The real infrastructure constraint is no longer model weights but compute allocation and the relationships that control it. Amazon's $5 billion commitment to Anthropic isn't primarily about capital, it's about locking in 5 gigawatts of Trainium silicon and guaranteeing supply when Claude demand outpaces available capacity. Anthropic investigating unauthorized access to Mythos while simultaneously limiting its release reveals the actual leverage: not the model itself, but who gets to run it and on what hardware. Sam Altman's dismissal of Mythos as "fear-based marketing" is telling precisely because it misses this point. The security vulnerabilities Mozilla found using Mythos, 271 bugs in Firefox 150, matter less than the fact that access to such a tool is now gated by compute availability and commercial partnership. SpaceX obtaining an option to buy Cursor for $60 billion signals the same desperation: neither Cursor nor xAI has proprietary models matching Anthropic or OpenAI, but both need compute infrastructure and distribution channels that Musk controls. The Pentagon's $54 billion drone budget and Meta's decision to record employee keystrokes for training data are symptoms of the same underlying tension. Compute scarcity is forcing companies to either lock in supply (Amazon-Anthropic), acquire distribution and infrastructure (SpaceX-Cursor), or mine whatever training signal they can from internal operations.
The secondary pattern is regulatory and legal systems struggling to assign liability for AI outputs while companies exploit that confusion. Florida investigating OpenAI over a mass shooting, a Sullivan & Cromwell partner admitting to AI hallucinations in a bankruptcy filing, and insurance companies proposing caps on cyber payouts for "LLMjacking" all reflect the same gap: no one knows yet who pays when an AI system fails. OpenAI's statement that ChatGPT is "not responsible" for the shooting is legally defensible but operationally irrelevant if regulators decide otherwise. Clarifai's deletion of 3 million OkCupid photos after an FTC settlement shows the cost of that ambiguity retroactively applied. Beazley and QBE limiting cyber coverage for AI-related incidents is the insurance industry's way of saying: we will not absorb this risk until the liability chain is clear. LinkedIn's Crosscheck feature, a blind taste test for AI models, is a small but revealing move: if companies cannot differentiate on capability or safety, they compete on user perception and choice architecture.
The third pattern is the proliferation of agents and the accompanying shift from consumer chat interfaces to embedded, autonomous systems. Hugging Face releasing ml-intern to automate LLM post-training, Photon's Spectrum framework deploying agents directly to WhatsApp and Telegram, Moonshot AI's Kimi K2.6 scaling to 300 sub-agents and 4,000 coordinated steps, these are not incremental product updates. They represent a transition from ChatGPT-style everything apps to purpose-built systems running without constant user input. Snowflake positioning itself as a "control plane for the agentic enterprise" and Adobe building an "agentic content supply chain" show that enterprise software vendors see agents as the new unit of deployment. The practical problem is real: Jonathan Wall of Runloop notes that agents operating in stateful, long-running environments with access to APIs and shell commands expand the attack surface dramatically. Capability without control is liability. Yet companies are shipping these systems anyway because the competitive pressure to move agents from prototype to production is now stronger than the incentive to slow down for safety. Connecticut's legislation on AI deepfakes in elections and the US government's expanded AI surveillance both arrive too late to shape the infrastructure already deployed.
Sloane Duvall