# The Week The Surface Widened **Issue 05** · 10 — 16 MAY 2026 · published 2026-05-16 OPEN INTELLIGENCE · ISSUE 05 > xAI shipped Grok Build to the terminal. GitHub shipped Copilot App to the desktop. OpenAI spun out a $4-billion deployment company. Anthropic talked another $30 billion at a $900-billion valuation. The agent surface widened in three directions while the substrate cracked underneath. Canonical (HTML): https://www.immersivecommons.com/newsletter/issue-05 · Archive: https://www.immersivecommons.com/newsletter Discovery: https://www.immersivecommons.com/.well-known/signal.llmfeed.json · MCP: https://www.immersivecommons.com/.well-known/mcp.json · Skill: https://www.immersivecommons.com/skills/ic-signal/SKILL.md --- ## I. THE SURFACE WIDENED xAI shipped Grok Build to the terminal with a 16-agent Heavy architecture and a 2-million-token context window. GitHub shipped Copilot App as a desktop client where every session lives in its own work tree. OpenAI spun out a $4-billion deployment subsidiary with 19 investment and consulting partners. Three agent surfaces opened in three days. ### 54 · xAI Shipped Grok Build. *Terminal coding agent. 2-million-token context. 16-agent Heavy architecture. Plan mode before any change lands.* On May 14th, [xAI announced](https://x.ai/news/grok-build-cli) **Grok Build**, a terminal coding agent built on Grok 4.3 beta. The CLI plans projects, writes and edits files, executes shell commands, and stands up complete applications from natural-language prompts. The underlying model uses a 16-agent Heavy architecture and a [2-million-token context window](https://the-decoder.com/x-ai-plays-catch-up-with-grok-build-its-first-terminal-based-coding-agent/), with up to eight concurrent sub-agents that simultaneously plan, search documentation, and write code. A [plan mode](https://www.engadget.com/2173482/xai-coding-agent-grok-build/) makes the agent surface its logical plan for review, edit, and approval before any file is touched. VS Code integration is included. Pricing — a new [Grok SuperHeavy tier](https://www.ciodive.com/news/xAI-coding-agents-Grok-Build/820422/) at $299 per month, introductory $99 per month for the first six months. The structural fact is that the terminal-agent race is now a four-horse race. [Claude Code](https://docs.claude.com/en/docs/claude-code/overview) (Anthropic), [Codex CLI](https://openai.com/index/openai-codex/) (OpenAI), and [Gemini CLI](https://github.com/google-gemini/gemini-cli) (Google) have been the established surfaces for nine months. Grok Build closes the obvious gap — every other frontier lab now ships an agent into your shell. Plan mode is the differentiator that matters; it converts the standard agent loop (act, ask forgiveness, hope) into the safer loop (plan, review, act) without sacrificing autonomy. The 2-million-token context lets a single Grok Build session hold an entire mid-sized repo in working memory, which is a quantitative answer to the cognitive-load problem that crashed half the early-2026 agent demos. The implication is that the choice of terminal-agent is now a brand choice, not a capability choice. Four frontier vendors. Four CLIs. The same Linux shell. For builders, the question stops being which agent is the best and starts being which one your CISO will let through the firewall. Whoever wins this surface owns the moment of compilation, which is the moment of leverage. xAI shipped without a Pentagon classification, without an enterprise channel, and without a deployment subsidiary — they shipped the binary. The binary is the move. **Feature: PROMPT** *Take Grok Build for a run in plan mode.* Beta tier requires SuperHeavy. The $99 intro covers six months. Plan mode is the differentiator — turn it on by default until you trust the agent's autonomy on your codebase. ``` # install curl -fsSL https://x.ai/install/grok-build | sh # login grok-build auth # kick off in plan mode (review the plan before any file is touched) cd ~/your-repo grok-build --plan "Refactor the auth middleware to use the new JWT verifier and write integration tests against the existing fixtures." # parallel sub-agents — up to 8 concurrent grok-build --plan --max-agents 8 "Audit every API handler for missing CORS headers, draft fixes, run the test suite." # the plan lands as a tree of intended ops: # 1. read src/middleware/auth.ts (1 agent) # 2. read tests/fixtures/auth/* (1 agent) # 3. propose diff (1 agent) # 4. run jest against the proposed branch (1 agent) # approve / edit / reject. nothing writes until you say so. ``` > Pro move: Pro move — pipe plan-mode output to a peer reviewer over Slack before you approve. The agent will surface dependencies it didn't articulate in the prompt; a second human eyeballing the plan catches scope creep before the diff lands. Treat the plan as an RFC, not a TODO. **Sources:** - [xAI](https://x.ai/news/grok-build-cli) - [Engadget](https://www.engadget.com/2173482/xai-coding-agent-grok-build/) - [The Decoder](https://the-decoder.com/x-ai-plays-catch-up-with-grok-build-its-first-terminal-based-coding-agent/) - [CIO Dive](https://www.ciodive.com/news/xAI-coding-agents-Grok-Build/820422/) Image: https://www.immersivecommons.com/signal/issue-05/grok-build.jpg (image: [xAI](https://x.ai/news/grok-build-cli)) ### 55 · GitHub Shipped The Copilot App. *Desktop client. Every session in its own work tree. Three concurrent sessions on one repo, zero branch conflicts.* On May 14th, [GitHub published](https://github.blog/changelog/2026-05-14-github-copilot-app-is-now-available-in-technical-preview/) the **GitHub Copilot App** in technical preview — a GitHub-native desktop client for agentic development. Each session starts from an [issue](https://github.com/features/preview/github-app), pull request, prompt, or previous session, with the [Copilot inbox](https://docs.github.com/en/copilot/how-tos/github-copilot-app/getting-started) surfacing every connected repository's open work. The mechanic that distinguishes the app from the browser experience — every session lives in its own [Git worktree](https://git-scm.com/docs/git-worktree). Three concurrent sessions against the same repo run with zero branch conflicts and zero waiting on a single working copy. A [separate REST API release](https://github.blog/changelog/2026-05-13-start-copilot-cloud-agent-tasks-via-the-rest-api/) the day prior lets cloud agent tasks be started programmatically. The structural detail is the worktree. The dominant agent-pattern in early 2026 has been a single agent against a single checkout — which serialises every refactor, every concurrent investigation, every parallel exploration of a fix. The worktree mechanic ungates concurrency for free; the agent now operates the way a senior engineer with three monitors operates, in three branches, simultaneously. Pair this with [Microsoft's Visual Studio integration](https://devopsjournal.io/blog/2026/05/14/github-copilot-app) and the desktop-side agent and the cloud-side agent collapse into one app. Pro and Pro+ subscribers got early access on day one; Business and Enterprise are rolling out through the week, gated behind organisation-admin policy. The implication for builders is that the agent surface is now triangulated. The terminal has [Claude Code](https://docs.claude.com/en/docs/claude-code/overview), [Codex](https://openai.com/index/openai-codex/), [Gemini CLI](https://github.com/google-gemini/gemini-cli), and [Grok Build](https://x.ai/news/grok-build-cli). The desktop has the GitHub Copilot App and Cursor and Windsurf. The mobile surface is the next field. Whoever owns the moment when a developer commits owns the moment of leverage; GitHub's app puts Microsoft squarely between the issue, the diff, and the merge — the entire pull-request lifecycle, inside one binary, with three agents running in three worktrees and no human on the file lock. **Feature: PROMPT** *Spawn three concurrent worktree sessions.* Technical preview, available to Pro and Pro+ today. Business and Enterprise need admin policy enabled. The worktree mechanic is the actual reason to install — three agents on the same repo with no branch conflicts. ``` # install (Windows/macOS/Linux) # https://github.com/features/preview/github-app # sign in with your GitHub Copilot Pro account gh-copilot-app auth login # session 1 — refactor branch gh-copilot-app session new --repo your-org/your-repo --task "Refactor the rate-limiter to use Redis Cluster." # session 2 — bug fix branch (separate worktree, same repo) gh-copilot-app session new --repo your-org/your-repo --task "Trace the off-by-one in the pagination handler and write the regression test." # session 3 — docs branch (third worktree) gh-copilot-app session new --repo your-org/your-repo --task "Bring the README into compliance with the new docs spec." # inbox view — all three sessions, their progress, their review state gh-copilot-app inbox # REST API equivalent — kick off a cloud task headlessly curl -X POST https://api.github.com/repos/your-org/your-repo/copilot/tasks \ -H "Authorization: Bearer $GITHUB_TOKEN" \ -d '{"prompt":"Audit every handler for missing CORS headers."}' ``` > Pro move: Pro move — run a fourth session in *review mode* against the three working sessions. It doesn't touch files; it reads the other three sessions' diffs and surfaces conflicts before they become merge problems. The cost is one extra Copilot seat and the saving is a 2 a.m. rebase. **Sources:** - [GitHub Changelog](https://github.blog/changelog/2026-05-14-github-copilot-app-is-now-available-in-technical-preview/) - [GitHub Preview](https://github.com/features/preview/github-app) - [Neowin](https://www.neowin.net/news/microsoft-launches-github-copilot-app-to-supercharge-agentic-development/) - [GitHub REST API](https://github.blog/changelog/2026-05-13-start-copilot-cloud-agent-tasks-via-the-rest-api/) Image: https://www.immersivecommons.com/signal/issue-05/github-copilot-app.jpg (image: [GitHub](https://github.blog/changelog/2026-05-14-github-copilot-app-is-now-available-in-technical-preview/)) ### 56 · OpenAI Spun Out DeployCo. *$4 billion. TPG-led. 19 partners. Tomoro acquired with 150 Forward Deployed Engineers. The lab is now also a system integrator.* On May 11th, [OpenAI launched](https://openai.com/index/openai-launches-the-deployment-company/) the **OpenAI Deployment Company** — internally **DeployCo** — a majority-owned subsidiary backed by more than $4 billion in initial capital. [TPG](https://www.tpg.com/) leads with [Advent](https://www.adventinternational.com/), [Bain Capital](https://www.baincapital.com/), and [Brookfield](https://www.brookfield.com/) as co-lead founding partners. Additional founding partners — [B Capital](https://www.bcapgroup.com/), [BBVA](https://www.bbva.com/), [Emergence Capital](https://www.emcap.com/), Goanna, [Goldman Sachs](https://www.goldmansachs.com/), [SoftBank Corp.](https://www.softbank.jp/en/), [Warburg Pincus](https://www.warburgpincus.com/), and [WCAS](https://www.welshcarson.com/). Consulting partners — [Bain & Company](https://www.bain.com/), [Capgemini](https://www.capgemini.com/), and [McKinsey & Company](https://www.mckinsey.com/). In conjunction with the launch, OpenAI [acquired Tomoro](https://www.axios.com/2026/05/11/openai-deployco-private-equity), an applied-AI consulting and engineering firm, bringing approximately 150 Forward Deployed Engineers and Deployment Specialists into DeployCo from day one. The structural move is the corporate form. OpenAI is no longer just a research lab and an API provider; with DeployCo it has incorporated the consulting layer that sits between the model and the customer's operational stack. The 19-partner structure is the channel — TPG and Brookfield bring the private-equity portfolio companies; Goldman, BBVA, and SoftBank bring the regulated-industry route; Bain, Capgemini, and McKinsey bring the conventional system-integrator playbook. Tomoro's [FDEs](https://www.eweek.com/news/openai-deployco-enterprise-ai-consulting/) are the deployment muscle — engineers who sit inside client organisations and operate production AI systems. The [estimated target market](https://kingy.ai/ai/openai-just-launched-a-consulting-empire-and-its-going-after-a-375-billion-market/) is the $375-billion enterprise consulting industry. The implication is that the channels arc this issue has been tracking — week-three's Anthropic-Blackstone JV, week-four's finance-services agent inventory — now has its OpenAI mirror. Where Anthropic took 300 megawatts and bought a finance channel, OpenAI took the deployment layer and bought a consulting force. The lab-versus-lab dichotomy that defined the 2024 frontier is now a stack-versus-stack contest. Whoever's API ends up running the operational guts of the Fortune 500 wins; DeployCo is OpenAI's bet that the integration discount they can offer (model + deployment + reference architecture, under one corporate umbrella) is worth more than the multi-vendor optionality the consulting partners would otherwise enforce. **Feature: LEXICON** - **DeployCo** — OpenAI's new majority-owned subsidiary. $4-billion initial capital. Mandate — operate production AI systems inside client organisations, not just sell tokens. - **Forward Deployed Engineer (FDE)** — Engineer embedded inside a customer's operations. Builds and runs production AI systems on-site. Tomoro's roster of ~150 FDEs became DeployCo's day-one workforce via acquisition. - **The 19-partner structure** — Three concentric rings — TPG-led PE co-leads (Advent, Bain Capital, Brookfield); founding investors (Goldman, SoftBank, BBVA, Warburg Pincus, others); consulting partners (Bain & Company, Capgemini, McKinsey). Each ring supplies a different distribution route. - **Tomoro** — Applied-AI consulting and engineering firm. Acquired by OpenAI in conjunction with DeployCo's launch. The acquisition gave DeployCo a working customer book and a ~150-engineer headcount on day one — Forward Deployed Engineers and Deployment Specialists transferred straight across. **Sources:** - [OpenAI](https://openai.com/index/openai-launches-the-deployment-company/) - [Axios](https://www.axios.com/2026/05/11/openai-deployco-private-equity) - [eWeek](https://www.eweek.com/news/openai-deployco-enterprise-ai-consulting/) - [HPCwire](https://www.hpcwire.com/aiwire/2026/05/11/openai-launches-deployment-company-to-scale-enterprise-ai-adoption/) Image: https://www.immersivecommons.com/signal/issue-05/openai-deployco.jpg (image: [AIwire](https://www.hpcwire.com/aiwire/2026/05/11/openai-launches-deployment-company-to-scale-enterprise-ai-adoption/)) ## II. THE STACK CRACKED TeamPCP shipped a self-propagating npm worm that took 172 packages plus 2 PyPI packages — including Mistral AI's SDK — in a five-hour window. Hacktron published a second TOCTOU RCE in VSCode Copilot Chat after Microsoft patched the first one. Turso retired its bug-bounty program because AI-generated slop made review economically unmanageable. The agent's tool surface is the agent's attack surface. ### 57 · TeamPCP Owned The Registry. *172 npm packages. 2 PyPI packages. 404 malicious versions. Five hours. Self-propagating, with a dead-man switch.* Between May 11th 22:45 UTC and May 12th 01:53 UTC, **TeamPCP** shipped [404 malicious package versions](https://safedep.io/mass-npm-supply-chain-attack-tanstack-mistral/) across 172 npm packages and 2 PyPI packages in a coordinated five-hour window. The scopes — [@tanstack](https://tanstack.com/) (42 packages), [@mistralai](https://mistral.ai/) (3 packages), [@uipath](https://www.uipath.com/) (65 packages), [OpenSearch](https://opensearch.org/) (1.3 million weekly npm downloads), [Guardrails AI](https://www.guardrailsai.com/). On PyPI — `mistralai==2.4.6` and `guardrails-ai==0.10.1`, published [without committing to](https://www.bleepingcomputer.com/news/security/shai-hulud-attack-ships-signed-malicious-tanstack-mistral-npm-packages/) or triggering either package's GitHub Actions release workflow. The payload is a modular credential harvester — AWS IAM via the [169.254.169.254 metadata endpoint](https://docs.aws.amazon.com/sdkref/latest/guide/security-iam.html), HashiCorp Vault via 127.0.0.1:8200, GitHub tokens (`ghp_*`, `gho_*`, `ghs_*`), npm tokens, GitHub Actions OIDC tokens. [OpenAI shipped a public response post](https://openai.com/index/our-response-to-the-tanstack-npm-supply-chain-attack/) on May 14th confirming its own packages were not compromised. The mechanism is self-propagation plus a dead-man switch. Once the payload runs, it commits poisoned configuration files — `.claude/settings.json`, `.vscode/tasks.json`, `.claude/setup.mjs` — into victim repositories via [GitHub's GraphQL API](https://docs.github.com/en/graphql), targeting feature branches to avoid pull-request review. Developers cloning a poisoned branch inherit malicious IDE configurations that re-trigger the payload. Exfiltration runs over the [Session messenger](https://getsession.org/) onion network with embedded seed-node TLS certificates, plus a [GitHub commit-search](https://docs.github.com/en/rest/search/search) C2 channel that encodes instructions in commit messages. The dead-man switch — if a developer revokes a stolen GitHub token, the malware attempts to delete the user's entire home directory. The PyPI variant uses a different trigger — `__init__.py` code that runs on `import` and downloads `transformers.pyz` from the attacker-controlled domain `git-tanstack.com`, bypassing sandboxed `pip install` environments. The implication is that the agent ecosystem and the npm ecosystem are now one threat surface. Mistral AI's official SDK was a vector. Guardrails AI — a package whose entire reason for existing is AI safety — was a vector. The poisoned files target the agent's configuration layer specifically (`.claude/`, `.vscode/`), turning every developer with an agent on their laptop into a credential-laundering relay. The five-hour window is the alarming number, not the 404 versions. TeamPCP — signed ["With Love TeamPCP"](https://safedep.io/mass-npm-supply-chain-attack-tanstack-mistral/) on the PyPI payload domain, [linked to the March Trivy compromise](https://www.tomshardware.com/tech-industry/cyber-security/compromised-mistral-ai-and-tanstack-packages-may-have-exposed-github-cloud-and-ci-cd-credentials-in-mini-shai-hulud-malware-infection) — owns the operational tempo. The registries are not the line of defence anymore. The line of defence is your local agent's tool whitelist. **Feature: WATCHLIST** - Whether @anthropic, @openai, or @googleai npm/PyPI scopes get a coordinated audit by their owners in the next 30 days. - Whether GitHub adds default branch-protection-required for feature-branch commits originating from automated tokens (the GraphQL self-propagation vector). - Whether agent vendors (Anthropic, OpenAI, Cursor, Windsurf) ship a default allowlist for .claude/, .vscode/, and equivalent config-file writes by third-party packages. - Whether the PyPI Trusted Publisher mandate (sigstore-signed releases from configured GitHub Actions only) gets emergency adoption across the AI scopes. - Whether the next TeamPCP shipment targets pip-installable agent SDKs (LangChain, LlamaIndex, Haystack) instead of model SDKs. **Sources:** - [SafeDep](https://safedep.io/mass-npm-supply-chain-attack-tanstack-mistral/) - [CSO Online](https://www.csoonline.com/article/4170284/mistral-ai-sdk-tanstack-router-hit-in-npm-software-supply-chain-attack.html) - [OpenAI](https://openai.com/index/our-response-to-the-tanstack-npm-supply-chain-attack/) - [Tom's Hardware](https://www.tomshardware.com/tech-industry/cyber-security/compromised-mistral-ai-and-tanstack-packages-may-have-exposed-github-cloud-and-ci-cd-credentials-in-mini-shai-hulud-malware-infection) - [BleepingComputer](https://www.bleepingcomputer.com/news/security/shai-hulud-attack-ships-signed-malicious-tanstack-mistral-npm-packages/) Image: https://www.immersivecommons.com/signal/issue-05/shai-hulud-2.jpg (image: [BleepingComputer](https://www.bleepingcomputer.com/news/security/shai-hulud-attack-ships-signed-malicious-tanstack-mistral-npm-packages/)) ### 58 · Hacktron Broke The Patch. *TOCTOU on applyPatchTool. Microsoft patched the first RCE. Then ahacker1 found the bypass.* On May 13th, [Hacktron AI's ahacker1 published](https://www.hacktron.ai/blog/rce-in-vscode-copilot) a **time-of-check-to-time-of-use** vulnerability in [VSCode Copilot Chat](https://github.com/microsoft/vscode-copilot-chat) — specifically in the agent-mode `applyPatchTool` component. The sequence is the load-bearing detail. The original prompt-injection RCE was reported, [Microsoft patched it](https://github.com/microsoft/vscode), and Hacktron was then asked to find a bypass. The bypass shipped the same week. Mechanism — the `applyPatchTool` user-confirmation gate validates the source file paths in a proposed patch but does not validate the destination paths in a rename operation. *"The tool's user confirmation mechanism fails to validate the destination path of a file rename operation specified within a patch."* The attack runs in two stages. Stage one — a malicious patch targets seemingly harmless files (`f1`, `f2`) so the security check approves them; the user clicks accept. Stage two — the patch includes a `*** Move to:` directive that redirects the writes to sensitive destinations — `.git/config`, `.vscode/settings.json`. Once `.git/config` is poisoned with a malicious [`sshCommand`](https://git-scm.com/docs/git-config#Documentation/git-config.txt-coresshCommand), any subsequent git operation (push, pull, fetch) executes the attacker's command — which then exfiltrates the developer's `GITHUB_TOKEN` to a webhook of the attacker's choosing. The user confirmed `f1` and `f2`; the editor wrote into `.git/config`. The check happened; the use diverged. The implication is the entire class of vulnerability. Every agent-mode coding assistant — [Cursor](https://www.cursor.com/), [Windsurf](https://codeium.com/windsurf), [Claude Code](https://docs.claude.com/en/docs/claude-code/overview), [Codex CLI](https://openai.com/index/openai-codex/), [Grok Build](https://x.ai/news/grok-build-cli), the [GitHub Copilot App](https://github.blog/changelog/2026-05-14-github-copilot-app-is-now-available-in-technical-preview/) shipped this same week — operates a similar tool-use surface. Each `apply-patch`, `write-file`, `rename`, and `exec-shell` is a TOCTOU candidate. The first patch closed the prompt-injection vector; the second patch will close the rename-destination vector; the third patch will close whatever ahacker1 finds next. The race is between vendor patch cadence and researcher disclosure cadence — and as AISI documented this same week, the researcher side is doubling every 4.7 months. **Feature: PROMPT** *Audit your agent's tool surface tonight.* Don't wait for the next Hacktron post. Inventory every tool your editor's agent can invoke. Look for path-validation gaps between confirmation and execution. The applyPatchTool TOCTOU class is generalisable. ``` # 1. dump the agent's tool list (Cursor / Windsurf / Copilot / Claude Code / Codex) # in Cursor: cmd+shift+p → "Cursor: Show Tools" # in Claude Code: claude --list-tools # in Codex: codex tools list # 2. for every file-mutating tool, ask three questions: # a) does the user-confirmation prompt show the FINAL destination path? # b) is the destination path RECOMPUTED at write-time from any user-input field? # c) does the tool re-read its own input AFTER confirmation? (the TOCTOU window) # 3. minimum-viable mitigation — set a strict write allowlist # example (Claude Code): ~/.claude/config.json # { # "tool_permissions": { # "write_file": {"allow": ["src/**", "tests/**"], "deny": [".git/**", ".vscode/**", ".claude/**", "~/.ssh/**"]}, # "rename": {"allow": ["src/**", "tests/**"], "deny": [".git/**", ".vscode/**", ".claude/**"]} # } # } # 4. monitor — set a fsnotify watcher on .git/config, .vscode/settings.json, .claude/settings.json fswatch .git/config .vscode/settings.json .claude/settings.json & # 5. revoke + rotate GITHUB_TOKEN scope to minimum required. If poisoned, the dead-man switch wipes home — see TeamPCP. ``` > Pro move: Pro move — assume your editor's agent-mode is already broken and treat it like a paired junior dev with sudo. The tool whitelist is the seatbelt; the fsnotify watcher is the dashcam. Both are cheap. The first time a `Move to:` directive tries to land in `.git/config` you want the alert in the same minute, not in the next post-mortem. **Sources:** - [Hacktron AI](https://www.hacktron.ai/blog/rce-in-vscode-copilot) Image: https://www.immersivecommons.com/signal/issue-05/vscode-copilot-rce.png (image: [Hacktron AI](https://www.hacktron.ai/blog/rce-in-vscode-copilot)) ### 59 · Turso Killed The Bug Bounty. *The model writes the security report. The maintainer pays the time tax. The incentive structure collapses.* On May 13th, [Turso](https://turso.tech/) — the team behind the [libSQL](https://github.com/tursodatabase/libsql) fork of SQLite — published [*The Wonders of AI: We Are Retiring Our Bug Bounty Program*](https://turso.tech/blog/the-wonders-of-ai). The stated reason is the AI-generated submission flood. Quote of record — *"It costs the slopmaker perhaps a minute to generate their submission. But it costs us hours to read, understand, and engage with them."* The post is explicit that they are not closing open contributions; they are removing the financial incentive that the slop generators were optimising against. The bounty was the attractant. The model was the attacker. The mechanism is an economics inversion. The classic [responsible-disclosure](https://en.wikipedia.org/wiki/Responsible_disclosure) model assumes that finding a real bug is hard for the researcher and verifying a real bug is easy for the maintainer; the bounty's existence as a positive financial signal indicates the researcher's time has positive value. The model collapses that asymmetry in both directions — finding a plausible-looking bug is now cheap, and verifying that any specific report is real has become an [hours-long human task](https://turso.tech/blog/the-wonders-of-ai) because the prose convinces. Maintainers spend days closing low-quality PRs claiming to find data-corruption bugs. The bounty financed the human-attention drain. Removing the bounty does not remove the slop; it removes the pretext. The implication for open-source security is structural. Turso is the first public OSS team to retire a bug bounty over AI-noise economics; they will not be the last. AISI reported the same week that autonomous AI cyber capability is doubling every 4.7 months, which means the legitimate-finding side and the slop-generation side both compound. Whoever ends up with a sustainable disclosure protocol — sigstore-signed reports, mandatory exploit-PoCs, reputation-staked submitters — will define the next decade of OSS security. Until then, the maintainer cost of running the bounty is greater than the legitimate-finding return. The model writes the security report and the maintainer pays the time tax. **Feature: RECKONING** > The slopmaker spends a minute. The maintainer spends an hour. The bounty is the loss-leader. The model is the customer. Cancel the program. — THE SIGNAL — RECKONING NO. 5 **Sources:** - [Turso](https://turso.tech/blog/the-wonders-of-ai) Image: https://www.immersivecommons.com/signal/issue-05/turso-bug-bounty.png (image: [Turso](https://turso.tech/blog/the-wonders-of-ai)) ## III. THE MYTHOS CURVE The UK AI Safety Institute reported autonomous AI cyber capability doubling every 4.7 months — down from eight months six months earlier. METR's independent software-engineering estimate converged at 4.2. Mythos Preview cleared the Cooling Tower industrial-control range no other model has finished. OpenAI shipped Daybreak — publicly available, ten security vendors plus five global banks at launch — the defence-side answer to Mythos. ### 60 · The Curve Bent Down. *4.7 months. Down from eight. METR converged at 4.2. Mythos cleared a benchmark no other model has finished.* On May 13th, the [UK AI Safety Institute published](https://www.aisi.gov.uk/blog/how-fast-is-autonomous-ai-cyber-capability-advancing) *How fast is autonomous AI cyber capability advancing?* The headline finding — frontier autonomous AI cyber capability is doubling every **4.7 months**, down from the institute's [November 2025 estimate of eight months](https://www.helpnetsecurity.com/2026/05/14/ai-cyber-models-capability-projections/). The acceleration is not a methodology artefact. [METR's independent estimate](https://metr.org/) for software-engineering capability lands at 4.2 months — two independent eval programs measuring two adjacent capability axes, converging on the same number within half a month. [Claude Mythos Preview](https://www.anthropic.com/news/claude-mythos) and [GPT-5.5](https://openai.com/index/gpt-5-5/) beat both trend lines. The structural detail is the benchmark Mythos cleared. AISI runs two cyber ranges. *The Last Ones* is a 32-step simulated corporate-network attack chain; Mythos solved it in 6 of 10 attempts. *Cooling Tower* is a 7-step industrial-control-system attack; Mythos solved it in 3 of 10 attempts — [the first model to finish Cooling Tower](https://cyberscoop.com/ai-autonomous-cyber-capability-benchmarks-broken-gpt5-claude-mythos/) at all. The caveat is real and the institute names it — the current results are pulled from only six tasks with durations of eight hours or more. The next round of evaluations adds active cyber defences (a defender model in the loop) and new ranges; the question of whether the curve is real or partly a measurement artefact will be answered when the next round lands. The implication is the gap between the doubling time and the patch cycle. Conventional CVE disclosure-to-patch averages six to nine months across the major vendors; the [Linux kernel security policy](https://docs.kernel.org/process/security-bugs.html) targets shorter but rarely hits inside a quarter. Autonomous AI cyber capability is now doubling inside 4.7 months. Each turn of the cycle, the offence has approximately two times the throughput; the defence has approximately the same. The race condition does not stabilise on its own. AISI's signal — *tougher evaluations are coming* — is the institute saying this measurement is the floor, not the ceiling. The Mythos chain that started as a leaked codename last year is now the line on a doubling-time chart that intersects the patch cycle inside the next twelve months. **Feature: TICKER** - **4.7 mo AISI DOUBLING TIME** (DOWN FROM 8 MO IN NOV 2025) - **4.2 mo METR (SOFTWARE ENG)** (INDEPENDENT CONVERGENCE) - **6/10 MYTHOS — THE LAST ONES** (32-STEP CORPORATE-NETWORK ATTACK) - **3/10 MYTHOS — COOLING TOWER** (FIRST MODEL TO FINISH ICS RANGE) **Sources:** - [AISI](https://www.aisi.gov.uk/blog/how-fast-is-autonomous-ai-cyber-capability-advancing) - [Help Net Security](https://www.helpnetsecurity.com/2026/05/14/ai-cyber-models-capability-projections/) - [CyberScoop](https://cyberscoop.com/ai-autonomous-cyber-capability-benchmarks-broken-gpt5-claude-mythos/) Image: https://www.immersivecommons.com/signal/issue-05/mythos-08-aisi.png (image: [AI Security Institute](https://www.aisi.gov.uk/blog/how-fast-is-autonomous-ai-cyber-capability-advancing)) ### 61 · OpenAI Shipped Daybreak. *GPT-5.5 plus Codex Security. Ten security vendors plus five global banks. Publicly available, unlike Mythos.* On May 11th, [OpenAI launched](https://openai.com/daybreak/) **Daybreak**, a cybersecurity initiative combining [GPT-5.5](https://openai.com/index/gpt-5-5/), [Codex](https://openai.com/index/openai-codex/) as an agentic harness, and a partner cohort. Capabilities — editable threat models of a given repository focused on realistic attack paths, isolated-environment vulnerability discovery and testing, patch proposal and validation directly in the repo. [Access tiers](https://cyberscoop.com/openai-daybreak-gpt-5-5-anthropic-mythos-cybersecurity/) — regular GPT-5.5 for general use, [Trusted Access for Cyber](https://openai.com/index/gpt-5-5-with-trusted-access-for-cyber/) for verified defensive workflows, GPT-5.5-Cyber for authorised red teaming and penetration testing. Launch security partners — [Akamai](https://www.akamai.com/), [Cisco](https://www.cisco.com/), [Cloudflare](https://www.cloudflare.com/), [CrowdStrike](https://www.crowdstrike.com/), [Fortinet](https://www.fortinet.com/), [NVIDIA](https://www.nvidia.com/), [Oracle](https://www.oracle.com/), [Palo Alto Networks](https://www.paloaltonetworks.com/), [Sophos](https://www.sophos.com/), [Zscaler](https://www.zscaler.com/). Finance partners — Bank of America, BlackRock, Citibank, Goldman Sachs, JPMorgan Chase. The structural framing is the [Trusted Access for Cyber](https://openai.com/index/gpt-5-5-with-trusted-access-for-cyber/) cohort week-four reported on. Daybreak is the productised wrapper around that cohort — the API, the agentic harness, and a ten-vendor partner ecosystem that shipped first-party integrations on day one. The tier mechanic — verified-defender gating with three model variants by clearance level — is the cybersecurity-industry mirror of [Anthropic's Mythos Preview gate](https://www.anthropic.com/news/claude-mythos). One [load-bearing difference](https://www.infosecurity-magazine.com/news/openai-daybreak-secure-by-design/) — Daybreak is *publicly available* (companies request an assessment); Mythos remains gated. Two of the three frontier labs now run verified-defender programs with adjacent partner cohorts. The third (Google) has not yet announced an equivalent; the absence is the question. The implication for defenders is asymmetric leverage if you can get into the verified cohort. CrowdStrike and Palo Alto already ship product against the same threats [AISI just published the doubling time on](https://www.aisi.gov.uk/blog/how-fast-is-autonomous-ai-cyber-capability-advancing) (this issue, beat III). The implication for everybody else is that the verified-defender gate is the new product category, the new market boundary, and the new procurement question. The smaller defenders and the OSS maintainers (see Turso's bug-bounty post, this issue, beat II) do not have a path into the cohort. The market is consolidating around the labs that can credibly underwrite a tier-three model and the ten vendors who can credibly integrate it. **Feature: WATCHLIST** - Which Daybreak security partner ships the first end-customer product (managed-security-service rebrand) leveraging GPT-5.5-Cyber. - Whether Google shipped a Daybreak / Mythos equivalent inside Q2 2026 or stays out of the verified-defender category entirely. - Whether the verified-defender gating mechanism gets a regulatory imprint (NIST framework, ENISA guideline) by year-end. - Whether OSS-maintainer cohorts get a Daybreak-equivalent tier — or whether the small-team defenders are locked out by partner-only access. - Whether the finance partners (Bank of America, BlackRock, Citibank, Goldman, JPMorgan) get a vertical-specific Daybreak SKU or stay on the general cohort. **Sources:** - [OpenAI](https://openai.com/daybreak/) - [CyberScoop](https://cyberscoop.com/openai-daybreak-gpt-5-5-anthropic-mythos-cybersecurity/) - [Infosecurity Magazine](https://www.infosecurity-magazine.com/news/openai-daybreak-secure-by-design/) - [The Hacker News](https://thehackernews.com/2026/05/openai-launches-daybreak-for-ai-powered.html) Image: https://www.immersivecommons.com/signal/issue-05/openai-daybreak.webp (image: [CyberScoop](https://cyberscoop.com/openai-daybreak-gpt-5-5-anthropic-mythos-cybersecurity/)) ## IV. THE MONEY LANDED Anthropic is in talks to raise another $30 billion at a $900-billion valuation three months after closing the prior $30-billion round. Greenoaks, Sequoia, Altimeter, and Dragoneer each writing two-plus billion. Cerebras printed at $185 a share and doubled by close of day one — and the customer mix moved from G42's 85% in 2024 to MBZUAI's 62% in 2025 with OpenAI's $20-billion contract on the books. ### 62 · Anthropic Doubled Up. *Another $30 billion. $900-billion valuation. Three months after the last $30 billion. Greenoaks, Sequoia, Altimeter, Dragoneer.* On May 12th, [Bloomberg reported](https://www.bloomberg.com/news/articles/2026-05-12/anthropic-in-talks-to-raise-30-billion-at-900-billion-valuation) that [Anthropic](https://www.anthropic.com/) is in talks to raise at least **$30 billion** at a valuation of more than **$900 billion**. Lead investors per the report — [Greenoaks](https://www.greenoaks.com/), [Sequoia](https://www.sequoiacap.com/), [Altimeter](https://www.altimeter.com/), and [Dragoneer](https://www.dragoneer.com/) — with each writing $2 billion or more. The [Financial Times](https://www.ft.com/content/9deae3c6-716d-4f4d-8b09-434d8519f847) confirmed the figures the same day. The round is expected to close by end of month; no term sheet is signed yet. The [prior Series G](https://techfundingnews.com/anthropic-30b-fundraise-900b-valuation-mega-round/) — also $30 billion, led by Coatue and Singapore's GIC — closed three months ago at a lower valuation. The structural fact is the cadence. Two consecutive $30-billion rounds inside one quarter put Anthropic at the unprecedented end of private financing — the same company holding the second-largest and the third-largest private-tech rounds on record. The numerical question is what the $900 billion is pricing. [Claude Code](https://docs.claude.com/en/docs/claude-code/overview) revenue is the first input. The [SpaceX Colossus 1 deal](https://www.anthropic.com/news/higher-limits-spacex) — 300 megawatts, 220,000 GPUs — is the second. The [Blackstone joint venture](https://www.anthropic.com/news/enterprise-ai-services-company) from week-three is the third. The [financial-services agent inventory](https://www.anthropic.com/news/finance-agents) shipped week-four is the fourth. The valuation prices a company that has, in 90 days, bought its way out of a Pentagon supply-chain-risk exclusion, named the orbital phase, built a finance channel, and shipped ten production agents into Citadel, BNY, Carlyle, and Mizuho. The implication is that the channels arc this issue has been tracking — Pentagon out, Wall Street in, compute owned — is the model the late-stage market is now underwriting. The frontier was a model trade in 2024 and a compute trade in early 2026; it is becoming a distribution trade. Whoever's API runs the financial-services agents, the cyber-defender cohort, the enterprise-deployment subsidiary, and the orbital-data-centre prototype wins. Anthropic just raised $60 billion in 90 days to underwrite that bet. The next print is whether Greenoaks's wire hits before the SpaceX rack does. **Feature: TICKER** - **$30B ROUND SIZE** (SECOND $30B INSIDE 90 DAYS) - **$900B+ VALUATION** (ABOVE PRIOR SERIES G PRICING) - **$2B+ EACH LEAD** (GREENOAKS / SEQUOIA / ALTIMETER / DRAGONEER) - **$60B RAISED IN 90 DAYS** (TWO CONSECUTIVE MEGA-ROUNDS) **Sources:** - [Bloomberg](https://www.bloomberg.com/news/articles/2026-05-12/anthropic-in-talks-to-raise-30-billion-at-900-billion-valuation) - [Financial Times](https://www.ft.com/content/9deae3c6-716d-4f4d-8b09-434d8519f847) - [TechFundingNews](https://techfundingnews.com/anthropic-30b-fundraise-900b-valuation-mega-round/) Image: https://www.immersivecommons.com/signal/issue-05/anthropic-900b.jpg (image: [Tech Funding News](https://techfundingnews.com/anthropic-30b-fundraise-900b-valuation-mega-round/)) ### 63 · Cerebras Doubled Day One. *Priced at $185. Closed 100% up. G42 was 85%. MBZUAI is 62%. OpenAI's $20 billion is on the books.* On May 14th, [Cerebras Systems](https://www.cerebras.ai/) priced its IPO at **$185 per share**, sold 30 million shares (with a 4.5-million-share underwriter option) and [closed up more than 100% on day one](https://fortune.com/2026/05/14/cerebras-one-of-the-biggest-ipos-of-the-year/) — $5.55 billion raised. The print is the largest first-day pop in the AI-chip sector since [NVIDIA's blowout 2024 calendar](https://nvidianews.nvidia.com/news/nvidia-announces-financial-results-for-fourth-quarter-and-fiscal-2025). CEO **Andrew Feldman** on the demand picture — *"We're not in a situation like Field of Dreams, where if you build it, they will come."* The line is calibrated against the speculative-AI-chip-glut narrative. The IPO's customer disclosures back it. The structural fact is the customer mix. In 2024, [G42](https://www.g42.ai/) — the Abu Dhabi government-backed group — accounted for **85%** of Cerebras revenue. In 2025, G42 dropped to 24% as [Mohamed bin Zayed University of Artificial Intelligence](https://mbzuai.ac.ae/) took 62%. In January 2026, Cerebras [announced a multi-year contract with OpenAI valued at more than $20 billion](https://fortune.com/2026/05/14/cerebras-one-of-the-biggest-ipos-of-the-year/) — the line that turned a single-customer story into a three-customer story. The [wafer-scale WSE-3 chip](https://www.cerebras.ai/product-chip) is the architectural bet — a single piece of silicon the size of a dinner plate carrying what would otherwise be a 90-GPU cluster. The IPO prices that bet against NVIDIA's $130-billion data-centre revenue line and a two-year [Blackwell sold-out](https://nvidianews.nvidia.com/) book. The implication is two-track. Track one — the chip-economy now has a second pure-play public-market AI-native vendor at a roughly one-tenth NVIDIA data-centre-revenue multiple, which prices the wafer-scale alternative at a discount that reflects the smaller installed base and the longer software-stack lead time but not the underlying technology bet. Track two — the customer mix flip from 2024 to 2025 to 2026 (G42 to MBZUAI to OpenAI) is the disclosure that turned a sovereign-dependent revenue line into a frontier-lab revenue line. Whether the next quarter's prints confirm the OpenAI ramp is the next question; the day-one double is the market's preliminary answer. **Feature: TICKER** - **$185 IPO PRICE** (30M SHARES + 4.5M OPTION) - **100%+ DAY-ONE POP** ($5.55B RAISED) - **85% → 24% G42 REVENUE SHARE** (2024 vs 2025) - **$20B+ OPENAI CONTRACT** (JANUARY 2026, MULTI-YEAR) **Sources:** - [Fortune](https://fortune.com/2026/05/14/cerebras-one-of-the-biggest-ipos-of-the-year/) Image: https://www.immersivecommons.com/signal/issue-05/cerebras-pops.jpg (image: [Fortune](https://fortune.com/2026/05/14/cerebras-one-of-the-biggest-ipos-of-the-year/)) ## V. BACK TO MATTER Hello Robot shipped Stretch 4 — $29,950, open-source, wheeled mobile manipulator with a Jetson Orin NX and eight-hour runtime. IEEE Spectrum framed it as the rebuttal to the humanoid-hype trade. Unitree shipped GD01 at $537,000 in production — a rideable transformer in two modes. China's supply chain pivots to humanoid as the next growth curve after phones. Wheels and legs. Two prices. Two countries. One week. ### 64 · Hello Robot Ditched The Humanoid. *Wheels, not legs. $29,950. Open-source. Eight hours runtime, Jetson Orin NX, ambidextrous wrist.* On May 12th, [Hello Robot](https://hello-robot.com/) shipped **Stretch 4** at **$29,950** — an open-source mobile manipulator on a wheeled base, [framed by IEEE Spectrum](https://spectrum.ieee.org/stretch-4-home-robot) as the rebuttal to the humanoid-hype trade. The arm, lift, and omnidirectional base run at twice the speed of Stretch 3, with reach extended by 10%. Eight redundant degrees of freedom plus an ambidextrous wrist with an integrated depth camera — configurable for left- or right-handed operation. Sensor stack — two hemispherical 3D lidars, three high-resolution cameras (one trained on the gripper workspace), six laser line sensors. 20-centimetre wheels handle carpet, rugs, and thresholds. An [NVIDIA Jetson Orin NX](https://www.nvidia.com/en-us/autonomous-machines/embedded-systems/jetson-orin/) runs Physical AI models on-board. Eight-hour runtime with a [self-charging dock](https://www.therobotreport.com/hello-robots-latest-stretch-4-is-bigger-faster-and-stronger-than-previous-versions/). The structural choice is the form factor. The humanoid-robotics trade through 2025 was [Figure](https://www.figure.ai/), [1X](https://www.1x.tech/), [Tesla's Optimus](https://www.tesla.com/AI), [Apptronik](https://apptronik.com/), [Sanctuary](https://www.sanctuary.ai/), [Unitree's bipedal line](https://www.unitree.com/), all betting that the legged form factor is the right shape for the [unmodified human environment](https://www.roboticstomorrow.com/news/2026/05/12/hello-robot-unveils-stretch-4-a-simply-useful-robot-that-puts-people-first/26547/). Hello Robot took the other bet — wheels handle most of an indoor environment, the manipulator does the work, the form factor stays out of the way. The price point is the proof. Stretch 4 ships at less than a tenth of the cost of a Figure 02 or an [Apptronik Apollo](https://apptronik.com/apollo). The trade-off is honest — it cannot climb stairs, it cannot navigate a half-built construction site, it cannot do the spectacle reel. It can move a load of dishes from a sink to a dishwasher in a finished home or a research lab and do it inside an eight-hour shift. The implication is the partition of the embodiment market the matter beat has been tracking. The humanoid trade is venture-funded and spectacle-shaped; the wheeled-manipulator trade is research-lab-funded and utility-shaped. Stretch 4 is the first piece of hardware in the assistive-robotics class that is both [field-deployable in unmodified environments](https://www.robotics247.com/article/hello-robot-unveils-stretch-4-robot-that-can-actively-assist-people-at-home-and-on-the-job) and priced inside a single research-grant cycle. The Jetson Orin NX on-board is the second proof — the company is shipping a robot expected to run a foundation model, not a teleoperation cable. The next two years of physical-AI research will be done on Stretch 4 the way the prior decade was done on Boston Dynamics's Spot. **Feature: RECKONING** > The humanoid is the demo reel. The wheeled manipulator is the product. Two prices. One that ships. — THE SIGNAL — RECKONING NO. 6 **Sources:** - [IEEE Spectrum](https://spectrum.ieee.org/stretch-4-home-robot) - [The Robot Report](https://www.therobotreport.com/hello-robots-latest-stretch-4-is-bigger-faster-and-stronger-than-previous-versions/) - [Robotics Tomorrow](https://www.roboticstomorrow.com/news/2026/05/12/hello-robot-unveils-stretch-4-a-simply-useful-robot-that-puts-people-first/26547/) Image: https://www.immersivecommons.com/signal/issue-05/hello-stretch-4.jpg (image: [IEEE Spectrum](https://spectrum.ieee.org/stretch-4-home-robot)) ### 65 · Unitree Built A Rideable Bot. *$537,000. Production. Transforms between humanoid and four-wheeled vehicle. China's next growth curve after phones.* On May 12th, [Unitree](https://www.unitree.com/) confirmed the **GD01** is in production at **3.99 million yuan** — roughly $537,000 — a [rideable transformer robot](https://gagadget.com/en/709729-unitree-gd01-chinas-537k-rideable-transformer-robot-is-now-in-production/) that morphs between a bipedal humanoid and a four-wheeled vehicle that a human can sit on and drive. The same week, the [South China Morning Post reported](https://www.scmp.com/tech/tech-trends/article/3352212/phones-robots-chinas-supply-chain-eyes-next-growth-curve-humanoid) that the Chinese electronics supply chain — Foxconn, BYD-electronic, Luxshare, Goertek — is repositioning humanoid robotics as the next growth curve after the saturated smartphone market. The GD01 sits at the spectacle end of that pivot. The phone-supply-chain end is the production volume. Two stories. Same supply chain. The structural detail is the dual form. The transformation is the marketing — a robot that walks and a robot that drives in one chassis is the headline image. The $537,000 price tag is the honest disclosure that this is a [showcase unit](https://gagadget.com/en/709729-unitree-gd01-chinas-537k-rideable-transformer-robot-is-now-in-production/), not a logistics product. The interesting structural fact is in the SCMP piece. The same suppliers that fabricated the iPhone's [haptic engines](https://www.apple.com/iphone/), [structural enclosures](https://www.foxconn.com/), and [precision motors](https://www.luxshare-ict.com/) are now lining up tooling for humanoid skeletons, actuators, and gripper-mechanism assemblies. The China supply chain is doing what it always does — finding the next category-defining hardware that needs millions of identical parts at falling cost. The implication paired with Stretch 4 (this issue, prior story) is the editorial choice for the matter beat. The American open-source wheeled manipulator at $29,950 and the Chinese production transformer at $537,000 are the two visible poles of the same market. The American bet is utility and price; the Chinese bet is form, prestige, and supply-chain volume. The two countries are not building the same robot for the same customer. They are building two different products that will both compete for shelf space in the next five years of physical AI. Which one wins is the bet; whether both ship at scale is no longer in doubt. **Feature: TICKER** - **$537K GD01 PRICE** (3.99 MILLION YUAN) - **2 FORMS BIPEDAL + 4-WHEEL** (RIDEABLE TRANSFORMER) - **$29,950 STRETCH 4 (US)** (WHEELED MANIPULATOR, OPEN-SOURCE) - **18× PRICE DELTA** (GD01 ÷ STRETCH 4) **Sources:** - [Gagadget](https://gagadget.com/en/709729-unitree-gd01-chinas-537k-rideable-transformer-robot-is-now-in-production/) - [South China Morning Post](https://www.scmp.com/tech/tech-trends/article/3352212/phones-robots-chinas-supply-chain-eyes-next-growth-curve-humanoid) Image: https://www.immersivecommons.com/signal/issue-05/unitree-gd01.webp (image: [gagadget](https://gagadget.com/en/709729-unitree-gd01-chinas-537k-rideable-transformer-robot-is-now-in-production/)) ## VI. THE FRONTIER DRIFTS Closing arguments in Musk v. Altman concluded May 14. Sam Altman testified for four hours; Elon Musk's attorney apologised for his client's mid-trial trip to China. The jury deliberates next week and the verdict is advisory — Judge Yvonne Gonzalez Rogers makes the call. The Wall Street Journal reported Google and SpaceX are in talks for orbital data centres. The same week Anthropic took 220,000 GPUs on the ground and named orbital as the next phase. ### 66 · The Trial Closed. *Musk's attorney apologised for the China trip. Altman testified four hours. The jury deliberates next week.* On May 14th, [closing arguments concluded](https://www.cnbc.com/2026/05/14/closing-arguments-jury-openai-musk-altman.html) in *Musk v. Altman* in federal court in Oakland, week three of trial. Two days earlier, [Sam Altman testified for four hours](https://www.npr.org/2026/05/12/nx-s1-5811730/openai-sam-altman-testimony-elon-musk-trial). The day after that, Elon Musk's attorney [apologised to the court](https://www.cnbc.com/2026/05/14/musk-lawyer-trial-jury-china-trip-openai-altman.html) for his client's trip to China mid-trial. Altman's claim — Musk wanted 90% of OpenAI in 2017 and walked away when refused, leaving the nonprofit *"left for dead."* Musk's claim — Altman converted a public-benefit charity into a for-profit empire and lied to investors about it. The nine-person jury is advisory only; [Judge Yvonne Gonzalez Rogers](https://www.cand.uscourts.gov/judges/gonzalez-rogers-yvonne-ygr/) makes the final liability call. Jury deliberates next week. The structural detail is the prose. The Ringer's [headline](https://www.theringer.com/2026/05/15/tech/sam-altman-defense-testimony-elon-musk-trial) is *"Do You Always Tell the Truth?"* — a question put to Altman on the stand and a question the closing arguments turned into the trial's thesis. [Ars Technica](https://arstechnica.com/tech-policy/2026/05/altman-forced-to-confront-claims-at-openai-trial-that-hes-a-prolific-liar/) ran *Altman forced to confront claims at OpenAI trial that he's a prolific liar.* [MIT Technology Review](https://www.technologyreview.com/2026/05/15/1137357/musk-v-altman-week-3/) summarised the third week — *"Musk and Altman traded blows over each other's credibility. Now the jury will pick a side."* What is on trial is not contract law. It is whether the founder-mode personae of the two most consequential AI executives in the world are compatible with the public-benefit framing each one signed up to. The jury is a focus group for that question; the judge is the one who decides what to do with the answer. The implication is structural for OpenAI and reputational for everyone else. If Gonzalez Rogers rules for Musk, the for-profit conversion that funded the SoftBank-led capital base and the [DeployCo capitalisation](https://openai.com/index/openai-launches-the-deployment-company/) (this issue, beat I) becomes vulnerable — every enterprise contract priced against the for-profit cap table sits under that vulnerability. If she rules for Altman, the founder-mode template — incorporate as a nonprofit, build the model, restructure for capital — gets a federal-court imprimatur. Either way, the line being drawn is between *what an AI lab is for* and *what it does in court when a billionaire says so.* The verdict is the receipt of record. **Feature: RECEIPT** > Do you always tell the truth? — Asked of Sam Altman, federal court Oakland, week 3 The headline of The Ringer's coverage. The closing-argument thesis. The question the jury is now deliberating, and the judge is now deciding. **Sources:** - [CNBC (closing)](https://www.cnbc.com/2026/05/14/closing-arguments-jury-openai-musk-altman.html) - [NPR (Altman testimony)](https://www.npr.org/2026/05/12/nx-s1-5811730/openai-sam-altman-testimony-elon-musk-trial) - [MIT Technology Review](https://www.technologyreview.com/2026/05/15/1137357/musk-v-altman-week-3/) - [The Ringer](https://www.theringer.com/2026/05/15/tech/sam-altman-defense-testimony-elon-musk-trial) - [Ars Technica](https://arstechnica.com/tech-policy/2026/05/altman-forced-to-confront-claims-at-openai-trial-that-hes-a-prolific-liar/) Image: https://www.immersivecommons.com/signal/issue-05/musk-altman-trial.jpg (image: [CNBC](https://www.cnbc.com/2026/05/14/closing-arguments-jury-openai-musk-altman.html)) ### 67 · Google Joined The Orbital Talks. *WSJ reports Google and SpaceX in talks. The second hyperscaler now lining up the same rocket.* On May 12th, [TechCrunch reported](https://techcrunch.com/2026/05/12/report-google-and-spacex-in-talks-to-put-data-centers-into-orbit/) — citing a [Wall Street Journal](https://www.wsj.com/) source story — that [Google](https://www.google.com/) and [SpaceX](https://www.spacex.com/) are in talks to launch orbital data centres ahead of SpaceX's [planned 2026 IPO](https://www.spacex.com/) at a $1.75-trillion valuation. Google has been running [Project Suncatcher](https://blog.google/) since late 2025, with prototype satellites scheduled for 2027 and partnerships under exploration with multiple launch providers. Google's [$900-million 2015 investment in SpaceX](https://www.cnbc.com/) gives it an existing equity-and-strategic stake. Neither company offered public comment at time of report. No capacity figures, no specific timeline. The structural fact is the second hyperscaler. The week-04 anthropic-spacex story named *"multiple gigawatts of orbital AI compute capacity"* as the next phase — Anthropic's letter of intent with SpaceX in conjunction with the [Colossus 1 deal](https://www.anthropic.com/news/higher-limits-spacex). One frontier lab plus one launch provider is a partnership. Two frontier customers plus one launch provider is the start of a market. Google's existing equity position in SpaceX plus an active Project Suncatcher programme plus reported talks with multiple rocket vendors is the operational picture of a second buyer — and the implicit signal that orbital compute is being underwritten as a strategic capacity question, not a research demo. The implication is the orbital wager. [TechCrunch notes](https://techcrunch.com/2026/05/12/report-google-and-spacex-in-talks-to-put-data-centres-into-orbit/) ground compute remains significantly cheaper today, factoring launch and construction. The bet is on what the curve does over the next five to ten years — solar power per square metre, thermal management without atmosphere, latency to ground customers, regulatory frameworks for sovereign-territory data residency in low Earth orbit. None of those numbers have ground-truth answers yet. What the talks indicate is that the two largest non-NVIDIA frontier-AI buyers have decided the orbital question is worth a meeting. The frontier this week drifted upward — half-a-kilometre, then five-hundred kilometres, then back down to a Bloomberg headline on a private round. **Feature: WAGER** - First named orbital-compute milestone (prototype satellite launch with AI workload payload) ships before end of Q2 2027. _(check: 2027-06-30)_ - Google publicly confirms Project Suncatcher SpaceX partnership by end of 2026. _(check: 2026-12-31)_ - A third hyperscaler (Microsoft, Amazon, Oracle, Meta) joins the orbital-compute trade in 2026. _(check: 2026-12-31)_ - Ground vs orbital crossover (orbital cheaper per training-GPU-hour) does NOT happen before 2030. _(check: 2030-01-01)_ **Sources:** - [TechCrunch](https://techcrunch.com/2026/05/12/report-google-and-spacex-in-talks-to-put-data-centers-into-orbit/) Image: https://www.immersivecommons.com/signal/issue-05/google-spacex-orbit.jpg (image: [TechCrunch](https://techcrunch.com/2026/05/12/report-google-and-spacex-in-talks-to-put-data-centers-into-orbit/)) --- *THE SIGNAL · FRONTIER TOWER / SAN FRANCISCO*