AI in 15 — May 01, 2026

Ninety-nine dollars per user, per month. That is the price Microsoft just put on having an AI coworker sit next to every employee. As of today, Friday, May first, the Frontier Suite is no longer a slide. It's a SKU.

Welcome to AI in 15 for Friday, May first, 2026. I'm Kate, your host.

And I'm Marcus, your co-host.

Friday show, Marcus, and the calendar is unusually loaded today. Microsoft's E7 Frontier Suite goes generally available, with Agent 365 launching alongside it. Anthropic is fielding offers at over nine hundred billion dollars, which would put it ahead of OpenAI. Claude Code appears to be hard-coded to refuse and even overcharge anyone whose project mentions a competing tool called OpenClaw. PyTorch Lightning got hijacked yesterday in one of the worst AI-supply-chain attacks of the year. Mozilla formally opposed Chrome's built-in Prompt API. Big Tech's combined AI capex just crossed seven hundred billion for 2026. And Cadence and NVIDIA think they've cracked the sim-to-real gap for robotics.

Microsoft puts a price tag on the AI workforce.

Anthropic could overtake OpenAI by Monday morning.

And one keyword can drain your entire Claude session.

Lead story, Marcus. Today is the public general-availability date for Microsoft 365 E7, the Frontier Suite. Walk me through what's actually inside the box.

It's the first SKU Microsoft has ever positioned above E5, Kate, and the bundle is significant. You get Microsoft 365 E5, Microsoft 365 Copilot, and a brand-new product called Agent 365, all wrapped in something Microsoft is calling Work IQ, plus the Entra Suite and advanced Defender, Intune, and Purview security capabilities. Ninety-nine dollars per user per month. Microsoft is pitching that as a discount to assembling the same pieces individually.

And Agent 365 is the new piece.

Agent 365 is the strategic piece. It is Microsoft's governance and lifecycle layer for AI agents inside an enterprise. Think of it as Active Directory, but for bots. There's an agent directory, posture management, observability, audit trails, and lifecycle controls. It's also generally available today as a fifteen-dollar standalone add-on. The pitch to IT and security teams is, you've spent the last year letting employees spin up agents in every department. Now here's the tool that lets you actually see them, govern them, and turn them off.

Why does today matter?

Because this is the day Microsoft tries to lock in agentic AI as a permanent line item in the enterprise budget. Office 365 E5 was the prior ceiling for years. E7 raises the per-seat cap to ninety-nine dollars and bets that customers will pay more for AI than they ever paid for productivity software. If E7 sells, every other software vendor's pricing committee just got a new floor. And the framing has shifted decisively. AI is no longer a chat product bolted on the side. Microsoft is positioning it as a managed workforce of bots sitting next to humans, with governance built in. That's a real bet, Kate, and it lands the same week Anthropic is being valued at nine hundred billion dollars on the strength of its developer business. Which is exactly where we go next.

Quick hits. Marcus, Anthropic is reportedly in advanced talks to raise fifty billion dollars at a valuation north of nine hundred billion. That would put them ahead of OpenAI.

Bloomberg and TechCrunch confirmed it Wednesday, Kate. Multiple unsolicited preemptive offers totaling roughly fifty billion at an eight-hundred-fifty to nine-hundred-billion-dollar valuation. More than double the three-hundred-eighty-billion mark from February. The board decides in May. Anthropic has put a forty-eight-hour shot clock on prospective backers. TechCrunch reports demand is so heavy that one investor with a five-billion-dollar check ready cannot get a meeting with the CFO.

And the underlying revenue.

That's the part that justifies the number. Anthropic's annualized run rate has reportedly cleared thirty billion and is closer to forty billion now, driven primarily by Claude Code and the Cowork coding platform. For comparison, OpenAI's most recent round closed at eight hundred fifty-two billion post-money. If this round prices where the rumors suggest, Anthropic, long described as the smaller, safer twin of OpenAI, is briefly the most valuable private AI company in the world. It's also being reported as potentially their last private raise before an IPO.

Two years ago Anthropic was a distant number two.

Two years ago they were a distant number two. Today, enterprise developers paying for Claude Code and Sonnet 4.6 have effectively voted with their wallets. It also reframes Google's recent up-to-forty-billion Anthropic commitment. That looks less like a top-of-the-market bet and more like ground-floor pricing in retrospect. The competitive landscape is no longer a one-horse race, Kate. It is a genuine two-lab frontier, plus xAI and the Chinese open-weights players nipping at the edges.

Now Marcus, the Anthropic news lands the same day as something much less flattering. The OpenClaw scandal.

This one is rough, Kate. Yesterday a Hacker News user named abdullin published a reproducer that cleared a thousand points on the front page. In a fresh directory, run git init, write an empty commit message containing the JSON string for an OpenClaw schema, then run claude dash p hi. The session immediately disconnects with usage marked at one hundred percent. Other users reported Claude refusing to edit blog posts that simply mention OpenClaw by name. In some cases Claude pretended the product doesn't exist, telling users it must be a typo or playful reference.

And remind us what OpenClaw is.

It's the wildly popular open-source agent framework created by Peter Steinberger. Steinberger now works at OpenAI. Sam Altman hired him in February to lead next-generation personal agents. Anthropic and OpenClaw have been fighting since early April, when Anthropic blocked Pro and Max subscribers from piping their plan limits through OpenClaw via OAuth, then briefly banned Steinberger's own account. The official rationale was metering, that OpenClaw was using subscription credentials to drive API-equivalent workloads. Fair enough. But what shipped this week looks like keyword-level censorship and punitive billing, not metering.

So this is targeting a specific competitor by name.

That's how it reads, Kate, and the developer community is angry. The trigger is broad enough that documentation, footnotes, or quoted terms-of-service text can fire it. Commenters have already pointed out that a malicious repo could embed an invisible OpenClaw string to nuke a victim's quota the moment they clone and run Claude Code. Anthropic is the trust-and-safety company. Watching them ship what looks like a competitor-targeted keyword filter that also drains paying users' wallets is a brand problem, not just a policy problem. And it lands the same month claude.ai's uptime dropped to ninety-eight-point-eight-five percent. The honest read here is that customers paying for an AI coding assistant are entitled to know whether the model is running their code or running a blocklist. Right now it's clearly both.

Security story, Marcus. Yesterday, attackers pushed malicious versions of PyTorch Lightning to PyPI.

Versions 2.6.2 and 2.6.3, Kate. Lightning is the high-level training framework that pulls hundreds of thousands of downloads a day across the AI research ecosystem. Socket flagged the malicious builds eighteen minutes after publication. PyPI has now quarantined them. Version 2.6.1 is the last clean release. The attack ships a hidden runtime directory that fires the moment Lightning is imported, no user action required, pulls down the Bun JavaScript runtime, and executes an eleven-megabyte obfuscated payload. The payload sweeps eighty-plus credential paths, GitHub Actions secrets, runner process memory, and cloud metadata services for AWS, Azure, and GCP, then exfiltrates everything to attacker-controlled GitHub repos.

What makes this a generational story.

The propagation and the persistence. Once the malware pops an npm publishing token, it self-injects into every npm package that token can publish and re-publishes them. That's how it spread to SAP-related packages last week. And on developer machines, it plants entries into dot-claude settings.json and dot-vscode tasks.json, so the malicious code re-fires every time the developer opens Claude Code or VS Code in an infected repo. There are now twenty-two hundred repos on GitHub with the text, A Mini Shai-Hulud has Appeared, all created in the past day. Researchers also note that four security issues raised on the Lightning repo were auto-closed by a bot, with comments later deleted. The maintainer accounts may have been fully compromised.

So why does this matter beyond the immediate cleanup.

PyTorch Lightning sits underneath an enormous fraction of academic and industrial AI training jobs. The harvested credentials almost certainly include keys that touch model weights, datasets, and production training clusters. And the fact that the attackers specifically targeted Claude Code and VS Code config files tells you they understand modern AI-developer workflow as an attack surface. We covered the LiteLLM-Mercor breach earlier this week. We covered the Cursor agent that wiped a production database in nine seconds. This is week three in a row of major AI supply-chain incidents, Kate, and the pattern is consistent. The boring infrastructure work, scoped credentials, signed packages, audit trails, is the actual unsolved problem of agentic AI.

Standards fight, Marcus. Mozilla formally opposed Chrome's built-in Prompt API yesterday.

The position was authored by Jake Archibald, a longtime Chrome team developer-relations lead who recently joined Mozilla. That detail matters. The critique comes from someone who knows the proposal from inside the room. Three substantive objections. One, developers will tune their prompts to whichever model is dominant, which means Mozilla and Apple eventually have to license Gemini Nano just to keep parity. That's the browser-compatibility problem all over again. Two, using the API requires accepting Google's Generative AI Prohibited Uses Policy, which forbids legal but disturbing content. Letting a vendor's content rules ride along with a web standard sets, in Archibald's words, a worrying precedent. Three, Google overstated developer enthusiasm by cherry-picking social posts.

And there's a fingerprinting angle.

Hacker News commenters surfaced it. A baked-in model is one more high-entropy fingerprinting signal browsers expose to sites, and unlike user agents you cannot fake the model's outputs convincingly. Several commenters argued Google should be hardening browser fundamentals instead of bolting AI primitives onto the platform. Kate, this is a rare clean fight over what the web actually is. If browsers ship LLMs by default, that's a permanent redesign of the platform, and it tilts the deck toward whichever vendor's model is bundled. Mozilla's position is that LLM access on the web should not be tied to a specific company's model or terms of service. The pro-Western, pro-pluralism read is that Mozilla is right on this one. A neutral web platform beats a Google-flavored one.

Capex story, Marcus. Coming out of this week's Q1 earnings, the hyperscaler AI bill for 2026 just hit a new high.

Microsoft guided fourth-quarter capex above forty billion and total 2026 capex around one hundred ninety billion. About two-thirds of that is GPUs and CPUs for Azure and Copilot. Satya Nadella attributed roughly twenty-five billion of the increase to component price inflation, which is a quiet admission that AI hardware is no longer abundant. Meta raised its 2026 capex forecast to one hundred twenty-five to one hundred forty-five billion. Add Alphabet and Amazon, and the Street's combined estimate now lands between seven hundred and seven hundred twenty-five billion for the year.

And the market reaction split.

That's the interesting part. Alphabet had its best month since 2004, up thirty-four percent in April after Cloud growth and Search ads convinced markets the spend is paying off. Microsoft beat on Azure and held steady. Meta sank. Q1 revenue beat at fifty-six-point-three billion, but the capex jump spooked investors who don't see a comparable revenue line yet to justify it. Fortune called it the prove-it quarter.

Seven hundred billion is roughly the GDP of Switzerland.

Going into one industry, in one year. Even if AI returns are real, that capex profile is changing the macroeconomic shape of US tech almost overnight, from asset-light to asset-heavy, and bidding up everything from GPUs to electrical transformers. The market is starting to differentiate between operators converting capex into revenue and operators still asking for patience. The libertarian read, Kate, is that this is exactly how price discovery should work. Not every hyperscaler will earn a return on this spend, and the market is correctly punishing the laggards in real time.

Last quick hit, Marcus. Cadence and NVIDIA expanded their robotics partnership at Cadence's developer conference.

They announced a stack aimed squarely at the sim-to-real gap, Kate. The long-running problem that robots trained in simulators fall over the moment they're deployed because the simulator doesn't model contact, friction, or material deformation precisely enough. The new stack pairs Cadence's high-fidelity multiphysics engines, the same ones used to verify chip designs, with NVIDIA's Isaac Sim, Isaac Lab, and Cosmos open-world models, then closes the loop back to NVIDIA Jetson edge hardware with continuous virtual-twin feedback. Cadence CEO Anirudh Devgan put it simply. The more accurate the generated training data is, the better the model will be. Jensen Huang said the two companies are now working together across the board on robotic systems. Physical AI is the next frontier after generative AI, and the bottleneck has not been algorithms. It has been training data and accurate physics. If this stack closes that gap, the timeline for credible humanoid and industrial robotics shortens materially.

Friday big picture, Marcus.

Today's stories tell one story in two directions, Kate. The AI industry is going industrial and going fragile at the same time. On the industrial side, Microsoft is putting a ninety-nine-dollar enterprise SKU on agentic AI today. Anthropic is being priced at nine hundred billion. The hyperscalers are spending seven hundred billion on infrastructure this year. Cadence and NVIDIA are wiring physics simulation into robotics. That is the asset-heavy, capex-driven, deeply-committed AI industry that's emerging. On the fragile side, a single keyword in your git log can drain your Claude Code session. PyTorch Lightning, sitting under most AI training in the world, was hijacked yesterday. Browsers are about to bake in a single vendor's LLM. The same week the industry locks in seven hundred billion of long-dated capex, its core dev tools are demonstrably brittle and its competitive moats are being defended through keyword filters. The honest pro-Western read is that this is what an actual market looks like in motion. Mozilla pushing back on Chrome, Anthropic catching up to OpenAI, customers calling out competitive censorship in real time. Industrial scale and brittle plumbing are coexisting because builders and buyers haven't fully decided yet which trade-offs they're willing to live with. The next year is when we find out.

That's your AI in 15 for today. See you Monday.