The real leverage in AI right now flows to whoever controls the operating system for autonomous work. Microsoft's Project Solara, Scout, and its new agent governance tools signal a company that lost the smartphone wars and is now racing to own the infrastructure layer where AI agents live and execute tasks. The pattern is unmistakable: Workday, Snowflake, and others are simultaneously building compliance and context layers because enterprises will not deploy agents without guardrails baked into the platform itself. This is not about model capability anymore. It is about who owns the policy engine, the identity layer, and the audit trail when an agent acts on your behalf around the clock.
The math on valuation discipline has inverted. Cyera is raising at 80x ARR despite operating losses. Uber capped AI spending after blowing through budget in four months. Impulse Space raised half a billion dollars explicitly to hire humans instead of betting on AI replacing engineers. These moves reveal a market correcting itself in real time. The venture narrative of "AI will do the work" collides with the operating reality that autonomous systems need human oversight, domain expertise, and governance infrastructure that existing models cannot provide. When a company raises capital to hire people, not automate them away, the market is signaling that the productivity gains from current AI are narrower than the hype suggested.
Regulatory capture is moving faster than regulation itself. Trump signed a narrower executive order requiring only voluntary prerelease government reviews of advanced models after industry objections killed the stronger version. Meanwhile, Anthropic is scaling Claude Mythos access to 150 organizations across 15 countries targeting critical infrastructure in power, water, healthcare, and communications. The company is essentially certifying itself as trustworthy for systems that could affect 100 million people. This is not regulation. This is the regulated choosing which regulator to work with. The supply chain attacks on npm packages targeting OpenAI Codex users and Red Hat cloud services show that the real vulnerability is not the models themselves but the developer tools and integrations wrapping around them, which are moving too fast for security to keep pace.
Sloane Duvall