This Week's Topics: Agent platforms become enterprise products - OpenAI and Google both shipped enterprise agent platforms within hours of each other, while Anthropic and Cursor closed in on always-on, dependable runtimes — turning agents from demos into the substrate of work. The governance and security lag widens - The Cloud Security Alliance, Brex, Ramp Labs, NVIDIA researchers, and Meta's own employees all surfaced the same lesson this week: agent ecosystems are scaling far faster than the permissions, audits, and budgets meant to govern them. AI capital rushes toward the metal - Tesla disclosed a $2B AI hardware acquisition, Anthropic traded near a trillion in secondaries, and DeepSeek's first external round opened above $20B — even as analysts reported many AI data-center projects are quietly being delayed or canceled. The productivity reality check arrives - An NBER survey found most executives still see no productivity gain from generative AI, Uber blew through its 2026 AI budget by April, and Google said three-quarters of new code is now AI-generated. The bottleneck is moving, not vanishing. Trust frays as synthetic content multiplies - Deezer logged 44% AI-generated music uploads, Korean police chased an AI-generated wolf, the Vatican started writing AI truth guardrails, and Cornell put manual typewriters back into language classrooms. The trust deficit isn't being closed by the products. Sources: - OpenAI Launches Shared 'Workspace Agents' for Team Workflows in ChatGPT - Google Cloud Launches Gemini Enterprise Agent Platform - OpenAI tests Hermes, a platform for always-on ChatGPT agents - Anthropic's 'Conway' Always-On Claude Agent Shows Signs of a Mini-App Runtime - Cursor in talks to raise $2B+ at $50B valuation - Microsoft Plans Token-Based Billing and Tighter Limits for GitHub Copilot - CSA Survey Warns Enterprise Security Is Falling Behind AI Agent Adoption - Brex Open-Sources CrabTrap Proxy to Policy-Check AI Agents' Network Requests - Ramp Labs Finds Coding Agents Ignore Token Budgets and Need External Spend Controls - OpenAI previews Codex 'Chronicle' to build memories from macOS screen context - Meta to Track Employee Keystrokes and Mouse Movements to Train AI Models - Data-Free Sign-Bit Flips Can Cripple Vision and Language Neural Networks - Tesla Reveals Up to $2B AI Hardware Acquisition in Brief 10-Q Note - Anthropic Hits $1 Trillion Secondary-Market Valuation - Tencent and Alibaba in talks to invest in DeepSeek at over $20B valuation - Anthropic and Amazon Deepen Partnership to Secure Up to 5GW of Compute - OpenAI's Stargate Data Centers Show Active Construction Across Seven US Sites - AI's Productivity Payoff Still Elusive, Echoing the 1980s Solow Paradox - Uber Blows Through 2026 AI Budget After Surge in Anthropic Claude Code Use - Google: 75% of New Code Is AI-Generated as Company Moves to Agentic Workflows - Deezer: 44% of Daily Music Uploads Are AI-Generated, Prompting New Anti-Fraud Tools - Viral MAGA Influencer 'Emily Hart' Exposed as AI Persona - South Korea arrests man over AI-generated photo that misled wolf search - Vatican Steps Up AI Rules and Cyber Defenses Amid 'Crisis of Truth' - Cornell instructor uses typewriters to deter AI-written assignments Episode Transcript Agent platforms become enterprise products The big news on Friday came in two waves, hours apart. OpenAI introduced what it's calling ChatGPT workspace agents — long-running workflows with tool access, persistent memory, approval gates, and what the company describes as enterprise controls. Google followed with the Gemini Enterprise Agent Platform: governance, identity, a registry, runtime, and evaluation, all tucked under what used to be Vertex AI. The two announcements told the same story. Agents have stopped being demos and started being platforms — the kind of thing IT departments procure, audit, and deploy across thousands of seats. Earlier in the week, leaks suggested OpenAI was also testing always-on ChatGPT agents that persist between sessions, and that Anthropic was building a comparable always-on Claude runtime. By Tuesday, Cursor — the AI coding editor — was reported in talks for a fresh round at a fifty-billion-dollar valuation. By Friday, GitHub Copilot was reportedly moving to token-based billing, the way cloud usage is metered, because agent-driven coding is consuming far more compute than seat licenses can absorb. There's a pattern here worth naming. Through 2025, the agent debate was about capability — could the model actually do the work? In April 2026, the debate has shifted to plumbing. Who owns the runtime? Where is the registry? How do you authorize what an agent can spend, approve, or read? Anthropic spent the week emphasizing safety handling and tool-use defaults in Claude's system prompt. Researchers published a study called AGENTS-dot-MD arguing that durable reliability comes from tight documentation and deterministic safeguards, not prompt tweaks. Perplexity described a two-stage post-training pipeline to keep its search agent from regressing on safety as it gets faster. The economic logic is clear. Selling a chat interface is a feature business. Selling an agent platform — the place where work actually runs — is a distribution business. Whoever wins that layer doesn't just sell intelligence; they sell the substrate on which the next decade of enterprise software runs. By the end of the week, three of the five biggest AI companies were openly competing for it. The governance and security lag widens The same week the platforms shipped, the security people wrote nervously. The Cloud Security Alliance published a survey on AI agent governance in enterprises. Its findings: weak ownership, drifting permissions, slow detection of agent misbehavior, and almost no incident-response playbooks specific to agentic systems. Brex open-sourced a tool called CrabTrap — a policy-enforcing proxy that sits between an agent and the outside world, inspecting each request and applying language-model-based approvals before it goes through. The framing is telling: when agents have real credentials and real spending power, you don't trust the model to behave; you trust the proxy to catch it. Ramp Labs reported that coding agents routinely ignore token budgets — and, when forced to choose, simply choose to continue. Researchers showed practical attack paths against agentic browsers, including prompt-guard bypasses. NVIDIA collaborators published Deep Neural Lesion, a class of bit-flip attacks that catastrophically degrades model behavior by corrupting just a handful of sign bits in the weights. OpenAI's screen-aware Codex Chronicle, which builds memories from screenshots, drew immediate criticism over privacy and prompt injection. Meta's program of monitoring its employees' workdays — keystrokes and screen snapshots — to train computer-using agents reignited the workplace-surveillance debate, this time with a concrete employer using it for AI product development. The pattern, again, is structural. Agents are systems with scope, memory, and credentials — not chatbots. The control surface has to live somewhere: in the prompt, the proxy, the runtime, or the operating system. The major labs say the runtime; researchers say the proxy; the security community says all of the above, and we're behind. None of last week's product launches mentioned any of these tools by name. There's also a deeper concern surfacing — that the agent stack is being built for raw capability first and contractual reliability second. The harness — the shell, the auth, the budget cap — is being treated like an afterthought, even as the systems that need it are being shipped to enterprise customers. AI capital rushes toward the metal The trillion-dollar number is, technically, not real. It comes from secondary trades on Forge Global, where existing Anthropic shares changed hands at prices that imply a roughly trillion-dollar market value for the company. Secondary signals are noisy — share supply is small, buyers are eager, and the marginal trade can lift the implied number sharply. But it tells you something about appetite. DeepSeek, the Chinese frontier-model lab, is reportedly raising its first external round above twenty billion dollars, with strategic investors including Tencent and Alibaba and a rapidly repriced ecosystem. Tesla's mystery acquisition was disclosed in a filing as worth up to two billion in stock; the target's identity has not been revealed. Anthropic and Amazon expanded their compute pact toward five gigawatts of capacity. OpenAI's Stargate complex continues construction across seven US sites. Vast Data closed a major round at thirty billion. Cursor's valuation, by Tuesday's reports, had nearly doubled in three months. Yet the same week, analysts published estimates that AI data-center projects are increasingly being delayed or canceled — because of power constraints, supply-chain pressure, or shifting demand forecasts. Epoch AI mapped global AI compute ownership and showed how concentrated it has become in the hyperscalers, with frontier labs largely renting from cloud providers under geopolitical constraints. Researchers warned AI's hardware refresh cycles could add millions of tons of e-waste per year by 2030. So the picture is bifurcated. The capital is sprinting toward the metal — chips, data centers, custom silicon, the equity of anyone who can build at scale. But on the operational side, projects are stalling on physics: power, cooling, and grid interconnects don't move at the speed of capital. Hyperscalers can fund anything; they cannot pour concrete faster than the local utility can run a transmission line. The bubble debate continued in the background. Cory Doctorow published an essay arguing the current AI risk discourse functions as a Pascal's Wager that justifies endless spending, while distracting from real, present-day power concentration. Whether or not he's ri
