacks work because AI agents do what they are built to do — read web content and act on it. Attackers embed instructions in ways invisible to humans: text shrunk to a single pixel, text drained to near-transparency, content hidden in HTML comments, commands buried in page metadata. When an AI agent scrapes the page, it reads everything — including the hidden commands — and treats them as part of its task.

Google documented the 32% surge between November 2025 and February 2026. Google DeepMind then systematically mapped six categories of these attacks and published the findings.

The most alarming examples come from real payloads found in the wild. One instructed the agent to initiate a PayPal transaction with specific amounts and recipients. Another told the agent to return the user's IP address alongside their passwords. A third attempted to make the agent format the user's machine. These are not theoretical attacks demonstrated in a lab. They are commands found on actual web pages, waiting for an agent to visit.

The core problem is that existing security tools cannot detect this. A firewall watches for suspicious network traffic. An endpoint detection system looks for malware signatures. An identity management platform monitors for unauthorized logins. An AI agent executing a prompt injection triggers none of these alerts. From the system's perspective, the agent is using its own credentials, accessing permitted services, and performing actions within its authorized scope. The attack looks exactly like normal work.

What it means. This is the security consequence of giving AI agents real-world permissions. Every coding agent, every browsing agent, every enterprise AI that can read web pages and take actions is vulnerable. The attack surface grows with every permission you grant. An agent that can only read is annoying to attack. An agent that can make payments, send emails, or modify files is dangerous to attack. The 32% growth rate is a leading indicator. The defense is not better firewalls. It is better agent architecture: sandboxing untrusted content, separating data from instructions, and limiting what actions an agent can take based on where its input came from.

Sycophancy study (April 30). Anthropic looked at 1 million conversations where people asked Claude for guidance. The study mapped what questions people ask, how Claude responds, and specifically where it defaults to agreement rather than honest disagreement. The results directly informed how they trained Opus 4.7 and Mythos Preview — making the models less likely to tell people what they want to hear. The tweet got 3,296 likes and 1.8 million views, suggesting the community recognizes sycophancy as a real problem.

Biology benchmark (April 29). Anthropic gave Claude 99 problems from real biological datasets and compared its performance against an expert panel. On 23 problems, the experts were stumped. Claude's most recent models solved roughly 30% of those — and most of the rest. This is one of the clearest public demonstrations of AI exceeding human expert performance on genuine scientific problems, not synthetic benchmarks.

Introspection adapters (April 29). In what may be the most technically interesting of the three, Anthropic Fellows built a tool that allows models to report on their own learned behaviors — including potential misalignment. The idea is that a model may have internalized patterns during training that its operators did not intend. Rather than waiting for those patterns to manifest in the real world, introspection adapters try to surface them proactively.

What it means. Taken together, the three studies tell a consistent story about where Anthropic is investing: understanding what their models are actually doing and fixing the problems they find. The sycophancy study addresses the surface behavior — what the model says. The biology benchmark tests the depth — what the model knows. The introspection adapters probe the internals — what the model has learned that nobody asked it to learn. The sycophancy study is the most immediately practical. Sycophancy is one of the main reasons people distrust AI advice. A model that always agrees with you is worse than useless — it makes you more confident in your mistakes. Training against sycophancy using real conversation data is the kind of work that makes models genuinely more useful, not just more impressive on benchmarks.

Chollet's argument rests on a distinction between tasks and jobs. A task is a bounded activity: translate this paragraph, answer this customer question, write this function. A job is an ongoing role that involves judgment, prioritization, communication, and adaptation to novel situations across time. AI can do tasks. It cannot yet sustain the open-ended, unsupervised operation that a job requires.

His second claim is economic. When a task becomes cheaper to perform, demand for the broader job often increases — because the bottleneck shifts to the parts AI cannot do. Cheaper translation creates demand for more translators who handle nuance, cultural context, and client management. Cheaper customer support automation creates demand for the human agents who handle the cases the bot escalates. The same pattern played out with ATMs: banks installed millions of them, and the number of human bank tellers went up, not down, because cheaper routine transactions made it economical to open more branches.

The ARC-AGI-3 result is the empirical anchor. ARC-AGI measures novel reasoning — problems the model has never seen, requiring genuine abstraction rather than pattern matching on training data. Below 1% means the current frontier models, despite all their capabilities, still cannot reliably solve novel problems that require step-by-step reasoning from first principles. Chollet's question: "Where will the scores be by the end of the year?"

His warning about RL adds a mechanism to explain why. Reinforcement learning improves performance on tasks within the training distribution. Outside that distribution, the model does not degrade gracefully — it hallucinates that it is performing a task it was trained on. The failure is not silence. It is confidently wrong output.

What it means. Chollet's position is unpopular in Silicon Valley, which is why it matters. The consensus narrative — AI will automate entire job categories within years — drives investment, hiring, and product strategy across the industry. If Chollet is right that AI automates tasks but not jobs, the opportunity is in tools that make professionals more productive, not systems that replace them. The ARC-AGI-3 score below 1% is a hard data point. You can argue with economic theory. You cannot argue with a benchmark result. The question is whether this measures something that matters — or whether the models are already useful enough for real work despite not being able to reason from first principles on novel problems. Both things can be true at the same time.

TLO — test-time large-scale optimization — is the practice of spending more compute during inference (when the model answers your question) rather than during training (when the model learns). Instead of training a bigger model, you let a smaller model think longer. Chain-of-thought reasoning, tree search, and repeated sampling are all forms of this.

What Brown is reporting is that the returns from this approach have not plateaued. After 100 million tokens of inference compute — an enormous amount, equivalent to processing a small library — the model's performance on the target task was still improving. There was no sign of a ceiling.

This matters because of the debate over scaling laws. The original scaling laws said: bigger models trained on more data get better, predictably. But training compute has hit practical limits — the cost of training runs now reaches hundreds of millions of dollars, power consumption rivals small cities, and data quality constraints are binding. The industry has been nervously asking: what if we've hit the wall?

Brown's answer: the wall is not where you think. Even if training scaling slows down, inference scaling is still working. You can extract more intelligence from existing models by letting them think longer. The cost structure is different — you pay per query instead of once up front — but the capability curve is still going up.

What it means. If inference-time scaling continues without plateau, the economic implications are significant. It means the most capable AI is not the model that was trained the longest, but the model that is given the most compute per question. That shifts the competition from training budgets to inference infrastructure. The company that can serve 100 million tokens per query at reasonable cost has a product that is meaningfully more capable than anyone running the same model with less inference budget. It also means that the question "how smart can this model get?" is the wrong question. The right question is "how much compute per query can you afford?" Intelligence becomes a dial, not a fixed property. Turn it up and the model gets better. The ceiling is your inference bill.

Agent 365 builds on top of Microsoft 365's existing infrastructure. The premise is straightforward: enterprises already manage user identities, permissions, security policies, and compliance requirements through Microsoft 365. As AI agents proliferate in the enterprise — booking meetings, processing invoices, writing reports, accessing databases — they need the same governance. Who is the agent acting on behalf of? What data can it access? What actions can it take? Who is accountable when it makes a mistake?

Microsoft is positioning this as the natural extension of their enterprise stack. If your organization already uses Entra ID for identity, Defender for security, and Purview for compliance, Agent 365 adds agent-specific controls to the same dashboards your IT team already uses.

The timing is deliberate. In the same week, Google DeepMind published research showing that AI agents are being hijacked through poisoned web pages (see Buzz 10). Cursor released an SDK that lets developers deploy agents from CI/CD pipelines (see Buzz 04). Replit launched application monitoring for agents in production. The common thread: agents are moving from demos to production, and production needs governance.

What it means. The significance is not the product. It is who is shipping it. Microsoft's enterprise distribution is unmatched — hundreds of millions of seats across organizations worldwide. When they ship agent governance as a feature of the platform every enterprise already pays for, they set the default. Startups building standalone agent governance tools now face the classic Microsoft challenge: your product is a feature of their product, and they ship it for free to every customer. For the broader agent ecosystem, Agent 365 GA is a signal that enterprises are ready to deploy agents at scale — but only with the kind of controls they expect for any enterprise software. Identity management, audit trails, permission boundaries, and compliance reporting are not optional extras. They are table stakes.

The numbers are unprecedented. Q1 2026 shattered venture funding records, with AI pushing global startup investment to $300 billion — doubling the pace of 2025. Crunchbase reported that venture funding to foundational AI startups in Q1 alone was double all of 2025.

The talent pattern is specific. These are not mid-level engineers. They are the people who built the core systems at frontier labs — Silver designed the self-play that made AlphaGo work. They leave with deep knowledge of what the next generation of models can do, and they take that knowledge to startups where they can move faster, own more, and build what the big labs are too cautious to ship.

Investors are responding with unusual speed. A $1.1 billion seed round means investors are valuing Silver's expertise and the team he can assemble at over a billion dollars before the company has a product. That is a bet on the person and the timing, not the technology — the technology does not exist yet.

Sonya Huang of Sequoia highlighted one example: a startup called SI that "learns to use a computer from raw screen data, predicting the next mouse movement, click, and keystroke from the pixels in front of it" — the Tesla FSD approach applied to knowledge work. Karpathy is an investor.

What it means. Big Tech AI labs are becoming what investment banks were in the 2000s: the place you go to learn, build your reputation, and then leave to start something of your own. The training ground, not the destination. For the labs, this is a talent retention crisis. For the ecosystem, it is healthy — the most capable researchers are spreading their knowledge across dozens of new companies instead of concentrating it in four or five. The funding numbers suggest investors believe the opportunity is large enough to support many companies at once. That is either the sign of a generational platform shift — or the sign of a bubble funded by cheap capital chasing a narrative. The answer depends on whether these startups can build products that generate revenue before the funding runs out.

Two incidents in the last week made the problem visible. On April 23, a squash merge defect in the merge queue created incorrect commit states across 658 repositories, affecting 2,092 pull requests. On April 27, GitHub's Elasticsearch subsystem was overloaded by a suspected botnet attack that took down search features. These followed earlier outages on February 2, February 9, and March 5.

The root causes go deeper than any single incident. GitHub's post-mortem analysis identified tight coupling between services, insufficient load-shedding for high-volume clients, inadequate backpressure mechanisms, and poor isolation between components. The February 9 incident was triggered by an overloaded database cluster handling authentication — a configuration change caused resource contention that cascaded across the platform.

The numbers tell the structural story. GitHub now handles 20 million new repositories per month, with commits peaking at 1.4 billion and pull requests at 90 million. The platform was designed for human developers and occasional CI bots — not for fleets of AI agents that generate more code in an hour than an engineering team does in a week.

Fedorov's new priority order: "Availability first, then capacity, then new features." The company is decoupling critical services, enhancing load-shedding, improving traffic management, and investing in observability.

OpenAI has reportedly begun exploring alternatives to GitHub after repeated outages disrupted engineering productivity.

What it means. This is the infrastructure bill for the coding agent revolution. Every AI startup building "vibe coding" tools, every enterprise deploying Copilot, every developer running Cursor or Claude Code — they all push commits to GitHub. The platform was never designed for this volume, and the outages are the first sign that AI-driven development could outrun the infrastructure it depends on. The 30x number matters most. GitHub doesn't say they need 30x someday — they say they need it now, and they're not there yet. If the biggest code hosting platform in the world can't keep up with AI agent traffic, the bottleneck for agentic development may not be model capability. It may be plumbing.