AI in 15 — April 21, 2026

The Pentagon says Anthropic is a supply-chain risk. The NSA is using Anthropic's most powerful model anyway. Welcome to a U.S. government that can't agree with itself on who to trust.

Welcome to AI in 15 for Tuesday, April 21, 2026. I'm Kate, your host.

And I'm Marcus, your co-host.

Tuesday show, Marcus. A big scoop out of Axios that pulls back the curtain on an open split inside the U.S. government over AI lab trust. The Chinese labs shipped two frontier models in a single day, and one of them just quietly went closed-source. GitHub yanked Opus access from Copilot Pro and jacked up the price on the replacement. Anthropic launched a Figma killer and tanked Figma's stock by seven percent. Deezer says forty-four percent of its daily uploads are AI slop. A leaked deck shows OpenAI is selling ChatGPT ad placements by prompt relevance. Atlassian is turning on AI training by default across Jira and Confluence. And a Roblox cheat led to a Vercel breach through an AI productivity tool. Let's go.

The NSA deploys Anthropic's Mythos while the Pentagon calls it a security risk.

Alibaba's Qwen 3.6 Max tops six coding benchmarks, and quietly closes its weights.

And GitHub Copilot's flat pricing era officially ends.

Lead story, Marcus. Axios broke on Sunday that the NSA is actively using Anthropic's restricted frontier model, Mythos Preview, despite the Department of Defense blacklisting Anthropic in February. Unpack this.

It's a remarkable split. The DoD labeled Anthropic a supply-chain risk and cut them off from Pentagon contracts two months ago. The dispute stems from Anthropic's refusal to make Claude available for mass domestic surveillance and autonomous weapons work, and their refusal to give DoD officials unrestricted access to Mythos' full capabilities. Meanwhile the National Security Agency, which runs U.S. signals intelligence, is using that same Mythos model to scan its own systems for exploitable vulnerabilities.

So one part of the government is calling it dangerous while another part is actively defending the country with it.

Exactly. Access to Mythos is limited to about forty organizations. Anthropic has only publicly named about a dozen, including the UK's AI Security Institute. And here's the political theater. Dario Amodei met with White House chief of staff Susie Wiles and Treasury Secretary Scott Bessent last Friday to discuss government use of Mythos and Anthropic's security posture. That's a direct end-run around the Pentagon through the executive branch.

What does this tell us about Anthropic's strategy?

That the ethics-first, scarcity-based positioning is commercially viable at the highest levels of U.S. national security. Anthropic said no to the Pentagon's full-access demand and won the NSA anyway. Compare that to OpenAI, which took the opposite path, embracing DoD classified networks, and is now reportedly facing a hashtag quit-GPT backlash from its user base. For the Western AI ecosystem, lab diversity is now a geopolitical asset. Different labs, different risk postures, different customers. That's healthier than a single national champion. The uncomfortable subtext is that the U.S. government can't agree on which lab to trust, and that disagreement is being resolved agency-by-agency rather than by policy.

Onto the Chinese frontier, Marcus. Two releases in a single day yesterday. Start with Qwen.

Alibaba shipped Qwen 3.6 Max Preview. It's their most powerful model yet, and they're claiming the number one spot on six coding and agentic benchmarks. SWE-bench Pro, Terminal-Bench 2.0, SkillsBench, QwenClawBench, QwenWebBench, and SciCode. Independent testing from Artificial Analysis pegs it second only to Meta's Muse Spark. Pricing is one dollar thirty per million input, seven dollars eighty output. Context window is 256k, text only.

And here's the twist.

Max Preview is closed-weights. That's a genuine departure from Qwen's open-source heritage. Available only through Qwen Studio and Alibaba Cloud Model Studio API. The Hacker News thread lit up with dismay. Commenters noted that the Chinese labs may be following the same give-free-then-close arc as their American counterparts.

Which undercuts the whole Chinese-open-source-is-eating-Western-moats narrative.

It does. And it reinforces a suspicion I've had for a while. That the open releases were strategic marketing, not ideology. Give away the weights long enough to erode competitor pricing power, then close the door once you're credibly at the frontier. Kate, we should also be honest about what Chinese labs are competing for. There's a coordinated campaign to undercut Western AI investment by flooding the zone with capable models. Closing Qwen's weights the moment they hit state of the art is consistent with that pattern, not against it.

And Kimi chose the opposite path.

Moonshot AI officially released Kimi K2.6 on the same day. One trillion total parameters, thirty-two billion active, mixture-of-experts, modified MIT license. Fully open weights. It runs three-hundred-agent parallel swarms and twelve-hour coding sessions. Benchmarks are genuinely impressive. Eighty-point-two percent on SWE-Bench Verified versus Claude Opus 4.6 at eighty-point-eight. Sixty-six-point-seven on Terminal-Bench 2.0. Eighty-three-point-two on BrowseComp, edging GPT-5.4. Pricing undercuts Qwen by roughly forty-five percent.

So Western developers can get near-Opus coding at a fraction of the cost with weights they host themselves.

That's the threat to closed frontier labs. If Kimi K2.6 runs on commodity infrastructure via vLLM or SGLang with INT4 quantization, the commercial economics shift fast. The frontier is now a four-way race. Anthropic, OpenAI, Alibaba, Moonshot. And one of those four is giving the weights away.

Quick hits, Marcus. Start with the story every developer is angry about this morning. GitHub Copilot.

GitHub announced sweeping changes yesterday. New signups for Pro, Pro Plus, and Student tiers are paused indefinitely. Opus models are entirely removed from the Pro tier. Opus 4.5 and 4.6 are discontinued even on Pro Plus. And Opus 4.7, which only became generally available on GitHub last Thursday, is launching with a seven-and-a-half-times premium request multiplier. That's a promotional rate through April thirtieth. Likely higher after.

So yesterday Opus 4.6 cost three credits. Today it's gone, and the replacement costs seven and a half.

That's a rug-pull, Kate. GitHub is blaming agentic workflows consuming far more compute than their original pricing anticipated. Which is a real engineering constraint, but also a pricing admission. Existing users can cancel and get April refunds through May twentieth. The Hacker News reaction was fierce. Many users announcing they're migrating straight to direct Claude Pro subscriptions.

This fits last week's pattern.

It's the same story as the Opus 4.7 tokenizer hike we covered yesterday. The all-you-can-eat era of AI coding assistants is over. Agentic loops have broken the economics, and every vendor is about to hit users with consumption-based pricing. If you built a 2026 budget on flat-rate Copilot Pro, rebuild that budget this week.

Next. Anthropic launched Claude Design yesterday. Figma's stock dropped seven percent.

We previewed this Saturday, but the numbers are now on the board. Claude Design is a prompt-to-prototype tool powered by Opus 4.7 that targets Figma and Lovable directly. It ingests a team's codebase and design files during onboarding, builds a design system of colors, typography, and components, and applies that system automatically to future projects. Refinement happens via chat, inline comments, direct text edits, and adjustment sliders.

And the Figma drama.

Mike Krieger, Anthropic's chief product officer, resigned from Figma's board on April fourteenth. That was the same day The Information leaked the competitive plans. So Krieger stepped off the board one week before Anthropic shipped the product aimed squarely at Figma's business. That's operating like nineteen nineties Microsoft. Rumors alone are enough to tank incumbent stock prices.

The philosophical question the design community is wrestling with.

Whether design tools become thin layers over a foundation model or remain rich collaborative canvases. Designers on Hacker News argue Claude Design hits only the leaf-node output and misses the deeper design thinking. Fair critique. But incumbents have clearly lost the narrative for now.

Deezer dropped some uncomfortable numbers yesterday. Forty-four percent of daily music uploads are now AI-generated.

Seventy-five thousand tracks a day. Up from ten thousand a day in January 2025. But listening behavior tells a very different story. AI music is only one to three percent of total streams, and eighty-five percent of those streams are detected as fraudulent and demonetized. Deezer has tagged thirteen-point-four million AI tracks over 2025 and stopped storing high-res versions to save on storage costs.

So the content is aimed at streaming-fraud payouts, not audiences.

That's the textbook AI slop pattern. Generate music cheaply, upload at volume, split royalty micro-payments from botted streams before the fraud system flags the account. A Deezer survey found ninety-seven percent of listeners couldn't reliably distinguish AI from human music, though eighty percent support mandatory labeling. A CISAC study projects about twenty-five percent of music creator revenue, roughly four billion euros, at risk by 2028.

The defense strategy.

Platform-level detection, not creator disclosure. Creators lie. Platforms have to police their own pipes. And this is not just music. Any open upload platform, YouTube, Spotify, Medium, arXiv, has the same signal-to-noise problem now. The next decade of product work at those companies is going to be spam filtering with a foundation-model budget.

And now the story that should concern every ChatGPT user. AdWeek got hold of a leaked StackAdapt pitch deck.

Titled OpenAI times StackAdapt Limited Pilot Program. Shared with advertisers on March twenty-seventh. It confirms OpenAI is preparing ChatGPT ads with CPMs of fifteen to sixty dollars, targeting driven by prompt relevance. Fifty-thousand-dollar pilot minimum. OpenAI itself has reportedly pushed its minimum spend up to a hundred to a hundred and fifty thousand.

Prompt relevance means what it sounds like.

Ads served based on what you are prompting about. A discovery layer that captures users mid-research. Everything users have ever told ChatGPT about health, finance, relationships, purchases, career moves. All of it is now monetizable signal. And here's the part that raised securities-fraud alarms on Hacker News. OpenAI explicitly told users earlier that ads would not be informed by prompt data. That statement now appears to be inoperative.

The historical parallel.

The same incentive structure that broke Google Search is now coming for the assistant layer. The neutral oracle framing that made LLMs feel magical is about to collide with ad-ranking economics. If the answer to your health question is shaped by who paid for placement, trust erodes fast. This is the inflection point where ChatGPT becomes a commercial surveillance product rather than a neutral assistant.

Staying on the data-extraction theme, Marcus. Atlassian.

Atlassian announced that starting August seventeenth, 2026, it will enable AI training data collection by default across all Cloud products. Free and Standard tiers cannot opt out of metadata collection at all. In-app data, Jira ticket contents, Confluence page bodies, comments, is on by default and retained for up to seven years. Only Enterprise tier is genuinely opt-in. HIPAA and Gov Cloud customers are exempt.

Three hundred thousand customers affected.

And there are unconfirmed rumors on Hacker News that Anthropic is in talks to acquire Atlassian, presumably for the training data pipeline. A data-poisoning subreddit has already sprung up. Engineers proposing to salt tickets with nonsense text to degrade any future model trained on this corpus.

The read-across.

SaaS vendors sitting on decades of corporate tacit knowledge are quietly converting that data into training corpora without meaningful consent. If Atlassian normalizes this pattern, expect GitHub, Figma, Notion, and Salesforce to follow. Every post-mortem, architecture doc, and ticket written after August seventeenth becomes training data unless someone actively flips a switch. That's a big governance problem buried in a feature flag.

Last quick hit. A Vercel breach disclosed Sunday, and the attack chain is unlike anything we've seen.

Vercel disclosed that attackers reached internal environments via a compromised OAuth token a Vercel employee had issued to Context dot AI, a third-party AI productivity tool connected to their Google Workspace. Now the root cause. A Context dot AI employee was infected with Lumma Stealer malware back in February via a Roblox auto-farm cheat download. ShinyHunters claimed responsibility and is reportedly asking two million dollars for the data.

So a kid's game cheat led to a cloud-infra breach through an AI productivity tool.

That's the 2026 archetype. Only non-sensitive customer environment variables were accessed. Vercel environment variables are encrypted at rest, and the sensitive flag blocks even internal readback. So the worst-case damage was contained. But every engineer clicking yes on connect your Google Workspace to this AI tool is now making a supply-chain decision. OAuth-scope governance across AI side-tools is going to be the boring-but-critical security discipline of the next eighteen months.

Tuesday big picture, Marcus. Three threads converging.

First, the frontier has gone multi-polar. Mythos quietly deployed at the NSA. Opus 4.7 in production. Qwen 3.6 Max and Kimi K2.6 both shipping yesterday. No single lab is winning on capability anymore. That's healthy for the Western ecosystem, and it's why the U.S. government's internal disagreement over which labs to trust is actually a feature, not a bug.

Second?

Monetization pressure is boiling over. GitHub's Copilot rug-pull, the ChatGPT ads leak, Atlassian turning training on by default, Figma getting outflanked in a single product launch. The free lunch is ending everywhere simultaneously. Every AI platform is converting users into revenue, and the polite ways have run out.

And third?

Trust infrastructure is cracking. Deezer flooded with AI slop. The Vercel breach via an AI side-tool. And every system we use to validate AI-adjacent things, star counts, user reviews, upload platforms, is under attack. The libertarian read is that the market is sorting winners and losers fast, and the loudest resistance is coming from people mistaking the scoreboard for the game.

One sentence to close.

The frontier is getting more capable, more expensive, and less trustworthy all at once, Kate. The companies that win this next year will be the ones that rebuild trust into the plumbing rather than paint it on top.

That's your AI in 15 for Tuesday, April 21, 2026. See you tomorrow.