Karthik Ramadoss

AI Waypoints: Week of April 6, 2026 — Edition #4

Karthik’s AI Wanderlust — Mon, 06 Apr 2026 23:49:39 GMT

Good morning. The money got real this week. OpenAI closed the largest private funding round in history, Microsoft launched its own models to reduce dependence on OpenAI, and the EU started enforcing AI regulations within 48 hours of opening its doors. The power dynamics in enterprise AI are shifting underneath active contracts.

1. OpenAI closes $122B round at $852B valuation — with strings attached

What happened: OpenAI closed a $122B funding round on March 31 at an $852B post-money valuation, the largest private raise in history. The investor list is interesting:

Amazon committed $50B (with $35B contingent on an IPO or AGI milestone),
NVIDIA put in $30B, and
SoftBank added another $30B on top of the bridge loan we covered in Edition #3.

OpenAI now reports $2B in monthly revenue, 900M weekly active users, and 50M+ subscribers. An IPO is expected later this year.

Why it matters: We’ve been tracking the OpenAI IPO signals since the SoftBank bridge loan in Edition #3. It’s worth noting the Amazon deal structure: $35B of its $50B commitment is contingent on an IPO or an AGI milestone.

For enterprise buyers, the financial permanence matters. OpenAI isn’t going anywhere. The question is whether IPO-driven margin pressure changes how aggressively they price enterprise contracts.

What to do: If you’re mid-negotiation on an OpenAI enterprise deal, the pre-IPO window is narrowing. Lock favorable terms before the S-1 filing forces quarterly performance pressures. Ask your procurement team to model what a 15-20% price increase post-IPO would mean for your total cost.

2. Microsoft launches in-house MAI models — the OpenAI dependency unwind begins

What happened: On April 2, Microsoft announced three in-house models under the MAI brand:

MAI-Transcribe-1 (speech-to-text, lowest word error rate on the FLEURS benchmark at 3.8%),
MAI-Voice-1 (text-to-speech, generating 60 seconds of audio in 1 second), and
MAI-Image-2 (ranked #3 on the Arena.ai image leaderboard).

All three are available through Microsoft Foundry and a new MAI Playground. Bloomberg separately reported that Microsoft aims to build its own frontier large language models by 2027.

Why it matters: I wrote in the Copilot Cowork analysis that Microsoft was positioning Claude inside its governance shell because Copilot adoption was lagging. That was a distribution play. This is a different move. Microsoft building its own model stack (starting with speech, voice, and image, with LLMs by 2027) signals they want to reduce the OpenAI dependency that has defined their AI strategy since 2023. For enterprise customers, this is good news: more model options inside the Microsoft ecosystem means more pricing competition and less single-vendor concentration risk. The practical question is whether MAI models show up in Copilot and M365 products, or stay siloed in Foundry for developers.

What to do: Ask your Microsoft account team where MAI models fit in the Copilot roadmap. If you’re running Azure AI workloads that use OpenAI endpoints, watch for MAI alternatives that could reduce your per-token costs. Don’t renegotiate anything yet, but start tracking which Microsoft-native models match your use cases.

3. Microsoft 365 E7 “Frontier Suite” goes transactable May 1

What happened: Microsoft’s E7 tier becomes transactable through partners on May 1 at $99/user/month. The bundle includes E5 + Entra Suite + Copilot + Agent 365, Microsoft’s new agent governance platform priced at $15/user/month as a standalone. Separately, Claude is now available as a model option in mainline Copilot chat (not just through Azure AI Foundry) and in the Researcher agent.

Why it matters: We called E7 “the largest new tier since 2015” when Microsoft announced pricing in the SaaS pricing analysis. The $99/user/month price point bundles governance into the licensing model. Agent 365 at $15/user is the first major cloud vendor’s agent governance platform baked into an enterprise productivity suite. That number will dominate IT budget conversations in Q2 and Q3. The Claude-in-Copilot integration matters too: Microsoft is making the multi-model story real at the user level, not just the API level. Every organization running M365 needs a position on E7 before renewal conversations start, because Microsoft reps will be leading with it.

What to do: Pull your current M365 licensing breakdown this week. Calculate the per-user delta between your current tier and E7. If you’re already on E5 + Copilot, the incremental cost for Agent 365 governance might be cheaper than building your own. However, it is early days for Microsoft (or anyone for that matter) in this space and make sure to evaluate what’s GA vs what’s still in early preview.

4. Anthropic Claude Code leak reveals Mythos model and 44 unshipped features

What happened: On March 31, The Register reported that the full Claude Code source (512,000 lines across 1,906 TypeScript files) was published to npm through a misconfigured source map triggered by a Bun bundler bug. Security researchers found 44 unshipped feature flags and references to “Mythos” and “Capybara,” the next-tier model above Opus that Anthropic described internally as a “step change” in capabilities. This is the same Mythos model that surfaced in the CMS leak we covered in Edition #3. This time the exposure came through the software supply chain, not a content system.

Why it matters: Two separate leaks of the same unreleased model through two different attack surfaces in two weeks. The CMS leak was a configuration error. The npm leak was a build toolchain bug that shipped source maps to a public registry. They’re different categories of supply chain risk. For every organization publishing npm packages or using Bun as a bundler, this is a concrete audit trigger. The feature flags also tell us something: 44 unreleased capabilities sitting behind flags in production code means Anthropic is shipping and gating simultaneously.

If you’re building on Claude APIs, some of those features will change the integration behavior when they go live.

What to do: Run npm pack --dry-run on your own published packages this week and check whether source maps or internal files are leaking. If you use Bun, verify your bundler config strips source maps from production builds. If you’re an Anthropic enterprise customer, ask about Mythos timing. The capability gap between current Opus and Mythos may affect your model selection roadmap.

5. Google releases Gemma 4 — frontier reasoning goes open-weight

What happened: On April 2, Google released Gemma 4, a family of four open-weight models (2B, 4B, 26B MoE, and 31B Dense) under the Apache 2.0 license. The 31B Dense model ranks #3 on the Arena AI text leaderboard. All models support 256K context windows with vision and audio input, and they run on hardware as small as phones, Raspberry Pis, and NVIDIA Jetson boards.

Why it matters: The open-weight performance gap just collapsed again. A 31B parameter model that ranks #3 on Arena AI, costs orders of magnitude less to access than the proprietary competition, and runs on a Raspberry Pi is mindblowing.

For regulated industries that can’t send data to external APIs (healthcare, financial services, defense), Gemma 4 is the strongest case yet for on-premises AI that doesn’t require compromising on quality. The Apache 2.0 license removes the commercial restrictions that limited earlier open models. The 256K context window with multimodal input means these aren’t toy models. They can handle real enterprise document workflows.

What to do: If you’ve been blocked on AI adoption by data residency requirements, test Gemma 4 31B Dense against your actual workloads this week. The benchmark numbers are impressive, but what matters is whether it handles your documents, your domain vocabulary, your edge cases. Compare the total cost of running it on-premises against your current API spend.

Also, I tried it on my iPhone 17 Pro Max with LocallyAI. It kind of surreal to have a model of this much capability in my pocket!

6. MCP crosses from protocol to production — Pinterest saves 7,000 hours monthly

What happened: The MCP Dev Summit at NYC (April 2-3) put some real numbers on what had been mostly anecdotal adoption. The MCP protocol now sees 97M monthly SDK downloads across 5,800+ community servers. Pinterest presented the standout case study: domain-specific MCP servers handling 66,000 invocations per month across 844 users, saving an estimated 7,000 hours monthly. OAuth 2.1 enterprise authentication is shipping in Q2.

Why it matters: I flagged MCP’s security problems in Edition #2 (36.7% of servers vulnerable to SSRF). Those problems haven’t disappeared, but the protocol crossed a threshold this week that makes “wait and see” untenable. 97M monthly SDK downloads is infrastructure-grade adoption, not a developer experiment anymore.

Pinterest ran domain-specific servers with usage tracking and saved 7,000 hours a month. That’s the pattern worth copying. The OAuth 2.1 announcement in Q2 addresses the enterprise authentication gap directly. The question has shifted from “should we adopt MCP” to “how do we govern it before shadow MCP servers show up in our environment” — the same pattern we described in the Speakeasy Problem.

What to do: Check whether your engineering teams are already running MCP servers. At 97M SDK downloads, the odds that someone in your org has experimented are high. If they have, get the Pinterest governance pattern in front of them: domain-specific servers with usage tracking, not a free-for-all. If they haven’t, the OAuth 2.1 Q2 timeline gives you a natural starting point for a governed pilot.

7. EU AI Safety Office goes live — enforcement starts within 48 hours

What happened: The EU’s central AI enforcement body, the AI Safety Office, officially began operations on April 1. Within its first 48 hours, it launched formal inquiries into two European fintech companies over their AI-driven credit scoring models and issued documentation requests to several major U.S. cloud providers to verify compliance with model transparency rules.

Why it matters: AI regulation just went from “future concern” to “active enforcement.” Two days from opening the doors to issuing formal inquiries signals that the office arrived with a target list. For any enterprise deploying AI systems that serve EU customers, particularly in financial services, hiring, or healthcare, the compliance clock started this week.

The documentation requests to U.S. cloud providers also mean this isn’t just a European company problem. If we’re running models through Azure, AWS, or GCP that touch EU data, our vendors are now fielding regulator questions about how those models work.

What to do: Check whether any of your AI-driven workflows would qualify as “high-risk” under the EU AI Act (credit decisions, hiring screening, customer risk scoring).

If they do, verify that your technical documentation meets the transparency requirements. If you’re relying on a cloud provider’s model, ask them directly what they disclosed to the AI Safety Office and what that means for your compliance posture.

8. NIST moves to standardize AI agent identity and authorization

What happened: NIST closed the public comment period on April 2 for its “AI Agent Identity and Authorization Concept Paper.” This is the first step toward federal technical standards for how AI agents are identified, secured, and authorized to act on behalf of users or organizations. The paper addresses agent authentication, scope-of-action boundaries, and audit trail requirements.

Why it matters: NIST standards have a way of becoming mandatory by gravity. They start as guidelines, get adopted by federal procurement (FedRAMP, FISMA), then migrate into regulated industry requirements. This matters right now because Microsoft just shipped Agent 365 (Signal #3) and MCP just crossed 97M monthly SDK downloads (Signal #6). We’re building the agent infrastructure layer this quarter & beyond.

The identity and authorization architecture NIST defines will shape how every enterprise governs AI agents over the next 3-5 years.

What to do: Read the NIST concept paper before the final standard drops. If you’re building or piloting AI agents, map your current agent identity model against NIST’s framework: how do your agents authenticate, what scope boundaries exist, and what audit trail do they produce?

If the answer to any of those is “we haven’t decided yet,” this paper is your starting architecture.

What signal did we miss? If you’re tracking AI developments in energy infrastructure, education, or defense that should have made the cut, hit reply.

Past editions:

References:

The Terraform Migration That Isn’t About Terraform

Karthik’s AI Wanderlust — Fri, 03 Apr 2026 12:24:52 GMT

March 31, 2026 came and went. The Terraform Cloud free tier is officially dead.

If your team was running anything beyond a personal hobby project on Terraform Cloud’s legacy free plan, you either migrated, started paying, or woke up yesterday to a dashboard asking for a credit card.

The Slack channels and Reddit threads have a predictable split. Half the posts are migration war stories. The other half are some version of “we’re just going to pay it.”

Both camps are treating this as a pricing event. I think it’s an architecture referendum that most teams have been avoiding for a couple of years, and the bill finally came due.

How we got here: open source to IBM asset

Terraform launched in 2014 from HashiCorp, founded by Mitchell Hashimoto and Armon Dadgar. The timing was perfect. AWS had been around for eight years, but infrastructure management still meant clicking through web consoles or writing CloudFormation templates that read like XML nightmares.

Terraform offered something different: declarative infrastructure as code that worked across every cloud provider.

Write what you want in HCL (HashiCorp Configuration Language). Terraform figures out how to make it happen. The same syntax works for AWS, Azure, GCP, and 3,000+ other providers.

It was open source under the Mozilla Public License 2.0. The community exploded. By 2025, Firefly’s State of IaC report measured 90% adoption across the industry.

Think of Terraform like a universal remote for cloud services. Instead of logging into AWS, Azure, and Google Cloud separately and clicking buttons, you write a recipe file that says “I need two servers here, a database there, and a network connecting them.” Terraform reads the recipe and builds it all, no matter which cloud you’re using.

Then August 2023. HashiCorp switched Terraform to the Business Source License (BSL), a restrictive license that allows use but prohibits building competing products. Not quite open source, not quite proprietary. Within weeks, Gruntwork, Spacelift, Harness, Env0, and Scalr announced OpenTofu: a fork under the original open-source license. The Linux Foundation adopted it.

Then February 27, 2025. IBM acquired HashiCorp for $6.4 billion. Enterprise software veterans shrugged. IBM’s playbook is predictable. Buy the market leader. Rationalize pricing. Extract value from the installed base.

Then March 2026. The free tier disappeared. Pricing jumps to $0.10 per resource per month (Essentials), $0.47 (Standard), or $0.99 (Premium). A team managing 10,000 resources on Premium is now looking at $118,800 per year. You could perhaps hire a platform engineer for that, and they’d actually build something.

And then, almost as a footnote: in December 2025, IBM archived the Cloud Development Kit for Terraform (CDKTF), the tool that let developers write infrastructure in Python, TypeScript, Java, or C# instead of HCL.

The official reason? “Did not find product-market fit at scale.” The practical effect? If you’d built your infrastructure workflow around writing Python instead of HCL, you just got told to go back to HCL or find your own way.

CDKTF was like being able to write your cloud recipes in any language you already knew. IBM shutting it down is like a restaurant saying “we know you liked ordering in English, but from now on, the menu’s only in French.”

The pattern hiding behind the pricing change

The CDKTF sunset isn’t a one-off. It fits a pattern that keeps replaying across enterprise tech.

MongoDB switched to a restrictive source-available license in 2018. The community forked it. Elasticsearch followed in 2021. Redis in 2024. Terraform in 2023. Each time, the community response was the same: fork it, build it independently, move on.

What “open source” actually means (and why the distinction matters)

To understand why the community reacted so strongly, you need to know what was actually lost. I have been a big fan of open source but the term “open source” gets thrown around loosely in enterprise conversations, usually meaning “we can see the code.”

The reality is more specific, and the differences are worth underatanding.

The license spectrum, explained simply:
Copyleft (GPL, AGPL): “If you modify and share this, you must share your modifications too.” If you build on GPL code, your additions inherit the same obligation. Companies can use it internally without sharing, but the moment they distribute, the code stays open.
Permissive (MIT, BSD, Apache 2.0): “Do whatever you want, just keep the copyright notice.” Companies can take the code, modify it, make it proprietary, sell it. Most commercial open-source adoption runs on permissive licenses because they impose almost no obligations. Gemma 4 release from Google today uses this.
Business Source License (BSL): “Look but don’t compete.” You can read the code, run it, even modify it for internal use, but you cannot build a competing product. After a set time period (typically 2-4 years), it converts to a genuine open-source license. This is what Terraform uses now.
Source-available: You can see the code but don’t have the rights the Open Source Definition requires. It’s transparency without freedom.

There’s a history here. In the 1980s, Richard Stallman articulated the principle that software freedom isn’t about price, it’s about control. “Free as in speech, not free as in beer.” His four freedoms: the right to run, study, redistribute, and modify software. The GPL was designed to make those freedoms permanent and inheritable, so no downstream user could strip them away.

Then in 1998, Christine Peterson proposed the term “open source” because “free software” confused people (they kept hearing “zero cost”). Tim O’Reilly convened a summit that voted for the new label 9 to 6. Stallman wasn’t invited. The rebranding preserved the code-sharing practice but stripped the philosophical claim about user rights. As George London puts it: “Open source became a development methodology that corporations could adopt without changing their relationship to their users at all.”

Then SaaS made even the open-source distinction feel academic. When software runs on someone else’s servers, having the source code doesn’t help. The GPL’s sharing obligation triggered on distribution, not on running code. SaaS never distributes. The four freedoms became theoretical for most users. This is exactly why MongoDB, Elasticsearch, and Redis changed their licenses: cloud providers were running their open-source code as a service, capturing all the revenue, and sharing none of the code back because they weren’t technically distributing anything.

This context matters for the Terraform story.

BSL is none of the above traditional categories. It’s a new breed: source-available but not open source by any recognized definition, time-delayed open source (it eventually reverts), but controlled by a corporation that can change terms at will. When we say “Terraform went from open source to BSL,” that’s a philosophical category change dressed up as a licensing update. The community didn’t fork over features. They forked over freedom.

But the Terraform situation breaks this pattern. Elastic reversed course. In early 2024, Elastic moved Elasticsearch and Kibana back to an open-source-approved AGPL license, explicitly citing the damage the restrictive license had done to community trust. Redis followed a similar path. The companies that controlled these projects realized that restrictive licensing was costing them more in community goodwill than it was protecting in revenue.

Terraform hasn’t reversed. And with IBM as the owner, it almost certainly won’t. I’d love to be wrong on this one. Different ownership structure entirely. HashiCorp was a publicly traded company that needed developer adoption to grow. IBM is a $180 billion enterprise that bought HashiCorp for its installed base, not its community.

The CDKTF shutdown reinforces this potential. IBM is investing in features that increase platform stickiness while removing features that reduced vendor dependency. Invest in moats, not bridges. If you’ve watched what happened to Lotus Notes, Informix, or Rational after IBM acquired them, this looks familiar. Enterprise features got investment. Community and developer tools got deprecated. Red Hat and Ansible is the exception, not the rule - perhaps there is hope.

In practice: If your team built CDKTF-based workflows, say TypeScript modules that let frontend developers provision their own staging environments, you now need to either rewrite everything in HCL or migrate off Terraform entirely. Neither is small. For teams with 50+ CDKTF modules, budget a quarter of engineering time.

The IBM contradiction

The complication: IBM isn’t just squeezing. They’re also investing.

In September 2025, HashiCorp previewed Project Infragraph, a real-time infrastructure knowledge graph designed for agentic orchestration. The pitch: AI agents will understand your entire infrastructure topology, dependencies, and drift state, and can make autonomous decisions about provisioning and remediation. IBM has 16 open engineering positions on the Terraform team. Development velocity, by at least one practitioner’s account, has increased since the acquisition.

So which is it? Is IBM killing Terraform or investing in it? It appears to be both.

IBM is investing in the features that potentially makes Terraform Cloud stickier to the Enterprise users: infrastructure graphs, agentic automation, enterprise governance.

These are features that increase switching costs. At the same time, IBM is removing the features that made Terraform more portable. External language support (CDKTF), the free tier that let small teams evaluate without commitment, and the open-source license that let competitors build on the same foundation.

In practice: A CIO evaluating Terraform’s roadmap might look at Project Infragraph and say “IBM is serious about innovation.” That’s true. But the innovation is pointed at lock-in, not openness. Infragraph makes your infrastructure data more valuable inside IBM’s ecosystem. It doesn’t make it easier to leave.

Classic enterprise software strategy. Make the product better for paying customers while making the exit ramp steeper. Oracle has been running this play for 30 years.

The real question: does the value Infragraph creates exceed the optionality it removes?

To be fair

The “IBM is extracting value” framing is an easy target. It runs the risk of being incomplete. IBM has 16 open engineering positions on the Terraform team. Development velocity has measurably increased since the acquisition. Project Infragraph is an ambitious technical bet, not a cost-cutting exercise dressed up in a press release.

For a CIO running 5,000+ resources across multiple clouds in a regulated industry, the integrated governance story that IBM is building might actually be worth the premium. Lock-in and value creation aren’t mutually exclusive. Oracle has proven that for three decades. Run the numbers: if Infragraph reduces your mean time to infrastructure remediation by 40%, does it matter that switching costs went up? For some organizations, the answer is genuinely no, operational outcomes over philosophical preferences about software licensing. The mistake would be making that trade without acknowledging you’re making it.

The market options: four lanes, not one

While IBM was restructuring Terraform’s economics, the competitive landscape was assembling itself into four distinct lanes.

Lane 1: Sovereign (OpenTofu). The open-source fork has now surpassed 10 million downloads, 25,000+ GitHub stars, and 70+ active contributors. The Cloud Native Computing Foundation (CNCF) accepted it into its Sandbox in April 2025. OpenTofu 1.11 already has features Terraform doesn’t have: ephemeral resources that keep credentials in memory (never persisted to state), write-only attributes for secrets, cleaner conditional syntax.

One practitioner reported migrating from Terraform 1.14.7 to OpenTofu 1.11.5 in ten minutes with zero infrastructure changes.

Lane 2: Orchestrated (Spacelift, env0). Spacelift closed a $51 million Series C in July 2025. Its customer list (Redfin, Figma, 1Password, Moody’s, Duolingo, SailPoint) reads like a who’s who of companies that take infrastructure governance seriously.

On March 18, 2026, Spacelift launched two products that reframe the entire IaC conversation: Spacelift Intelligence (AI-powered analysis of infrastructure patterns, cost anomalies, and drift) and Spacelift Intent (natural language infrastructure provisioning).

Spacelift’s co-founder Marcin Wyszynski called it bringing “vibe coding to infrastructure provisioning.” That framing is worth paying attention to.

If a product manager can type “I need a staging environment that mirrors production but with smaller instance sizes and a 4-hour auto-shutdown” and get a working Terraform plan, HCL fluency stops being a requirement. The governance layer, who can deploy what, where, under what conditions, becomes the only thing that matters.

The platform is engine-agnostic by design.

Spacelift works with Terraform, OpenTofu, Pulumi, CloudFormation, Ansible, and Kubernetes. The IaC engine underneath is a pluggable component, not a commitment. This matters because it decouples the “which engine” decision from the “which management platform” decision entirely.

Policy enforcement runs on Open Policy Agent (OPA). Write Rego policies like “no S3 buckets without encryption” or “all EC2 instances must have backup tags” and they’re enforced at plan time, before anything touches production. Developers never interact with raw Terraform state. They work through Spacelift’s abstraction layer, which means a misconfigured policy blocks a deployment before it starts, not after an incident report.

The pricing model is per-worker (execution environment), not per-resource like Terraform Cloud. Costs scale with deployment frequency, not infrastructure size. For teams with large resource counts but moderate deployment cadence, say 15,000 resources but only 200 runs per month, this can be dramatically cheaper than Terraform Cloud’s per-resource billing.

One caveat worth noting: self-hosted Spacelift is missing some Azure and GCP cloud integrations that the SaaS version includes. If you self-host for data residency reasons, verify that the integrations your team needs are available in that deployment model before committing.

Spacelift Intelligence, launched alongside Intent in March 2026, analyzes infrastructure patterns across all your stacks, surfaces cost anomalies, predicts drift before it causes incidents, and recommends optimization. Think of it as a consultant that watches every deployment and learns what “normal” looks like for your organization, then flags when something deviates.

In practice: A mid-market SaaS company with 300 engineers and 8,000 resources across AWS and GCP is paying Terraform Cloud $45,000/year on Standard tier. They switch to Spacelift with 10 workers. Their developers request infrastructure through Spacelift’s self-service portal, OPA policies enforce tagging and encryption standards automatically, and Intelligence catches a cost anomaly where a team left GPU instances running in a dev environment for three weeks. The Spacelift bill is lower, but the real savings come from the governance automation they couldn’t build themselves.
Imagine telling Siri “set up a test version of our website that turns off at midnight to save money” and having it actually work, with all the right security rules applied automatically. That’s what Spacelift Intent is trying to do for cloud infrastructure.

Lane 3: Platform-native (Harness). Harness raised $240 million at a $5.5 billion valuation in December 2025 (Goldman Sachs led). On track to exceed $250 million in annual recurring revenue. Their angle is different from Spacelift’s: infrastructure management isn’t a standalone problem, it’s part of the software delivery pipeline.

Harness is a full software delivery platform, not just an IaC tool. The IaC Management (IaCM) module sits alongside Continuous Integration, Continuous Delivery, Feature Flags, Cloud Cost Management, Service Reliability Management, Security Testing Orchestration, and Software Engineering Insights.

Eight modules, one platform, one vendor relationship. For organizations tired of stitching together fifteen SaaS tools with custom glue code, that consolidation could be attractive.

The IaCM module shipped in 2024, making it roughly 18 months old. Most published Harness case studies showcase CI/CD, not IaCM specifically. The strongest IaCM reference is an unnamed global bank that deployed 4,000 workspaces in six months using templates.

“Several dozen enterprise customers” is the honest number for IaCM adoption, which is candid marketing for “early.”

The platform’s CI/CD reputation is battle-tested. The IaCM module is still earning its stripes.

The self-hosted option (Self-Managed Platform, or SMP) is still in Beta, not GA. Cost estimation doesn’t work in the self-hosted version. Air-gapped environments need extra configuration work. For organizations that require on-premises deployment for regulatory reasons, that Beta status is a real constraint, not a footnote.

AIDA (AI Development Assistant) is built into every module. For IaC specifically, it analyzes failed deployments, suggests remediation steps, auto-generates rollback plans, and explains why a policy check failed in plain English. When a Terraform plan fails an OPA check at 2 AM, AIDA can tell the on-call engineer what went wrong, why the policy exists, and what to change, without requiring that engineer to understand Rego syntax.

Harness’s thesis, articulated in their Series E pitch, is that AI solved the “writing code” problem but created a new gap between code generation and production deployment. They call it the “after code gap.” Code gets written faster than ever, but the pipeline between code and production (testing, security scanning, compliance checks, staged rollouts, observability) hasn’t sped up proportionally. Their platform sits in that gap.

Infrastructure changes in Harness go through the same approval workflows, canary deployments, and rollback mechanisms as application code. No separate process for infra versus app. A Terraform plan gets the same staged rollout treatment as a microservice deployment: deploy to 5% of environments, verify metrics, expand to 25%, verify again, then full rollout.

If drift is detected, the same rollback pipeline that handles application failures handles infrastructure failures.

The Harness 2026 State of DevOps Modernization report found that 73% of organizations lack standardized infrastructure templates, and teams using heavy AI code generation see a 22% deployment remediation rate. Meaning AI is writing infrastructure code faster than organizations can govern it.

In practice: An enterprise financial services company with 1,200 developers runs Harness across the full delivery lifecycle. A developer uses GitHub Copilot to generate a Terraform module for a new payment processing service. The code enters the Harness pipeline, where AIDA flags that the security group allows inbound traffic from 0.0.0.0/0, a PCI-DSS violation. The pipeline blocks, AIDA suggests the correct CIDR range, and the developer fixes it before the plan ever runs. The same pipeline handles the application deployment, the feature flag rollout, and the cost monitoring. One platform, one audit trail, one place to look when something breaks.

Lane 4: Backend swap (Scalr). There’s a fourth option most IaC analysis misses. Scalr isn’t an orchestration platform or a DevOps suite. It’s a remote operations backend, a drop-in replacement for Terraform Cloud. The pitch: point your existing Terraform CLI workflows at Scalr instead of TFC. Your engineers keep running terraform plan and terraform apply exactly as they do today. The backend changes. The workflow doesn’t.

Scalr’s hierarchy (Account, Environment, Workspace) was designed for multi-team governance. Environments are true isolation boundaries: variables, policies, credentials, and RBAC are all scoped at that level. One team literally cannot see another team’s workspaces. For organizations with globally distributed teams at different skill levels, that clean isolation model with zero workflow disruption is compelling.

The pricing is per-run, all features included, no tiering. Self-hosted agents can run in each region’s cloud subscription, keeping state files local while centralized governance stays consistent.

The tradeoffs are real. Scalr supports Terraform and OpenTofu only (no Pulumi, Ansible, or CloudFormation). The company has $7.35M in total funding, 48 employees, and roughly $5.3M in annual revenue. It’s profitable and bootstrapped, which is a survival advantage, but a 48-person company backing a global enterprise standard is a concentration risk. The review corpus is thin: TV4 (Sweden’s largest commercial TV network) migrated 1,000 workspaces and reported being “very happy” after a year, but large-scale enterprise references beyond that are limited.

The right choice depends on where your organization places its complexity budget, not which tool has more checkboxes on a feature comparison.

Head-to-head: Terraform Cloud vs. Spacelift vs. Harness vs. Scalr

No table makes this decision for you. The comparison above shows capability parity on most dimensions.

The real differentiator is philosophy:

do you want a standalone IaC platform (Terraform Cloud),
an engine-agnostic governance layer (Spacelift),
IaC as one module inside a broader delivery platform (Harness), or
the fastest possible TFC escape with the least disruption (Scalr)?

The answer depends on which problem you think you’re solving.

What real users actually say

Every vendor comparison cherry-picks features. The more useful question is what actual users complain about after six months of production use. Here’s what the G2, PeerSpot, and Capterra reviews surface when you filter out the marketing.

Harness’s learning curve complaint isn’t a minor gripe. It appears in nearly every critical review. Concepts like services, environments, pipelines, templates, delegates, and connectors all have Harness-specific meanings that take weeks to internalize. For organizations with teams at different skill levels across different regions, this is a material implementation risk. You can’t assume that the team in Mumbai and the team in Dallas will absorb the same training at the same speed. Multiply that onboarding cost by every new hire, every team rotation, every contractor onboarding.

Spacelift’s config overhead is less severe but creates real friction during onboarding: you hit a chicken-and-egg problem where adding configuration items requires contexts to already contain those items. The workaround is straightforward once you know it, but it trips up every new user. Spacelift’s support team is responsive enough that most teams get past it quickly, which is why the praise and the complaint coexist in the same reviews.

Will these companies exist in 5 years?

Every enterprise buyer asks this question. Here’s the data:

Harness is the safest bet on company survival: $5.5B valuation, Goldman Sachs backing, approaching IPO scale. The risk isn’t that Harness dies. It’s that IaCM stays a secondary module and never gets the investment attention that CI/CD gets.

Spacelift is well-funded for its stage, with infrastructure orchestration as its entire business, an existential commitment to the problem.

Scalr is profitable and bootstrapped, which is genuinely a survival advantage over VC-dependent companies, but 48 people supporting enterprise-scale deployments is concentration risk. If a key engineer departs, your platform roadmap feels it.

The AI velocity paradox nobody’s pricing in

There’s a deeper signal here.

Harness’s finding, the 22% deployment remediation rate among heavy AI coders, connects to the IaC market in a way most analysis misses. If AI generates infrastructure code faster than humans ever could, the bottleneck isn’t authoring HCL or writing Pulumi programs. The bottleneck is governance. Who reviews the AI-generated plan? Who catches the misconfigured security group? Who enforces that Frankfurt customer data stays in EU-Central-1?

The IaC engine, Terraform, OpenTofu, Pulumi, Crossplane, is becoming a commodity.

What matters is the layer above it: policy enforcement, drift detection, cost controls, compliance audit trails.

That’s where Spacelift and Harness are placing their bets.

Spacelift Intent takes this one step further. If natural language can provision infrastructure, HCL fluency isn’t a moat anymore. The IaC language wars (HCL vs. Python vs. TypeScript vs. YAML) may be a distraction. Within two to three years, the authoring layer could be irrelevant. The governance layer won’t be.

George London, CTO of Upwave, recently argued that AI coding agents could make free software matter again. His point: Stallman’s four freedoms assumed you needed to be a programmer to exercise them. If an AI agent can read, understand, and modify source code on your behalf, access to source code stops being a symbolic right for developers and becomes a practical capability for anyone. A product manager who can’t write HCL could ask an agent to customize their infrastructure workflow, but only if the code is actually accessible.

Apply that to the IaC context. When agents can generate and modify infrastructure code, the question of whether that code runs on an open engine (OpenTofu) or a source-available one (Terraform BSL) stops being philosophical and starts being operational. An agent can fork, patch, and extend OpenTofu. It cannot do the same with Terraform’s BSL-licensed code without IBM’s permission. The license isn’t just a document in a repo. It’s the boundary of what your agent can do.

In practice: A platform engineering team debating “should we migrate to OpenTofu or Pulumi?” might be asking the wrong question entirely. The better question: “Who governs the infrastructure code that AI is about to start generating at scale?” If the answer is “nobody, we’ll review it manually,” that works at 50 deployments a month. It breaks at 500.

Same structural pattern we covered in AI Waypoints Edition #1.

Enterprise signals that look like pricing stories on the surface but are actually architectural inflection points underneath.

What this means: this month and this quarter

This month:

Audit your actual exposure. How many resources is your team managing? Multiply by $0.10 (Essentials) and $0.47 (Standard). If the annual number is under $5,000, this may not be worth a migration. If it’s over $50,000, you owe your leadership a formal options analysis.
Check your CDKTF exposure. If any of your infrastructure workflows depend on CDKTF, start planning the rewrite now. IBM archived it in December 2025 and won’t be maintaining it.
Read your Terraform Enterprise contract renewal terms. Some teams are discovering pricing changes they didn’t expect. Know what you’re signing before auto-renewal kicks in.

This quarter:

Run a proof-of-concept migration. One practitioner reported Terraform-to-OpenTofu migration in ten minutes for a simple project. Real enterprise migrations with 50+ workspaces, Sentinel policies, and compliance frameworks take 6-12 months. The PoC tells you whether you’re in the “ten minutes” or “twelve months” camp.
Evaluate the orchestration layer independently from the engine. Spacelift works with both Terraform and OpenTofu. Harness is engine-agnostic. Scalr is a direct backend swap. The “which IaC engine” decision and the “which management platform” decision are separate. Don’t conflate them.
Factor AI into the timeline. If your organization is adopting AI code generation for infrastructure (GitHub Copilot for Terraform, Spacelift Intent, or internal tools), governance becomes urgent. The 22% remediation rate Harness found isn’t getting better on its own.

What to watch:

Whether IBM offers meaningful price concessions before Q3 renewal season. If they do, the pricing was a market test, not a strategic shift. If they don’t, plan accordingly.
OpenTofu’s CNCF graduation timeline. Sandbox status is fine. Graduated status signals long-term institutional backing.
Whether Elastic and Redis’s license reversals put pressure on IBM to reconsider the BSL. The pattern exists. The structural incentives against it are strong. But stranger things have happened.

Is your team treating the Terraform deadline as a pricing problem or an architecture problem? I’m collecting migration stories. Hit reply if you’re in the middle of this decision. The patterns are more useful than any vendor comparison chart.

References:

NVIDIA Builds the Factory Floor. RSA Sells the Fire Exits. They Need Each Other.

Karthik’s AI Wanderlust — Wed, 01 Apr 2026 11:47:27 GMT

Two weeks ago, Jensen Huang stood on a stage in San Jose at GTC Conference and projected $1 trillion in AI infrastructure demand through 2027.

Last week in San Francisco, Kevin Mandia told an RSA crowd that “nobody’s ready for it.”

Both are right. Both are selling something.

That gap is going to define enterprise IT strategy for the next three years.

The easy narrative says these conferences represent opposing forces: NVIDIA wants you to build faster, security vendors want you to slow down. It’s a clean story. It’s also wrong.

The co-dependency nobody wants to admit

NVIDIA doesn’t just sell GPUs to the AI-first crowd. It showed up at RSA with DOCA Argus — runtime threat detection on BlueField DPUs that NVIDIA claims runs 1,000x faster than existing agentless solutions. Cisco, CrowdStrike, and Palo Alto Networks all build on NVIDIA hardware. The security vendors aren’t fighting NVIDIA’s infrastructure buildout. They’re building on top of it.

ELI5: BlueField DPUs — Think of a DPU as a dedicated bouncer at the door of a data center server. Instead of the main computer (CPU) wasting energy checking IDs and enforcing rules, the bouncer handles all the security and networking work independently. DOCA Argus is the bouncer’s playbook for spotting threats.

And NVIDIA needs security vendors just as badly. Jensen’s formula from GTC — Revenue = (Tokens per Watt) x (Available Gigawatts) — only works if enterprises actually deploy AI workloads at scale. Right now, they mostly aren’t.

Cisco’s survey puts it at 85% of major enterprises experimenting with AI agents and exactly 5% running them in production. The technology isn’t the problem. Companies can’t get it approved. CISOs won’t sign off on production deployment without a security story, and security vendors are the ones writing that story.

In practice: A financial services firm buys NVIDIA DGX systems to run fraud detection models. Without a security framework certified for GPU workloads, the CISO blocks production deployment. NVIDIA’s revenue depends on that CISO saying yes. The security vendor’s product only matters if there’s a GPU workload to protect. Neither makes money without the other.

NVIDIA builds the factory floor. Security vendors sell the fire exits. The factory doesn’t get an occupancy permit without fire exits. The fire exit business doesn’t exist without factories. They’re locked together.

The numbers that don’t add up (and what they tell us)

Pull two numbers from these same two weeks:

Cisco says 5% of enterprises have AI agents in production. CrowdStrike’s Falcon sensors detect 1,800+ distinct AI applications and 160 million instances across enterprise endpoints. How do you get 160 million instances of something that only 5% of organizations have deployed?

Unless you accept that these are measuring fundamentally different things. Cisco is counting governed, intentional, IT-sanctioned agentic AI deployment.

CrowdStrike is counting everything — shadow AI tools, embedded AI features in existing SaaS, personal accounts, and experimental pilots that nobody reported. Both are accurate and hence the problem.

This is the same dynamic we covered in the Speakeasy Problem: banning or ignoring AI in the enterprise doesn’t stop usage — it drives it underground. CrowdStrike just gave us the infrastructure-layer receipt. The speakeasy is running 160 million drinks a night.

Meanwhile, VentureBeat reports an 82:1 ratio of AI agent identities to human identities in enterprise environments. While 5 agent identity frameworks shipped at RSA, 3 critical gaps remain: agent-to-agent trust, memory integrity, and registry-to-runtime provenance. We’re building identity management for a workforce that outnumbers humans 82 to 1, and we haven’t figured out whether agents can verify each other’s credentials.

ELI5: Registry-to-runtime provenance — Imagine you register a new employee and give them a badge. Provenance means you can verify, at any moment, that the person using the badge is the same person you registered: not someone who copied the badge, modified their own permissions, or swapped identities with another employee. For AI agents, we can’t do that yet.

Have we seen this movie before?

The cloud computing era ran the same playbook, just slower. AWS launched in 2006 with no native security model. By 2010, the biggest enterprise objection to cloud was “we can’t see what’s in there.” Cloud security vendors barely existed. By 2012, the market was $4.1 billion. By 2026, cloud security is embedded in every enterprise stack and nobody thinks twice about it.

AI is running that same pattern at roughly 3-5x speed. The “GPU blind spot” — traditional EDR tools literally cannot see GPU workloads, creating an unmonitored attack surface in AI factories — is structurally identical to the cloud visibility problem of 2010. Futurum Group flagged this at RSA: 62% of organizations say AI-powered defensive tools are essential, while 62% have experienced significant increases in AI-driven attacks. Offense and defense are scaling together, on the same hardware, from the same vendor.

In practice: Your SOC team runs CrowdStrike on every endpoint. An attacker compromises a machine running an NVIDIA GPU workload — say, a model training job. CrowdStrike’s endpoint agent can’t inspect GPU memory. The attack runs undetected in the GPU layer. DOCA Argus is NVIDIA’s answer to that blind spot, but it only runs on BlueField DPUs, which means your existing security stack has a hardware dependency it didn’t have last year.

Think of NVIDIA as the casino. They built the floor, they supply the chips, and now they’re selling you the security cameras pointed at the players. The house doesn’t care whether you win or lose. It cares that you play. Jensen doesn’t need to pick a side. He owns the house.

What the vendor pitch decks aren’t telling you

Notice what NVIDIA now sells: the GPU, the DPU (BlueField), the security layer (DOCA Argus), the networking stack (Spectrum-X), and the agentic AI framework (OpenShell). When Cisco, CrowdStrike, and Palo Alto say they “build on NVIDIA hardware,” that’s not a partnership announcement. It’s a disclosure that they’ve acquired a hardware dependency they didn’t have two years ago. You’re not buying a multi-vendor security stack. You’re buying an NVIDIA-certified ecosystem with multiple logos on the box.

And DOCA Argus, NVIDIA’s answer to the GPU blind spot, only covers NVIDIA hardware. AMD MI300X workloads? Intel Gaudi? Still invisible. So you’re trading one blind spot for fragmented visibility — you can see threats on NVIDIA hardware but stay blind on everything else.

There’s also a harder question nobody at either conference answered: does any of this work? CrowdStrike’s detection of 1,800 AI applications across enterprise endpoints is a remarkable capability demo. But no RSA 2026 vendor showed measurable breach prevention or actual incident response improvement from agentic security tools. DOCA Argus claims 1,000x faster threat detection that is sourced entirely to NVIDIA, zero third-party validation. Before you make a security architecture bet on this stack, you’d want to know whether you’re buying proven protection or a very well-funded proof of concept.

The timeline is also not what the conference energy suggests. Sightline Climate estimates 30-50% of planned datacenter projects won’t come online this year due to energy and financing constraints. The factory floor in the headline metaphor is, for a meaningful slice of the market, still under permit review.

To be fair: none of this means the build-out is fake. Gartner projects $2.52 trillion in worldwide AI spending in 2026, up 44% year-over-year. The direction is right. But the co-dependency between NVIDIA and security vendors has a timing problem baked in — NVIDIA needs fast deployment to hit its numbers; governance frameworks slow deployment by design.

Every security gate a CISO adds to agent rollout is friction on the timeline. The two sides need each other, but they don’t need the same thing from the calendar.

What this means for enterprise leaders

Alex Stamos warned that “exploit discovery has gone exponential.” George Kurtz declared that “by 2027, your smartest employee will be a machine.” Up to 80% of reconnaissance and exploitation is now AI-driven. Google’s Mandiant team says attackers have reduced the defender intervention window to 22 seconds.

These aren’t reasons to stop deploying AI. They’re reasons to stop treating security as something we figure out after deployment.

The 85%/5% production gap is the most important number in enterprise AI right now. It means the governance frameworks I covered earlier — the 63% of organizations that can’t enforce purpose limits on AI agents — now have concrete vendor responses.

Cisco introduced “action control” (shifting from who can access to what agents can do). CrowdStrike launched Charlotte AI AgentWorks. Palo Alto shipped Prisma AIRS 3.0 for the full agentic lifecycle.

The tools now exist. Will the adoption catch up?

This month:

Audit your GPU workload visibility. Ask your security team: “Can our EDR see what’s running on GPUs?” If the answer is no, (which most likely as this is just emerging) you have a blind spot that didn’t exist two years ago.
Count your AI agent identities. The 82:1 ratio may sound extreme, but most organizations have no inventory of AI agents operating on their network. CrowdStrike’s 1,800+ detected apps across enterprises is the starting point, not the ceiling.

This quarter:

Close the 85/5 gap in your own org. Pick one AI agent workflow, stand up governance (identity, action control, logging), and move it from experiment to production. The governance doesn’t have to be perfect. It has to exist.
Evaluate your security stack’s AI-layer coverage. Traditional endpoint and cloud security tools were not built for GPU workloads or agent-to-agent communication. Geordie AI (RSA Innovation Sandbox winner) and NVIDIA’s DOCA Argus represent two different approaches — startup agility vs. platform integration. Know which bet you’re making.

The GTC-RSA cycle will repeat next year with bigger numbers and scarier warnings. The enterprises that close the production gap this year won’t be scrambling to catch up.

Most of us are in the 85% experimenting, 5% deployed camp. What’s actually blocking the move to production — technical gaps, governance gaps, or the fear of getting it wrong?

References:

AI Waypoints: Week of March 24, 2026 — Edition #3

Karthik’s AI Wanderlust — Mon, 30 Mar 2026 13:09:34 GMT

Good morning. This week’s theme is the gap between ambition and the ground economics — agentic security products arrived at RSA just as a leaked model revealed offensive AI capabilities outpacing defenses, Microsoft is spending $37.5B a quarter with unclear returns, and OpenAI killed a product burning $15M a day.

1. RSA Conference 2026 — the agentic security stack arrives

What happened: RSA Conference (March 23-26, San Francisco) was wall-to-wall agentic AI security. Cisco launched DefenseClaw, an open-source framework that scans every skill, plugin, and Model Context Protocol (MCP) server — the connectors that let AI agents reach enterprise tools and data — before an agent executes. Runtime monitoring is included; available on GitHub March 27. Cisco also shipped zero-trust network access (ZTNA - the principle that no user or system is trusted by default) for AI agents via Duo identity management and an Agent Runtime SDK supporting Bedrock, Vertex, Azure AI Foundry, and LangChain. Check Point launched AI Defense Plane: a unified control plane with adaptive protection in under 50ms across 100+ languages. IBM, Auth0, and Yubico introduced a Human-in-the-Loop framework requiring cryptographically verified human approval for high-stakes agent actions.

Why it matters: The security industry is converging that agentic AI is a market, not a research topic. Cisco’s own survey puts the number at 85% of enterprises experimenting with AI agents but only 5% in production. That 80-point gap is almost entirely a trust problem. Three separate vendors shipped agent security products in the same week — the tooling is catching up.

What to do: Evaluate DefenseClaw this week — it’s free, open-source, and installable in about five minutes. If you’re running MCP servers (and after last edition’s 36.7% vulnerability finding, you should know whether you are), add Cisco’s MCP gateway policy enforcement to your evaluation list. For high-stakes agent deployments, look at the IBM/Auth0/Yubico Human-in-the-Loop framework before building your own approval workflow.

2. Anthropic’s Claude Mythos leak — next-gen model surfaces in security breach

What happened: On March 26, Fortune reported that roughly 3,000 unpublished Anthropic assets were exposed through an unsecured data cache — a content management system (CMS) misconfiguration. The documents describe “Claude Mythos” (codename: Capybara), a new model tier above Opus with “dramatically higher” scores on coding, reasoning, and cybersecurity benchmarks. Internal docs warn the model is “currently far ahead of any other AI model in cyber capabilities” and “presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders.” Anthropic is testing with early access customers and pursuing a cautious rollout to give cyber defenders a head start.

Why it matters: A model that can find and exploit vulnerabilities faster than human defenders changes the security calculus for every organization — not eventually, but on a timeline measured in quarters. A frontier AI lab exposed 3,000 internal assets through a misconfigured content system. Worth noting the context: ARC-AGI-3, released the same week, scored every frontier model under 1% on tasks 100% of humans solved on their first try. The models are getting dramatically better at some things while remaining dramatically worse at others - the jagged frontier. The cautious rollout strategy, letting defenders tool up before broad release, is new territory for how the industry thinks about model availability.

The most capable models may not be generally available on day one.

What to do: Ask your CISO how current vulnerability management timelines hold up if offensive AI tools improve by an order of magnitude. That’s not a hypothetical — it’s a planning question. If you’re an Anthropic customer, ask your account team about early access timelines for Mythos. If you’re evaluating model providers, the cyber capability gap between tiers now matters for risk assessment, not just feature comparison.

3. Microsoft’s AI spending reckoning — tracking toward worst quarter since 2008

What happened: Microsoft stock fell 24% year-to-date through March 27, putting it on pace for its worst quarter since Q4 2008. Q2 FY2026 capital expenditure (infrastructure investment) hit $37.5B, a 66% year-over-year increase, with FY2026 projected at $146B (up from $88B in FY2025). Analysts project $170B in FY2027, $191B in FY2028. Azure growth showed a “modest deceleration.” Copilot has “yet to gain broad traction” among hundreds of millions of M365 users. Microsoft froze hiring across cloud and sales units. But buried in the numbers: commercial remaining performance obligation (contracted revenue not yet recognized) hit $625B, up 110% year-over-year.

Why it matters: One question is driving the stock decline: when does $37.5B per quarter in AI infrastructure spending start showing up in product revenue? The Copilot traction problem is familiar — we flagged the leadership restructuring two editions ago — but the spending scale changes the stakes. The $625B backlog number is enormous and largely unreported. Microsoft has the contracts. It just hasn’t converted them yet. For enterprise customers, the hiring freeze is a practical problem: a leaner Microsoft field organization means less account coverage and slower support response.

What to do: If you’re a Microsoft enterprise customer, check whether your account team has been affected by the hiring freeze. Reduced coverage during an AI transition is a risk worth naming in your vendor review. If you’re building Azure-dependent infrastructure, the capital expenditure trajectory suggests Microsoft isn’t pulling back on capacity — but watch Azure pricing for pass-through cost adjustments in the back half of 2026.

4. OpenAI kills Sora — $15M a day in smoke

What happened: On March 24, Sam Altman told staff that Sora is shutting down, six months after launch. The numbers: roughly $15M per day in inference costs against $2.1M in total lifetime revenue. Downloads had already fallen 75% from their November 2025 peak. Disney’s planned $1B investment in OpenAI collapsed with no money changing hands. OpenAI is pivoting the team to “world simulation research to advance robotics.” A successor model called “Spud” is in development. Separately, Altman told staff he has relinquished direct oversight of OpenAI’s safety and security teams to focus on fundraising, supply chains, and building data centers at scale. Safety now reports to CRO Mark Chen; security to president Greg Brockman.

Why it matters: Sora is the clearest case study yet for inference economics killing an AI product that works technically but fails commercially. The math was never going to pencil out — $15M a day against $2.1M total is a burn ratio that makes WeWork look disciplined. The Disney fallout shows how fast enterprise partnerships unwind when the underlying economics collapse. “Technically impressive” and “commercially viable” are different questions.

What to do: Audit any production workflows or planned deployments that depend on third-party AI features with unclear unit economics. You don’t need to forecast every vendor’s burn rate, but you should know which of your AI dependencies are core product vs. loss-leader features that could be cut. If you had Sora in a creative workflow, evaluate Runway, Pika, and Kling as alternatives.

5. Anthropic wins Pentagon injunction

What happened: On March 26, U.S. District Judge Rita F. Lin issued a preliminary injunction blocking the Pentagon’s plan to designate Anthropic a supply chain risk — a label typically reserved for foreign adversaries. The language was sharp: “Nothing in the governing statute supports the Orwellian notion that an American company may be branded a potential adversary and saboteur of the U.S. for expressing disagreement with the government.” The government has seven days to appeal.

Why it matters: This was Signal #7 in Edition #2 — the hearing. Now we have the ruling, and it landed harder than expected. A federal judge just said the government cannot weaponize supply chain designations to punish a vendor for insisting on ethical use terms. That’s real cover for any AI vendor — or any technology company — that wants to hold use restrictions in government contracts. The seven-day appeal window means this isn’t settled, but the judicial language gives vendors real cover to hold their ground.

What to do: If your organization sells AI to government agencies (or plans to), this ruling strengthens your position on ethical use clauses. Share it with legal. If you’re an Anthropic customer, the commercial availability risk we flagged in Edition #2 just got smaller — for now. We will watch the appeal window closely.

6. SoftBank’s $40B bridge loan signals an OpenAI IPO

What happened: SoftBank secured a $40B unsecured bridge loan from JPMorgan Chase, Goldman Sachs, and four Japanese banks (reported March 27). The loan covers SoftBank’s $30B commitment to OpenAI’s $110B funding round — the largest private round in history. It’s a 12-month term, creating a hard March 2027 repayment deadline. Market observers read this as strong lender confidence that an OpenAI IPO happens in late 2026 at the current $840B post-money valuation, giving SoftBank the liquidity to settle.

Why it matters: Six major banks don’t extend $40B unsecured on a hunch. The 12-month term is the tell — it only makes sense if lenders expect a liquidity event before the note comes due. An OpenAI IPO at that valuation would create a new public benchmark that reprices every competitor and customer relationship in the AI market. For enterprise buyers, a public OpenAI means quarterly earnings calls, transparency into unit economics, and pressure to show margin, which could push enterprise contract pricing higher than it is today.

What to do: If you’re negotiating an OpenAI enterprise contract, the IPO timeline matters. Pre-IPO, OpenAI has incentive to lock in revenue commitments that look good in its S-1 filing (the document companies file before going public). That could mean favorable terms now. Post-IPO, margin pressure could push prices up. Ask your procurement team whether contract timing should factor into your negotiation strategy.

7. OpenAI acquires Astral — Python’s developer tools enter the AI stack

What happened: On March 19, OpenAI announced the acquisition of Astral, the company behind uv (Python package manager), Ruff (linter and formatter), and ty (type checker) — all built in Rust and widely adopted across the Python ecosystem. OpenAI plans to integrate these tools into Codex, which now has 2M+ weekly active users with 3x user growth and 5x usage increase since January 2026. The tools remain open-source post-acquisition.

Why it matters: This is an infrastructure play, not a feature add. When an AI lab acquires the tools developers already use to manage dependencies, lint code, and check types, they’re embedding themselves into the development workflow at a layer below the code editor. Astral’s tools are the plumbing that Python developers reach for daily. Now that plumbing feeds into Codex. The open-source commitment matters: if it holds, this is smart distribution. If it doesn’t, the Python community will fork faster than OpenAI can blink.

What to do: If your engineering teams use uv or Ruff (and many Python shops do without formally knowing it), check whether the OpenAI acquisition changes your acceptable tooling policy. Evaluate whether Codex integration creates a data pathway you need to govern. Watch the open-source commitment — the moment licensing terms or telemetry policies shift, have an alternative ready.

8. Claude can now use your computer — Anthropic ships computer use in Cowork and Claude Code

What happened: On March 23, Anthropic launched Computer Use in research preview across Claude Cowork and Claude Code. Claude can now see, navigate, and control a Mac desktop: opening apps, clicking buttons, filling spreadsheets, and running multi-step workflows without human intervention. Available to Pro and Max subscribers. The system uses smart fallback logic — native connectors for apps like Gmail, Slack, and Calendar when available, screen control when not. A “Dispatch” mode lets Claude work autonomously while you step away. macOS only at launch. Anthropic cautioned the capability is “still early” and built it with a permission-first model: Claude requests access before touching a new application, and users can stop it at any time.

Why it matters: This is the first major AI vendor shipping an agent that operates your actual computer, not just a chat window or an API. The Dispatch mode is the meaningful part — it turns Claude from a tool you use into a worker that runs independently. The permission-first approach is smart given the RSA security conversation happening simultaneously (Signal #1), but the governance question for enterprise is real: who is accountable when an AI agent clicks “approve” on a procurement form or sends an email from a shared inbox?

What to do: If you’re a Claude Pro or Max subscriber, try Computer Use on a low-stakes workflow this week to understand the capability and its limits. If you’re in enterprise IT, start drafting a policy for AI agents that control employee desktops — what apps are in scope, what actions require human confirmation, and how you log what the agent did. Don’t wait for the security stack to catch up. Define the boundaries now.

What’s the signal we’re missing? If you spotted something in healthcare, manufacturing, or financial services this week that should have made the list — hit reply.

Past Editions:

References:

The Rungs Are Gone: AI Isn't Replacing Workers — It's Locking Out the Next Generation

Karthik’s AI Wanderlust — Fri, 27 Mar 2026 14:37:24 GMT

Earlier this month, a Fortune headline warned of “a Great Recession for white-collar workers” based on Anthropic’s own labor market research. The researchers found that AI is theoretically capable of handling 94% of tasks in computer and mathematical occupations. That sounds alarming. Then you look at the unemployment data — US total employment is up 2.5% since ChatGPT launched in November 2022 — and the alarm fades. Surely if AI were devastating the labor market, it would show up somewhere.

It does. Just not where anyone is looking.

The AI labor market story isn’t about layoffs. It’s about new entries. Experienced workers are getting wage increases. Young workers are getting locked out before they start. And the aggregate employment statistics — which measure people who had a job and lost it, not people who never got one — are hiding the split entirely.

The number that explains everything: 0.1

The Dallas Fed (yes, Dallas has a Fed) published research in January 2026 on employment trends among workers aged 22-25 in AI-exposed occupations — jobs where AI can directly perform a significant portion of tasks. Employment in those roles has declined 13% since 2022. Employment share in the most AI-exposed occupations has slipped from 16.4% to 15.5% for this cohort. Job finding rates for new entrants in the most AI-exposed sector dropped more than 3% since November 2023.

Add all of that up and convert it into aggregate unemployment, and it contributes 0.1 percentage points to the national unemployment rate.

The headline number might seem fine. The generation of new grads trying to enter the workforce in AI-exposed fields is not.

A parallel piece of research from the Dallas Fed clarifies the mechanism. AI can automate what economists call codified knowledge — things we learned from a textbook, a training manual, or a procedure document. It has much more difficulty with tacit knowledge — the judgment you build from years of seeing edge cases, reading the room, knowing which rules actually matter in practice.

A new lawyer follows procedure. A senior partner knows when the client needs something other than the technically correct answer. AI has gotten very good at the procedure part. The senior partner is fine. The new associate who was supposed to learn by doing that procedural work? That’s where it breaks.

The ARC-AGI-3 benchmark, released March 25, puts a number on how wide this gap actually is. It tests whether AI can figure out the rules of a novel environment from scratch — no instructions, no stated goals, just exploration and adaptation.

Every frontier language model scored below 1%. Untrained humans scored 100%.

That’s not measuring raw intelligence. It’s measuring exactly what the Dallas Fed means by tacit knowledge: reading an unfamiliar situation and figuring out what matters.

This explains why the data looks so contradictory. Computer systems design employment is down 5% since ChatGPT. Computer systems design wages are up 16.7% over the same period. In the same sector, at the same time: fewer jobs, higher pay. What that tells us is that the junior-level volume work is being compressed, and the experienced-level judgment work is getting more valuable — and the split between them is widening.

The three-way sort

Harvard Business School researchers analyzed 900+ occupations and 19,000+ job tasks between 2019 and March 2025. They found a 13% decline in job postings for automation-prone occupations since ChatGPT launched. In the same period: a 20% growth in demand for analytical, technical, and creative roles.

This isn’t a labor market that’s contracting. It’s one that’s splitting, and the gap between the halves is getting wider.

A financial services firm that used to hire four junior analysts to research companies and build initial models now hires two senior analysts who use AI to do the research and modeling work that the juniors would have done. The senior analysts’ salaries are higher. The junior analyst positions were never posted. The unemployment rate never moved.

The data points toward three distinct groups.

*A caveat before we go further: I take Anthropic’s studies on its own users with a grain of salt. Some of the findings read like McKinsey publishing research that McKinsey-style engagements deliver above-market returns. We’ve all seen that slide. We all mentally discount it.

The first is the early adopters who already have domain expertise. They’re winning, and the numbers aren’t subtle. Top 10% AI-exposed industries saw 8.5% wage growth. The higher the hourly wage of the occupation, the more likely workers are to be using Claude’s most capable model (Opus). Every $10 more per hour in wages is associated with 2.8 percentage points more Opus usage in professional contexts. They’re not just using AI — they’re using it better, on harder problems, and getting paid more for it. I do agree there is a significant difference in model capabilities of free vs paid accounts.

The second group is new entrants trying to break into AI-exposed fields. The entry-level positions that would have given them tacit knowledge — the junior analyst work, the associate roles, the early-career coding jobs — are being compressed by AI before they can get there. Job-finding rates in their target occupations dropped 14%. The career ladder still exists. The bottom rungs are just gone.

The third is experienced workers who haven’t figured out AI yet. They’re not being displaced today — their tacit knowledge still commands a premium. But the IMF found that in regions with high AI skill demand, employment in AI-exposed occupations with low human-AI complementarity (where the work doesn’t benefit much from pairing with AI) is 3.6% lower after five years. If that experience is valuable because it represents the old way of doing things — not because it pairs well with AI — the protection has an expiration date. There is still a market for COBOL programmers.

What the latest Anthropic data adds

On March 24, Anthropic published the newest edition of its Economic Index, titled “Learning Curves.” The central finding: high-tenure Claude users achieve 3-4 percentage points higher success rates in their conversations — after controlling for task type, model choice, language, use case, and country.

With that caveat in mind, the compounding finding still tracks with what the independent research shows. AI fluency is a compounding skill.

Not because experienced users are doing harder things — they’ve developed habits and strategies that produce better outcomes on the same tasks.

Someone who started using Claude seriously a year ago isn’t just 12 months ahead. They’re qualitatively better at getting value from it, in ways that persist even when we control for everything else.

That’s the compounding effect. It doesn’t close on its own. Every month of serious usage widens the gap between someone who’s been at it and someone who hasn’t started.

The report also shows that average task value on Claude.ai is declining — from $49.3 to $47.9 in hourly wage terms — as mass-market users arrive with simpler tasks. The averages are dropping while the skill ceiling keeps rising. Both at the same time.

49% of jobs have now seen at least 25% of their tasks performed using Claude. We’re not early anymore. And yet, for computer and mathematical occupations — the most exposed cohort — observed AI usage is at 33% of what it’s theoretically capable of. The ceiling is 94%.

Let that percolate for a second. At one-third of theoretical capacity, we’re already seeing visible entry restriction and a widening skill premium. The full disruption hasn’t started.

ARC-AGI-3 defines where that ceiling stops. The compounding fluency advantage from Learning Curves accrues within known, structured domains — the kind of work AI has already been engineered to assist with.

On genuinely novel, unscaffolded tasks, the gap between AI and an untrained human is still near-total.

The 94% theoretical disruption ceiling assumes AI is operating within human-built scaffolding. Outside it, the floor drops fast.

So what do we do with this

Most organizations are watching the macro data and concluding things are fine. Total employment is up. Unemployment is stable. The “Great Recession” didn’t arrive on schedule.

The macro data is measuring the wrong thing.

The disruption likely is in the talent pipeline. The junior-level talent that organizations rely on to grow senior-level capability isn’t forming at the rate it used to. In five years, the shortage of people who learned by doing the work that AI now does will be a real constraint — and it won’t show up in any dashboard until it’s already a problem.

That compounding skill gap is the most urgent message.

People who’ve been using AI seriously for a year are already meaningfully more productive than colleagues who started six months later. That gap won’t close on its own. If we’re not measuring it, we’re ignoring it.

Most hiring strategies still assume a steady flow of entry-level talent in AI-exposed roles. The pipeline is narrower than it was two years ago. The junior analyst, junior developer, and junior research roles that used to absorb new graduates are posting less frequently. The people who would have taken those paths are taking different ones.

And the experienced-but-AI-naive (not AI-native) workers? They’re the highest-risk cohort in year 3-5, not year 1. Their tacit knowledge is real and valuable today. But they haven’t paired it with AI fluency, which means we’re getting experienced judgment without the productivity multiplier.

When those workers eventually retire or leave, there may not be a junior pipeline ready to replace them.

To be fair

To be fair, there’s a legitimate version of the skeptical case. The 22-25 cohort employment numbers in AI-exposed occupations declined between 2022 and 2025 — but that window also covers the unwinding of one of the most unusual hiring environments in recent memory. Tech companies hired aggressively through 2021 and into 2022 on the assumption that zero-interest-rate conditions and pandemic-driven demand would persist. They didn’t.

The correction that followed — tens of thousands of layoffs across the sector, hiring freezes at companies that had tripled their headcount in two years — would have depressed entry-level employment regardless of what Anthropic shipped in November 2022. The Dallas Fed data shows the mechanism is lower inflow, not mass layoffs, which is what you’d expect from both an AI-driven structural shift and a post-bubble hiring freeze.

Separating the two is genuinely difficult.

There’s a second skeptical argument worth taking seriously, and ARC-AGI-3 actually hands the skeptics some ammunition.

Researchers testing Opus 4.6 with a hand-crafted task harness on a familiar environment found 97% accuracy. The same model, same harness, on an unfamiliar environment: 0%. That collapse suggests the disruption may be bounded where AI performs well on codified tasks when human engineers have built the scaffolding around it. Without that scaffolding, in genuinely novel contexts, the capability evaporates.

Jobs that look codified on a job description but regularly involve novel situations may be more durable than the theoretical automation percentages suggest.

What makes the AI hypothesis more than just a convenient narrative is what’s happening to wages at the same time as the headcount contraction. If this were purely a post-bubble correction, you’d expect wages to track employment down — or at minimum to flatten. Instead, computer systems design wages are up 16.7% over the same period that employment declined 5%. The experienced workers who remained got paid more. The junior roles being eliminated weren’t just cyclical budget cuts; they were being replaced by something. The wage premium for survivors, sustained across multiple research sources with different methodologies, is the signal that survives the skeptic’s objection.

We’ve been stuck on a binary — replacement or augmentation. The data says it’s something more specific. A three-way sort, happening at the entry point rather than the exit. That’s the question worth sitting with: which side of the sort are the people around us landing on?

References:

Anthropic Economic Index: “Learning Curves” — March 24, 2026 (https://www.anthropic.com/research/economic-index-march-2026-report)

Anthropic Economic Index: “Labor Market Impacts” (https://www.anthropic.com/research/labor-market-impacts)

Harvard Business School: “Displacement or Complementarity?” via HBR — March 2026 (https://hbr.org/2026/03/research-how-ai-is-changing-the-labor-market)

Dallas Fed: “AI is simultaneously aiding and replacing workers” — February 2026 (https://www.dallasfed.org/research/economics/2026/0224)

Dallas Fed: “Young workers’ employment drops in high AI exposure occupations” — January 2026 (https://www.dallasfed.org/research/economics/2026/0106)

IMF: “New Skills and AI Are Reshaping the Future of Work” — January 2026 (https://www.imf.org/en/blogs/articles/2026/01/14/new-skills-and-ai-are-reshaping-the-future-of-work)

Goldman Sachs: “How Will AI Affect the US Labor Market?” — March 2026 (https://www.goldmansachs.com/insights/articles/how-will-ai-affect-the-us-labor-market)

ARC Prize: “ARC-AGI-3 Launch” — March 25, 2026 (https://arcprize.org/blog/arc-agi-3-launch)

ARC Prize: “ARC-AGI-3 Preview: 30-Day Learnings” (https://arcprize.org/blog/arc-agi-3-preview-30-day-learnings)

AI Waypoints: Week of March 17, 2026 — Edition #2

Karthik’s AI Wanderlust — Tue, 24 Mar 2026 14:57:16 GMT

Good morning. This week’s signals hit the scaffolding around enterprise AI — regulatory frameworks are being redrawn, major vendors are restructuring, and the security layer for AI agents has a 36.7% failure rate.

1. White House Drops National AI Framework — Calls for Federal Preemption of All State AI Laws

What happened: On March 20, the Trump administration released a four-page National Policy Framework for AI, directing Congress to establish a single federal standard that would preempt all state-level AI laws. The framework explicitly calls for blocking states from imposing liability on AI developers for third-party misuse, proposes regulatory sandboxes, faster data center permitting, and no new federal AI regulatory body. It is a declaration of intent, not legislation — Congress still has to act.

Why it matters: If enacted, this eliminates the patchwork compliance problem — no more tracking Colorado, California, Texas, and Illinois AI rules in parallel. But it also removes the strongest enforcement mechanisms we currently have. The more likely near-term outcome is a split: federal preemption stalls in Congress while state laws continue accumulating. Enterprise compliance architecture built for a single federal standard will need to flex both directions.

What to do: Brief your legal and compliance teams on the framework’s seven pillars this week. Map which state AI laws affect your operations — Colorado AI Act, California, Illinois Biometric Information Privacy Act (BIPA), and Texas DAIA are the most active right now. Don’t pause compliance work on the assumption that preemption will pass quickly. Congress rarely moves fast.

2. IBM Closes $11B Confluent Acquisition — Real-Time Data Is Now the Enterprise AI Infrastructure Play

What happened: IBM completed its acquisition of Confluent on March 17, creating an integrated stack from mainframe (IBM Z) to data streaming (Confluent/Kafka) to AI application layer (watsonx). Confluent serves 6,500+ enterprises, including 40% of the Fortune 500. The deal enables mainframe transactional data to stream directly into AI workflows via Confluent connectors, a connection that used to require a lot of custom plumbing.

Why it matters: This is a data infrastructure landgrab dressed as an AI acquisition. We’re watching the argument play out in real dollars: real-time data streaming, not model capability, is what’s blocking production AI and agent deployments. Financial services and insurance firms on mainframes should pay close attention — IBM just made the path from legacy to AI much easier, and much more locked-in. Kafka alternatives like Redpanda and AWS MSK are worth keeping in your back pocket.

What to do: If you run Confluent or Kafka today, check your contract terms and renewal timeline. IBM acquisitions typically bring pricing changes within 12-18 months of close and historically it trends one way - up! If you’re planning agentic AI deployments, assess whether your data infrastructure can deliver real-time feeds.

Mainframe shops: request an IBM briefing on the Z-to-watsonx pipeline now, before the sales motion changes.

3. Microsoft Restructures Copilot Leadership After Slow Adoption

What happened: Microsoft announced on March 17 that it’s unifying commercial and consumer Copilot teams under a new leader, Jacob Andreou (ex-Snap). Mustafa Suleyman was pulled back from overseeing all Microsoft AI and refocused specifically on model development. CNBC reported the restructuring was driven by “slower-than-expected adoption.” Suleyman’s statement, “most of the future value is going to accrue to the model layer,” is a notable reversal from Microsoft’s previous position that the application layer matters most.

Mustafa’s book - The Coming Wave is a great read!

Why it matters: When a vendor restructures leadership because of slow adoption, that’s a product-market fit signal, not just org design. The consumer-commercial unification also suggests Microsoft may blur the line between personal and enterprise Copilot — which could create headaches for IT teams managing what data flows where. Suleyman’s comment about model-layer value deserves a bookmark: if Microsoft pivots strategy under new leadership, the Copilot roadmap customers committed to could look different in 12 months.

What to do: If you’re a Copilot customer, request a roadmap briefing from your Microsoft account team. Leadership changes tend to either accelerate or kill specific features. If you’re still evaluating, extend your pilot period rather than committing now. Watch for pricing adjustments in the next 90 days. Especially there are opportunities with the introduction of E7 licensing that includes Agent 365 licensing.

4. MCP Servers Have a 36.7% Vulnerability Rate — Patch Your Azure Tools Now

What happened: BlueRock Security scanned 7,000+ Model Context Protocol (MCP) servers — the standard for connecting AI agents to enterprise tools and data — and found 36.7% vulnerable to server-side request forgery (SSRF). Their research showed that Microsoft’s MarkItDown MCP server allowed arbitrary calls enabling privilege escalation, data leakage, and full cloud infrastructure takeover. Microsoft patched CVE-2026-26118 (CVSS 8.8, near the top of the severity scale) in Azure MCP Server Tools on March 10. A separate critical SSRF-to-remote-code-execution (RCE) attack chain was also found in the most widely deployed Atlassian MCP server (CVE-2026-27825).

Why it matters: If teams are deploying MCP servers without a security review, there’s a real chance of SSRF exposure right now. This is the early cloud misconfiguration pattern all over again: fast adoption, no established security baseline, vulnerabilities that look minor until they’re catastrophic.

What to do: Inventory all MCP server deployments in your environment immediately. Apply Microsoft’s March patches for Azure MCP Server Tools. Set up a security review gate before any new MCP server goes live. BlueRock’s MCP Trust Registry is one option for vetting third-party servers. Don’t wait on this one.

5. NVIDIA Launches Enterprise Agent Toolkit — 17 Major Software Vendors Already Adopting

What happened: At GTC 2026 on March 16, NVIDIA launched its Agent Toolkit: an open-source stack including Nemotron (agentic reasoning models), AgentIQ (enterprise knowledge integration), and OpenShell (policy-based security runtime for autonomous agents). Seventeen enterprise software vendors announced adoption, including Adobe, Atlassian, Box, Cisco, CrowdStrike, Salesforce, SAP, and ServiceNow. The architecture routes complex tasks to frontier models while delegating routine work to Nemotron, with NVIDIA claiming 50%+ cost reduction.

Why it matters: NVIDIA is positioning itself as the orchestration layer between enterprise software and AI models, not just the GPU vendor. If 17 major platforms adopt this toolkit, NVIDIA could answer the “how do I connect agents to enterprise apps” question before Microsoft, Google, or Anthropic do. The hybrid routing model (frontier plus open-source) is also the first vendor-backed implementation of the cost-arbitrage strategy many enterprise teams want but haven’t been able to build themselves.

What to do: If you use any of the 17 adopting platforms, ask your vendor reps when AgentIQ and OpenShell integration reaches general availability (GA). Evaluate whether NVIDIA’s orchestration layer competes with or complements your existing Microsoft or Anthropic investments. Benchmark NVIDIA’s 50% cost claim against your actual agentic AI spend before buying into the architecture.

6. Atlassian Cuts 1,600 Jobs Citing AI — “AI-Washing” Debate Intensifies

What happened: Atlassian announced 1,600 layoffs (10% of its workforce) on March 11 to “self-fund” AI and enterprise sales investments. CTO Rajeev Rajan stepped down the same day. CEO Mike Cannon-Brookes stated it would be “disingenuous to pretend AI doesn’t change the mix of skills needed.” The announcement follows Block’s 4,000-person cut (40% of workforce) in late February. Both companies saw stock prices rise, and both earned the “AI-washing” label from analysts who view the AI rationale as cover for traditional cost reduction. Expected charges: $225-236M.

Why it matters: Whether the AI justification is genuine or not, the market is rewarding AI-labeled headcount cuts. That pressures every enterprise to have an AI workforce strategy on paper, regardless of what’s actually driving decisions. For Atlassian customers: a 10% workforce cut plus CTO departure during an announced AI pivot is a product risk signal. Rovo’s AI agent roadmap has to survive this transition.

What to do: Watch your vendors’ earnings calls for AI-justified restructuring — it often signals product roadmap instability. Internally, get ahead of the AI-washing label by tying any AI-related workforce changes to measurable productivity data before announcing them. If you’re an Atlassian customer, ask your account team explicitly whether the Rovo agent timeline is still on track post-restructuring.

7. Anthropic Sues the Pentagon — Hearing Today Over “Supply Chain Risk” Designation

What happened: Anthropic sued the DOD after being designated a “supply chain risk” following a breakdown in contract negotiations. The dispute centers on use restrictions — Anthropic sought limits on surveillance and autonomous weapons applications, while the DOD deemed those conditions incompatible with operational requirements. The DOD subsequently signed a deal with OpenAI. Court filings from March 20 revealed the Pentagon told Anthropic the two sides were “nearly aligned” just one week before the designation was issued. A preliminary injunction hearing is scheduled for today, March 24, in San Francisco.

Why it matters: This is no longer a government procurement story. It tests whether an AI vendor can legally enforce ethical use restrictions on a customer. If Anthropic loses, every AI vendor’s acceptable-use policy gets weaker at the negotiating table. If Anthropic wins, vendors gain real leverage to restrict how their models are deployed. Either outcome touches the AI vendor contracts we’re negotiating right now. The OpenAI-as-government-alternative dynamic also raises the possibility of a preferred federal vendor emerging.

What to do: Review the acceptable use and ethical use clauses in your AI vendor contracts. Understand whether your vendors have the legal standing to restrict how you deploy their models and whether those clauses apply to your specific use cases. If you’re running multi-vendor, assess concentration risk if government actions expand to affect commercial availability.

8. EU Agrees to Simplify the AI Act — High-Risk Deadline Could Slip 16 Months

What happened: On March 13, the EU Council adopted its negotiating position on “Omnibus VII,” a package to simplify the AI Act. Key changes: the high-risk AI compliance deadline (currently August 2026) may be extended by up to 16 months; exemptions for small and medium enterprises (SMEs) expand to small mid-cap companies; more sensitive personal data processing is permitted for bias detection; and the AI Office receives stronger enforcement powers. The European Parliament supported the postponement on March 16. Trialogue negotiations between the Council and Parliament are next.

Why it matters: If you’ve been racing to hit the August 2026 high-risk compliance deadline, there may be breathing room ahead. But the rules aren’t going away. The SME exemption expansion also means smaller vendors and supply chain partners face less regulatory pressure, which could affect how we assess third-party AI governance. The bias detection carve-out for sensitive data processing matters most for HR tech, hiring tools, and any AI touching protected characteristics.

What to do: Don’t stop EU AI Act compliance work — the delay isn’t final until trialogue concludes. Update your compliance timeline with two scenarios: August 2026 (no change) and December 2027 (16-month extension). If you deploy AI in hiring or HR, review the bias detection data processing changes with your Data Protection Officer (DPO) before assuming the carve-out applies.

9. OpenAI Is Building a Desktop “Super App” — ChatGPT, Codex, and a Browser in One

What happened: OpenAI is developing a unified desktop application that merges ChatGPT, Codex (coding), and Atlas (AI browser) into a single environment under CEO of Applications Fidji Simo and President Greg Brockman. The goal is to keep users in one app for chat, coding, research, and multi-step agentic tasks. Bloomberg reported on March 20 this is a direct response to Anthropic’s Claude Code and Claude Desktop gaining ground with developers. No launch date has been announced.

Why it matters: The AI interface war is moving from the browser tab to the desktop OS layer, just like Slack, Teams, and Zoom before it. For enterprise IT, an always-on AI desktop agent raises obvious questions: what local data can it access, will it be part of ChatGPT Enterprise or a separate license, and how fast will developers install it whether IT approves or not. Shadow AI at the endpoint is harder to catch than browser-based usage.

What to do: Add AI desktop agents to your next endpoint governance review. Draft an acceptable use policy for AI desktop applications before they ship. If you’re already governing Claude Desktop or Microsoft Copilot at the desktop level, extend the same framework proactively to cover OpenAI’s upcoming product.

10. Anthropic Launches a Research Institute for AI’s Economic and Societal Impact

What happened: Anthropic launched The Anthropic Institute on March 11, merging its Frontier Red Team, Societal Impacts, and Economic Research teams under co-founder Jack Clark. New hires include Matt Botvinick (ex-Google DeepMind, Yale Law) and Anton Korinek (AI economics). Focus areas are AI labor market displacement, AI and the legal system, and forecasting AI progress. The institute will “engage directly with workers facing job loss,” an unusually concrete commitment for a frontier lab.

Why it matters: Anthropic is building the “responsible AI vendor” brand, and the research outputs give enterprise customers something to cite in their own AI impact assessments. The labor market research lands squarely on anyone building an AI workforce strategy — vendor-backed economic data you can reference (or push back on) is useful. The Frontier Red Team integration also means Anthropic’s safety testing could become more visible and auditable, which shifts how enterprise due diligence conversations play out.

What to do: Keep an eye on the Anthropic Institute’s publications — their labor market and legal system research will likely produce data points you can use in AI business cases and risk assessments. If you’re an Anthropic customer, ask whether Institute red-team findings will show up in Claude’s enterprise safety documentation and whether you’ll get access for vendor reviews.

What did I miss? If you’re seeing signals from your vertical that didn’t make this edition — especially in financial services, healthcare, or manufacturing — hit reply.

Past Editions:

AI Waypoints — Edition #1: Week of March 10, 2026

References:

The Speakeasy Problem: Why Banning AI at Work Guarantees You Lose Control of It

Karthik’s AI Wanderlust — Tue, 24 Mar 2026 12:40:12 GMT

ChatGPT has 900 million weekly active users. That’s more than 10% of the global population — one of the fastest consumer technology adoptions on record. Only 38% of US employees say their employer has integrated AI into their workflows.

That gap isn’t a staffing problem or a budget problem. It’s a policy failure producing exactly the outcome it was designed to prevent.

I covered the what in Secret Cyborgs Are Already Running Your Company. This is the why, and the only exit that actually works.

Consumer adoption is an enterprise roadmap with a 12-month delay

The a16z Top 100 consumer AI apps list has become an accidental enterprise IT forecast. Tools that dominate consumer usage — ChatGPT, Claude, Notion AI, coding assistants — tend to show up in enterprise procurement cycles roughly a year later. Not a guaranteed rule, but consistent enough to plan around. Notion AI’s attach rate surged from 20% to over 50% in a single year. Claude paid subscriptions grew 200% year-over-year.

Employees adopt consumer AI tools at home, bring them to work, IT discovers the usage, and the organization scrambles to respond. Harmonic Security tracked 665 distinct AI tools running inside enterprise environments. Not 6. Not 60. Six hundred and sixty-five.

ELI5: Think of the a16z consumer AI list like a restaurant that’s packed every night. Within a year, a franchise version opens in every office park. The consumer version proves demand; the enterprise version plays catch-up.

What matters is how organizations respond.

Prohibition created speakeasies. AI bans create shadow AI.

When the United States banned alcohol in 1920, speakeasies outnumbered the saloons they replaced by two to one. Enforcement didn’t reduce consumption. It pushed usage underground, created more dangerous products (bathtub gin killed people), enriched criminal networks, and corrupted the institutions meant to enforce the law. I am however a fan of the modern speakeasies.

The parallel to enterprise AI bans is almost exact. Twenty-seven percent of organizations have tried outright AI bans. Among those organizations, 48% of employees still paste sensitive data into uncontrolled AI tools.

The ban didn’t stop usage. It destroyed visibility.

IBM’s 2025 Cost of Data Breach report quantified the damage: shadow AI breaches cost $4.63 million on average, a $670,000 premium over standard breaches. And 97% of organizations that experienced AI-related breaches lacked access controls. They weren’t breached because AI is inherently dangerous. They were breached because prohibition weakened the governance layer.

In practice: A lawyer pastes a client’s contract into free-tier ChatGPT to summarize key terms. Thirty seconds of work, zero IT visibility, potential privilege waiver. A hospital’s billing team uses an unapproved AI tool to appeal insurance denials. Fifty-seven percent of healthcare professionals report encountering unauthorized AI in their workflows. A retail chain’s merchandising analyst uploads proprietary sales data to a personal AI account to build forecasts. In every case, the employee is trying to do their job faster. The organization just made it impossible to do that safely.

Harmonic Security found that 16.9% of sensitive data exposures — roughly 98,000 instances — occurred through personal free-tier AI accounts. Not enterprise tools with audit logs.

Personal accounts with no data retention policies, no access controls, and no way for IT to even know it happened.

The “approved catalog” is already obsolete

The obvious response to shadow AI is a catalog of pre-approved tools. Give people a sanctioned option and they’ll stop using the unsanctioned ones.

That logic did work in healthcare where one system provided approved AI alternatives and unauthorized usage dropped significantly.

But catalogs only govern standalone AI tools. The problem has already moved past them.

Gartner projects that 40% of enterprise applications will embed task-specific AI agents by the end of 2026, up from less than 5% in 2025.

Zscaler found that 3,400+ applications now generate AI traffic, a fourfold increase. Salesforce has Einstein.

Microsoft has Copilot baked into Office.

Slack, Salesforce, Workday, Notion, Jira, ServiceNow — every SaaS tool in the stack is embedding AI features that activate by default.

ELI5: Approving standalone AI tools is like carding people at the front door of a bar. SaaS-embedded AI (AI features built directly into software your company already approved) is alcohol showing up pre-mixed in the water supply. You can’t card the faucet.

Enterprises that blocked 39% of AI access attempts (per Zscaler) were blocking standalone tools. The AI embedded inside their already-approved SaaS stack sailed right through. Front door locked, walls made of glass.

In practice: An HR team’s approved recruiting platform ships an AI screening feature in a Tuesday update. No procurement review, no security assessment, no policy check. A finance team’s forecasting tool adds an “AI insights” tab that sends anonymized (but reconstructible) data to a third-party model. A customer service platform embeds an AI agent that auto-responds to tickets using data from the company’s knowledge base. All three are “approved” tools. None of the AI features inside them were approved.

The MDM moment for AI

The transition from chaos to governance is already happening. Netskope reports that personal AI account usage dropped from 78% to 47% in one year, while organization-managed accounts climbed from 25% to 62%.

Same shift that played out with BYOD. Intel popularized the term in 2009 when employees brought personal smartphones to work. IT banned them, mobile device management (MDM) solutions emerged by 2012, and by 2018 only 17% of enterprises still provided phones to all employees.

AI is following the same arc, faster.

ELI5: MDM let IT say “fine, bring your phone, but we manage the work apps on it.” We need the same deal for AI: use it, but through a governed channel where we can see what’s happening.

Governed access requires three layers, not one:

Layer 1: Governed standalone access. Build the catalog of approved AI tools, but deploy in 30 days, not 12-month procurement cycles. Goldman Sachs made its multi-model AI assistant available to all 46,000+ employees in mid-2025 and now sees over a million prompts per month. At roughly $60 per user per month for ChatGPT Enterprise, a 2,000-person deployment runs about $1.44 million annually. That’s real money.

It’s also less than a third of what one shadow AI breach costs.

Layer 2: SaaS-embedded AI policy management. The catalog doesn’t cover the 3,400+ apps generating AI traffic inside the stack. This is the Zscaler/Netskope layer — continuous monitoring of AI features activating within approved SaaS tools, with policy enforcement at the network level.

If Salesforce ships a new AI feature, IT needs to know about it before employees start feeding it customer data.

Layer 3: Agent identity governance. AI agents are coming. They’ll book meetings, process invoices, triage support tickets, and access sensitive systems. available via Microsoft Agent 365, going GA May 1, 2026, extends enterprise identity governance to AI agents: conditional access policies, lifecycle management, and a human sponsor accountable for what each agent does.

ELI5: Think of agent identity like a contractor badge system. Every AI agent operating in the enterprise needs a badge (identity), a list of rooms it can access (permissions), and a full-time employee who signed for it (sponsor). No badge, no access.

Without all three layers, governance has blind spots. A catalog alone, while a great start, covers Layer 1.

Most enterprises haven’t started on Layers 2 and 3, and Layer 3’s governance infrastructure doesn’t exist yet for most organizations. The agents will arrive before the controls do, which is exactly how shadow AI started.

To be fair, there’s a scale problem baked into this prescription.

Goldman Sachs built a firewalled, multi-model AI assistant and made it available to 46,000 employees. Goldman has a dedicated AI engineering team, effectively unlimited technology budget, and Marco Argenti running the architecture.

The three-layer model assumes budget for enterprise AI licensing, continuous SaaS monitoring tooling, and agent identity management simultaneously.

Most mid-market enterprises — the ones where shadow AI risk is highest — don’t have the headcount, the vendor leverage, or the budget to stand up all three layers at once.

The honest sequencing is: Layer 1 first (get people a governed tool within 30 days), Layer 2 when the next SaaS renewal cycle hits (negotiate AI feature visibility into your contracts), and Layer 3 when the tooling matures past its first production year.

That means living with governance gaps for 12-18 months. Still better than the current default: zero governance, indefinitely.

Your employees already made the decision to use AI at work. The only question left is whether you’ll have any visibility into how.

References:

The real SaaS killer isn't AI. It's the startups that never had per-seat pricing.

Karthik’s AI Wanderlust — Fri, 20 Mar 2026 14:08:05 GMT

Microsoft 365 E7 dropped March 9. $99 per user per month. The biggest new enterprise licensing tier since E5 in 2015. Per-seat pricing. From the company whose CEO keeps saying SaaS will dissolve into agents.

A few weeks ago I wrote about the SaaSpocalypse — the $285B selloff and what it actually means for enterprise software. That piece got people talking, and two weeks of pressure-testing it sharpened the picture in three places. The thesis holds. But the threat model, the survival line, and the pricing transition are all messier than the perception that there is a clean narrative.

Time to add more definition.

The threat isn’t vibe-coders

Kian Katanforoush, who runs Workera’s AI skills assessments, said it plainly:

“Where is that vibe-coded Salesforce replacement? Who has used it? Nobody.”

A weekend project that replaces a login screen is not a product. Products have permissions, audit trails, integrations, and years of workflow logic baked into them.

But here’s what’s actually happening. Oro Labs closed a $100M Series C for AI-native procurement on March 12. 300% revenue growth, 150% net revenue retention, Fortune 500 clients including Coca-Cola and Pfizer. Translucent raised $27M for AI-native healthcare finance. Seventeen US-based AI companies raised $100M or more in the first two months of 2026. These aren’t weekend projects. They’re purpose-built systems that never had a per-seat model to begin with.

And then there’s Cursor. It hit $2B in ARR, adding roughly $1B in about three months. More than 64% of the Fortune 500 uses it. Salesforce reported that 90% of its 20,000 developers are on Cursor, driving 30%+ improvements in development velocity.

So no, some marketing manager’s Claude CRM isn’t the threat we should be watching. It’s well-funded, AI-native companies that skipped per-seat pricing entirely.

The survival line moved

The split that matters is between multi-party coordination systems and single-user productivity tools. When Anthropic showed agents creating Excel and PowerPoint files without opening Office apps, SiliconANGLE flagged the implication: Nadella’s own thesis threatens Office most directly. If an agent can produce the spreadsheet, the slide deck, the report — the application becomes optional.

Systems that coordinate work between people and enforce governance? Much harder to dissolve.

Atlassian is showing what the survival playbook looks like. On March 12 they cut 1,600 jobs (10% of the workforce) while simultaneously embedding agents directly into Jira under existing permissions. Cut the people, embed the agents, keep the coordination layer. Not a contradiction — that is the strategy.

ELI5 — What’s MCP? Think of MCP (Model Context Protocol) as a USB port for AI agents. Before USB, every printer needed its own cable and driver. MCP is the standard plug that lets any AI agent connect to any enterprise tool (CRM, database, file storage) without custom wiring for each one.

The MCP 2026 roadmap published March 9 lays out the priorities: transport scalability, agent communication, and enterprise features like audit trails and SSO. OpenAI acquiring Promptfoo the same day (automated security testing and compliance for agent deployments) tells us where the value is going. OpenAI didn’t buy to make a better model. They bought the governance layer.

ELI5 — The governance layer: The rules and controls sitting between AI agents and our company data. Think of it as the bouncer at the door: checking who gets in, what they can touch, and logging everything they do. It doesn’t do the work. It decides whether the work is allowed to happen.

The EU AI Act’s high-risk compliance deadline hits August 2, 2026. Most of us don’t have a proper inventory of our AI systems yet. That governance gap is where the next enterprise software category gets harder to unplug.

The pricing picture got messy

This is where it gets really interesting.

Forrester’s latest data: seat-based pricing fell from 21% to 15% of the SaaS market in a single year. Hybrid and usage-based models surged to 41%. Chargebee reports 43% of companies now use hybrid pricing, projected to hit 61% by end of 2026.

ELI5 — Consumption vs. outcome pricing: Consumption-based is like the electric bill — we pay for kilowatt-hours, whether we left the lights on in an empty room or not. Outcome-based is like paying a contractor only when the house passes inspection.

SAP: consumption pricing for tools nobody loves yet

SAP CEO Christian Klein announced consumption-based AI pricing. The largest enterprise software company in Europe moving away from per-seat for AI workloads. Notice the word: consumption, not outcome. We pay for what the AI processes, not what it achieves. This came three weeks after Bloomberg reported SAP customers calling Joule “difficult to use, limited and not worth the price.” Consumption pricing for tools customers aren’t sold on yet. That’s a specific kind of bet.

Salesforce: four models and counting

Salesforce is running four pricing models simultaneously: Flex Credits, $2/conversation, per-user tiers from $5 to $550/month, and the new Agentic Enterprise License Agreement (AELA), bundling unlimited Agentforce, Data Cloud, and MuleSoft starting around $125/user/month. CRO Miguel Milano said Salesforce is “OK with losing money on some AI deals.” Sounds generous until you read Gartner analyst Hannah Decker’s warning that AELA contracts “will be converted into defined quantity contracts at the end of the agreement.” The vendor can change the consumption multiplier at renewal. Subsidized lock-in now, monetization later.

Oracle and the mid-tier hedgers

Workday and ServiceNow ($600M ACV) are hedging with bundled credits. Oracle co-CEO Mike Sicilia said on the March 10 earnings call: “We are the disruptor because we are actually embedding the AI right into our applications, full stop, at no additional cost.” Oracle absorbs the AI cost and bets on OCI infrastructure revenue instead.

Microsoft: the $99 anchor with a hidden meter

And then there’s Microsoft. E7 bundles Copilot, Agent 365, and the full security stack at $99/seat, roughly a 65% premium over E5, based on analyst estimates. But agent workload consumption through Copilot Studio and Microsoft Foundry sits outside that $99. Some analyst estimates put agent-heavy Microsoft deployments above $200/user/month in effective cost. The per-seat price is the anchor. The consumption meter runs alongside it.

In practice: Say we’re renewing enterprise agreements this quarter. Microsoft gives us a predictable $99/seat number the CFO can model. SAP tells us to budget based on AI consumption nobody can forecast. Salesforce offers four pricing structures depending on which sales team we talk to. Oracle says AI is free, but the infrastructure bill is climbing. Each vendor is pricing its own strategic anxiety, not our budget cycle.

Here’s what jumped out at me: every vendor is hedging, except SAP (mandating) and Oracle (absorbing). And the strongest per-seat commitment came from the company most vocal about the agent thesis. Microsoft!

The productivity evidence isn’t helping

The productivity case isn’t settling it either. Goldman Sachs found no meaningful relationship between AI adoption and productivity economy-wide. Deloitte’s 2026 State of AI: 74% of organizations want AI to grow revenue, only 20% have seen it happen. McKinsey: 88% deploying AI, 1% calling their strategy “mature.” So the industry is asking us to move from a pricing model we understand to one nobody can define yet, and the productivity evidence stays mixed.

And we’ve seen this movie before. Adobe’s perpetual-to-subscription shift took the better part of a decade. Microsoft still sells perpetual Office licenses fifteen years into 365. Pricing model transitions in enterprise software don’t end cleanly. The messy middle sticks around longer than anyone budgets for.

To be fair

Every vendor running multiple pricing models might be doing exactly the right thing.

From the buyer’s side, pricing ambiguity is leverage. The moment a vendor commits to consumption-only, our costs become variable and our budget forecasts get harder, which is exactly the unpredictability that SaaS subscriptions were invented to solve.

The incumbents are doing fine. On March 10, Deutsche Bank upgraded enterprise software to Overweight, declaring AI disruption fear has reached “capitulatory peak.” U.S. software earnings grew 29% year-over-year in Q4 2025, but the IGV software ETF fell 20% year-to-date. Not a single software company expects a negative revenue effect from AI in 2026. The stock market is pricing panic. The earnings statements are pricing growth.

And the governance layer argument is real, but building it now means coupling to protocols that are still publishing their own roadmaps. Sometimes the right move is to wait. Not because we’re behind, but because the foundation hasn’t set yet.

So what do we do with this?

The original thesis holds. The specifics are sharper now. And there’s a name for what comes next: PitchBook’s Q1 2026 analyst note calls it “Service-as-Software” — vendors selling completed work outcomes instead of tool access. $65B market today, $190B by 2030. Intercom’s Fin is the proof point everyone keeps citing: $0.99 per resolved ticket, eight-figure ARR, 393% annualized growth. SaaS isn’t dying. It’s molting into something with different economics.

In practice: Say our help desk incumbent charges $50/seat/month for 200 agents. Intercom Fin offers $0.99 per resolved ticket. At 15,000 tickets/month, the math works — but only if “resolved” means actually resolved, not just “responded to.” The definition of the outcome becomes the new negotiation battleground.

This week: Inventory which SaaS tools are single-user productivity (exposed) versus multi-party coordination (defensible). That’s the risk map. Ask every renewing vendor about their consumption pricing roadmap — are they mandating or hedging?

This quarter: Ask the Microsoft rep what happens to costs when agents run outside the E7 bundle. Ask Salesforce which of their four pricing models they’re betting on in five years. Start building the AI governance layer. Not because regulators arrive August 2, but because the coordination layer between our agents and our data is the only durable position.

This year: Watch the AI-native startups in our verticals. The threat isn’t the team vibe-coding a replacement. It’s Oro Labs with $100M in funding and a pricing model that makes our per-seat contracts look like cable TV bundles.

The durable position isn’t surviving the pricing shift. It’s owning the layer every agent has to clear before it touches enterprise data.

What’s your vendor telling you about consumption pricing?

And, honestly do you believe them?

Additional references (not linked inline):

AI Waypoints - Edition #1

Karthik’s AI Wanderlust — Mon, 16 Mar 2026 07:00:59 GMT

Good morning. You’re starting a new week. Here’s what changed while you were away—and what you need to act on before Friday.

1. Per-Seat Pricing Is Dead. Your Contract Model Isn’t.

What happened: Jefferies slashed Workday’s price target by 54% on fears that AI will collapse per-seat SaaS revenue. Workday then beat earnings. The market is pricing in disruption that enterprises aren’t seeing yet.

Why this matters: Your SaaS vendors are panicking about AI cannibalization. That panic creates leverage. If you’re renewing contracts in Q2-Q3, you have an opening to renegotiate pricing models (outcome-based, usage-based, hybrid) before vendors figure out their AI strategy.

What to do: Don’t renew on autopilot. Ask: “If your AI cuts my seat count by 30%, how does our contract adapt?”

Read my full analysis on the SaaSpocalypse →

2. Shadow AI Just Got Measured at Scale

What happened: Harmonic Security analyzed 22.4 million enterprise AI prompts.
Result:

665 distinct AI tools operating in corporate environments.
Only 40% of companies had purchased official subscriptions.
98,034 instances of sensitive data on personal free-tier accounts.

Why this matters: The “80% shadow AI” stat everyone quotes just got evidence. But here’s the buried insight: healthcare orgs that deployed approved AI saw 89% reduction in shadow usage. The problem isn’t that employees use AI. It’s that IT can’t compete with frontier model UX.

What to do: Stop blocking. Start matching. If your approved tool is slower or more restricted than the free tier, you’ve already lost.

3. IBM Terraform Pricing: March 31 Deadline is Real

What happened: IBM’s acquisition of HashiCorp completed Feb 27. Legacy Terraform Cloud free tier (500 resources) discontinued. New pricing: $0.10-$0.99/resource/month. March 31 cutoff for existing free-tier users.

Why this matters: If you’re running 10,000 resources on Premium tier, your annual bill just hit $118,800. Migration risk (state files, team retraining, compliance recertification) is a 6-12 month project. Most teams will absorb the cost rather than migrate. IBM knows this.

What to do: If you’re staying, negotiate now (volume discounts, multi-year lock-in for price protection). If you’re leaving, OpenTofu (open-source fork) is drop-in compatible but requires self-hosting infrastructure. More on this coming soon.

4. a16z Top 100 AI Apps: Your Enterprise Roadmap Just Dropped

What happened: a16z published their March 2025 Top 100 Gen AI Consumer Apps report. ChatGPT dominates (2B monthly visits, 5x larger than #2). Character.AI users average 298 sessions/month (nearly 10x daily). Productivity tools and AI companions are the fastest-growing categories.

Why this matters: Consumer AI adoption patterns predict enterprise worker demands within 12 months. Your employees are using these tools at home. When they come to work Monday and your enterprise AI can’t match the UX, they bring their own tools anyway.

What to do: Treat the a16z list as a preview of your workforce’s expectations. Productivity tools that embed in existing workflows (Chrome extensions) beat standalone apps. Plan accordingly.

5. Vectra AI: 80% Shadow AI + 20% Breach Rate

What happened: Vectra AI’s Shadow AI report (March 2) confirmed 80%+ enterprises have widespread unauthorized AI usage. 20% have experienced a data breach linked to unsanctioned AI tools. Average breach premium: $670,000 (IBM 2025 Cost of Data Breach Report).

Why this matters: Gartner says 69% of employees bypass cybersecurity guidance. Adding more controls doesn’t reduce shadow AI—it just makes it invisible. The BYOD playbook applies: prohibition failed 2010-2015, managed enablement won.

What to do: Minimum Effective Friction > Maximum Control. Give employees AI that works, with guardrails baked in. Gartner predicts 50% of CISOs adopt “human-centric security design” by 2027. Get ahead.

6. Multi-Agent Infrastructure: The Missing Control Plane

What happened: Galileo released Agent Control on March 11, an open-source control plane (Apache 2.0) that lets enterprises enforce AI agent policies centrally—no more hard-coding guardrails into each agent. Launch partners include Cisco, CrewAI, AWS Strands, Glean, and ServiceNow. Zilliz open-sourced Memsearch on March 14—a Markdown-based memory system extracted from viral project OpenClaw. 900 GitHub stars in 48 hours.

Why this matters: If you’re running one AI agent, you hard-code policies and wing the memory. If you’re running 10, you need infrastructure. Agent Control solves governance—one decorator (@control()) turns any function into a policy-enforced decision point. Update PII detection across 50 agents with zero code changes. Memsearch solves continuity—agents that forget context every session are toys, not tools. Markdown files mean human-readable, version-controlled memory.

What to do: Deploying 5+ agents? Start with Agent Control (centralized policies) and Memsearch (persistent memory). They’re the service mesh + database for your agent fleet. Both are open-source (Apache 2.0, MIT)—no vendor lock-in.

The Signal You Might Have Missed

Microsoft quietly validated Anthropic’s entire strategy when Copilot Cowork (their biggest 2026 product launch) shipped with Claude, not GPT-5.x. $13 billion into OpenAI, but the product runs on Anthropic.

Why? Claude Code already has 4% of GitHub commits. Microsoft is betting that developers trust Anthropic for work AI more than OpenAI. That’s an “Intel Inside” moment.

Watch where Microsoft deploys Claude next. It’s your roadmap for which AI vendor your board will approve in 2027.

One Question to Start Your Week

Which of these signals is on your plate this week?

Reply and let me know. I read every response and your answers shape next Monday’s edition.

—Karthik

Next waypoint: Monday, March 24

This is a new weekly series. What signals should I track? Reply and let me know.

Per-Seat Pricing Is Dying. Your SaaS Contract Shouldn't Go With It.

Karthik’s AI Wanderlust — Sat, 14 Mar 2026 18:42:12 GMT

On February 23rd, Jefferies analyst Brent Thill cut Workday’s price target from $325 to $150. DocuSign from $105 to $45. The thesis: AI is eating enterprise software alive. Three days later, Workday reported Q4, beat estimates ($2.47 vs. $2.32), and grew its contracted forward revenue 15.8%. The stock still fell 10%.

That gap between what the market is pricing and what the balance sheet shows? That’s the signal.

Post #11 diagnosed the $285B selloff and asked: is this the death of software, or the death of a pricing model?

What does an enterprise leader actually do with this moment?

The broken logic

JP Morgan nailed the contradiction in a single phrase: “broken logic.” The market is simultaneously pricing in two beliefs

AI will destroy SaaS revenue streams
AI infrastructure spending is overvalued.

Both can’t be true.

If AI agents are replacing enterprise software at scale, the companies building those agents should be worth more, not less. If AI infrastructure spending is a bubble, the SaaS replacement thesis collapses with it.

Gartner forecasts enterprise software spending will grow 14.7% in 2026 to $1.4 trillion. Not shrink. Grow by double digits. Goldman CEO David Solomon called the selloff “too broad.” His own strategist Ben Snider warned of a “newspaper-like decline.” The narrative can’t hold itself together even within the same bank.

Jason Lemkin at SaaStr put it plainly: “The 2026 crash isn’t AI killing SaaS. It’s the market finally pricing in the deceleration that started in 2021.” Nobody is building a homegrown CRM in Replit.

What happened in 2021:
SaaS valuations peaked in November 2021. The median public cloud company traded at 17x forward revenue. Some hit 50x. Three things drove it: zero interest rates made future cash flows worth more today, COVID forced every company to buy remote-work software fast, and headcounts were growing.
Seat-based pricing was a perpetual money machine.
Then the Fed raised rates in March 2022. Higher discount rates collapsed growth multiples overnight. Companies that over-hired in 2020–2021 ran mass layoffs in 2022–2023. Fewer heads meant fewer seats, which meant SaaS renewal conversations that used to be rubber stamps became uncomfortable. The Zylo stat (46% of licenses unused in any given month) isn’t an AI story. It’s the direct artifact of procurement decisions made when headcount projections were rosey-glassed.
By the time AI became the dominant narrative in 2024, the deceleration had been running for three years. The market needed a story that explained falling growth rates without admitting the original multiples were never justified.
AI is a convenient villain for a problem that started with a spreadsheet in 2021.

What’s actually dying

Per-seat pricing is dying. That much is real.

PricingSaaS tracked a 126% YoY surge in credit-based models: 79 companies now offer them, up from 35 at end of 2024. Figma, HubSpot, Salesforce have all moved. Gartner: by 2030, at least 40% of enterprise SaaS spend shifts toward usage-, agent-, or outcome-based pricing.

This isn’t software dying. It’s a billing model dying.

ELI5: Think about your kitchen blender. You didn’t just buy a blender — you built a smoothie habit around it. The recipes, the protein powder next to it, the morning routine. When someone says “AI will replace your blender,” they mean the appliance. Your dependency is on the workflow the appliance sits inside. Replacing the blender is easy. Replacing the habit, the integrations, the muscle memory — different problem entirely.

The average enterprise runs 305 SaaS applications. Zylo’s 2026 index: 46% of licenses go unused in any given month, costing $19.8M to $80.6M annually in shelf-ware.

There’s real fat to cut.

But cutting waste is a procurement exercise, not an existential reckoning.

The Klarna warning

The cautionary tale: Klarna. Their AI chatbot handled 2.3 million conversations in its first month: the workload of 700 agents. Headlines wrote themselves.

Then customer satisfaction fell. Hard.

Klarna started hiring humans back.

This is the pattern Post #12 identified. The headlines say “AI replaces 700 agents” and “company cancels SaaS contract.” What they skip is that the 20% of work that actually drives customer satisfaction (the edge cases, the judgment calls, the escalations) still needs a human. Klarna found that out the hard way.

Gartner thinks 35% of point-product SaaS tools get replaced by AI agents by 2030.

Point products — the single-purpose apps.

Your system of record with 14 integrations and a decade of compliance logic baked in? Much lower risk.

The distinction matters.

Faisal Hoque in Fast Company: enterprise software “encodes the enterprise itself”: decades of business rules, governance structures, compliance requirements.

You can clone the interface. The interface was never the product.

ELI5: It’s like saying “we replaced the filing cabinet with a scanner.” The cabinet is gone, sure. But the organizational system inside it (how things were labeled, who knew where to find what, the tribal knowledge of what goes where) didn’t transfer.
The cabinet cost $200. Re-creating the knowledge cost $200,000.

Three questions for your Q2 renewals

Before you cancel anything (or auto-renew without leverage), ask three questions:

“If this tool disappeared tomorrow, would my team rebuild the workflow or the tool?” If “the workflow” (meaning change how we work), it’s commodity. Replaceable. If “the tool” (meaning replicate its exact behavior), you’ve found a system of record with encoded institutional knowledge. Switching costs are real, and the AI replacement is years away, not quarters.
“What percentage of this tool’s value comes from features we use vs. integrations we’d have to rebuild?” The 54% of licenses still in active use often include deep integrations: APIs, single sign-on, compliance workflows, data pipelines. IDC: enterprises with 10+ integrations on a platform have 40% lower churn. If the answer is “mostly integrations,” you’re paying for connective tissue, not software. Renegotiate the price. Don’t cancel the contract.
“Am I replacing this with a proven AI alternative, or canceling based on something I saw in a demo?” The Klarna reversal is your cautionary tale. AI handles 80% of volume brilliantly and fails on the 20% that drives satisfaction and retention. If you can’t name a production-deployed AI alternative handling your specific workflow at enterprise scale today, renegotiate pricing (you have real leverage) and keep the workflow running while you evaluate.

In practice: A mid-market insurer cancels their contract management platform because “AI can draft contracts now.” Three months later, legal discovers 200+ custom clause templates and 14 compliance workflows were embedded in the old tool. Rebuilding takes 9 months. A Fortune 500 retailer renegotiates their CRM renewal at 30% below list. The vendor knows the alternative is cancellation, and the retailer knows they’re not actually canceling. A regional bank automates Tier-1 support with an AI agent, keeps the platform for escalation routing and compliance logging: spending less, not zero.

Companies negotiating six months out save up to 39% on renewals, compared to 14% for teams that start negotiations 30 days out (Tropic 2026). If you’re reading this in March, your Q3 renewals are in the window. Your Q2 renewals are late.

To be fair

There’s a version of this argument that’s too comfortable.

The “it’s just a pricing transition” thinking lets enterprise leaders exhale and go back to renegotiating contracts on familiar terms.

But the CEO staring at a portfolio of 305 SaaS tools should acknowledge something the cable TV analogy glosses over: in that transition, Blockbuster died and Netflix ate its business.

The aggregate market grew while individual companies got destroyed. Gartner’s 14.7% growth forecast doesn’t mean your specific vendor survives. It means the spend migrates to whoever figures out the new model first.

Renegotiate and pilot. Don’t exhale yet.

And the window for renegotiation assumes the vendor across the table will still be solvent when the contract renews.

For platform vendors with deep integration moats, that’s a safe bet.

For the point solution you’re paying $40K/year for?

Run the three questions. If the answer to question one is “rebuild the workflow,” you might be funding someone else’s runway.

What to do this quarter

This month:

Run those three questions across your SaaS stack. Tag each tool: system of record, workflow-embedded, or commodity. Consider cutting commodity. Renegotiate hard on systems of record.
Open renewal conversations for anything coming up in Q3. You have leverage you didn’t have six months ago.

This quarter:

Pilot credit-based pricing on one mid-tier platform renewal. 79 vendors already offer credit models. You’re not asking for something radical. You’re asking for what Figma and HubSpot already are offering.
Run one controlled AI replacement test on a tool you tagged as commodity. Measure for 90 days before canceling. Demos aren’t deployments.

The SaaSpocalypse isn’t an extinction event. It’s a pricing model transition, and that transition is creating real leverage for buyers. Your stack will change — that much is settled. Whether you’re driving it with data or reacting to a narrative written by people who don’t run your operations is the actual choice in front of you.

“Code is never where the value has lived.” — a16z

Which of your renewals this quarter are you renegotiating, and which are you actually ready to replace?

References:

Microsoft just validated Anthropic's entire go-to-market strategy

Karthik’s AI Wanderlust — Thu, 12 Mar 2026 22:13:13 GMT

On March 9, Microsoft announced Copilot Cowork — the centerpiece of its new $99/user/month M365 E7 Frontier Worker Suite, generally available May 1. Built, in Microsoft’s own words, “in close collaboration with Anthropic,” it brings the technology powering Claude Cowork directly into Microsoft 365.

Microsoft has invested over $13 billion in OpenAI since 2019. It holds a ~27% stake valued at $135 billion after the October restructuring. For the flagship product launch it’s betting on to convert 450 million M365 commercial users into paying AI customers — it chose someone else’s model.

Two weeks ago, I wrote that the real divide between Microsoft and Anthropic isn’t scheduling versus continuous context — it’s governance philosophy. Top-down control versus bottom-up extensibility. Today, Microsoft made that divide literal: Anthropic’s capability, wrapped in Microsoft’s governance layer. The question is what that architecture tells us about where AI value actually lives.

The $13 billion hedge

The official framing is tidy.

“Microsoft 365 Copilot is model diverse by design,” the announcement reads. Jared Spataro, Microsoft’s CMO for AI at Work, told Fortune that Claude Cowork is “a fantastic tool” with “real limitations in corporate environments.” Translation: great brain, needs adult supervision.

Or is “Model diverse by design” a revisionist branding dressed as a strategic pivot?

Microsoft’s $5 billion investment in Anthropic last November, alongside a $30 billion Azure compute commitment from Anthropic, wasn’t a diversification play from day one. It was a response to watching a disturbing pattern unfold.

ELI5: What’s happening here? Imagine you’ve spent years and billions building a restaurant around one chef. Then you quietly hire a second chef — from a rival kitchen — to cook the dishes you’re putting on the tasting menu. You can call it “menu diversity.” Your first chef might call it something else.

The numbers tell the story Microsoft’s press releases don’t.

Out of roughly 450 million M365 commercial users, only 15 million pay for Copilot — 3.3% penetration. Seat growth looks healthy at 160% year-over-year.

Here’s the data point that should keep Redmond awake: when Recon Analytics surveyed 150,000+ enterprise users who had access to Copilot, ChatGPT, and Gemini, only 8% chose Copilot. Seventy percent chose ChatGPT. Copilot’s paid subscriber share dropped from 18.8% to 11.5% between July 2025 and January 2026.

Pre-installed doesn’t mean preferred. Microsoft can put Copilot on every M365 seat in the world, and users still reach for something else.

If this sounds familiar, it should. Microsoft bundled Internet Explorer with every copy of Windows for a decade. Chrome won anyway because the product was better.

The pattern that actually matters

Something shifted in the last six months. It happened across every major AI tool, all at once. Claude Code runs locally in your terminal, working directly with your project files. Claude Cowork does the same on your desktop (Mac or Windows) with folder-level permissions. And now Copilot Cowork brings that same “work with your actual files” pattern into M365.

ELI5: What does “agentic” mean? Most AI tools today work like a texting buddy — you ask a question, it answers. Agentic AI is different. It’s more like a colleague who sits at a desk next to you, opens the same files you’re working on, and does actual tasks: edits a spreadsheet, drafts an email from your inbox, reviews a contract in your folder. It doesn’t just talk about work. It does work.

Claude Code now accounts for 4% of all public GitHub commits — roughly 135,000 per day — with 42,896x growth in 13 months. SemiAnalysis projects it could hit 20%+ by the end of 2026. In a UC San Diego/Cornell survey of 99 professional developers, Claude Code ranked first in usage, ahead of GitHub Copilot and Cursor.

ELI5: What is Claude Code? It’s an AI tool that lives in your terminal (the command-line interface developers use). Instead of chatting in a browser, it works directly inside your code projects — reading files, writing code, running tests, committing changes. Think of it as the difference between texting a contractor photos of your kitchen versus handing them the keys.
In practice: A developer uses Claude Code to refactor a 2,000-line authentication module. It reads the existing code, proposes changes across 14 files, runs the test suite, and commits. A legal ops team uses Claude Cowork to review vendor contracts against a standard playbook stored in a local folder. A financial analyst connects Copilot Cowork to their SharePoint models and asks it to stress-test three scenarios without ever copying data into a chat window.

The same pattern is now reaching workers who’ve never touched a terminal — and this is where the Microsoft comparison gets uncomfortable.

Anthropic recently pushed skills directly into the PowerPoint and Excel add-ins.

Skills are not prompts.

A prompt is a one-time instruction: “make this slide cleaner.”
A skill is an encoded workflow, a defined sequence of steps built once, executed identically every time, and shareable across your entire organization via a team account.

Your CFO writes a variance analysis skill that reads every formula in a spreadsheet, calculates actual-vs-target gaps, and adds plain-English explanations as cell comments. Done once. Now every analyst on the team types /variance and gets that same audit in under a minute, without writing a single prompt or knowing anything about how the skill works underneath.

Copilot in Office is generative. “Help me write this.” “Summarize that.”

Claude Cowork is running a live feed of your entire session — not a snapshot when you open the document, a continuous feed. Ask it mid-execution what changed three slides ago and it knows, because it’s been watching the whole time.

That’s a different product, not just a different model.

Microsoft also hasn’t shipped org-deployable skill workflows for the Office add-ins — no slash commands, no way for a CIO to push a skills library to every employee’s instance. Spataro wasn’t wrong when he called Claude Cowork “fantastic but limited in corporate environments.”

The governance infrastructure most enterprise IT teams haven’t built yet is exactly what makes that live-session capability uncomfortable to deploy at scale.

That matters more than any single feature.

Today, effective AI assistance in Office requires every worker to engage with AI consistently — something McKinsey’s Superagency data shows only 13% of employees actually do, using it for 30% or more of their daily work. Skills flip that around: institutional knowledge gets encoded once by someone who knows the work deeply, then anyone on the team invokes it with a slash command. The 87% who never built that habit get the same output as the 13% who did.

The Gartner contradiction

Two numbers. Hold both.

Gartner predicts 40% of enterprise applications will feature task-specific AI agents by the end of 2026, up from less than 5% in 2025. In essentially the same breath, they predict over 40% of agentic AI projects will be canceled by the end of 2027.

Both predictions are probably right.

The rush to deploy agents is real. So is the organizational failure rate. McKinsey’s “Superagency” data reveals why:

C-suite leaders estimate 4% of their employees use GenAI for 30%+ of daily work. The actual number is 13%.
And 47% of employees say they’ll reach that threshold within a year, versus only 20% of executives who believe it.

The people doing the work are ahead of the people buying the tools.

This is exactly the shadow AI pattern from post #4 — playing out now at the agent layer.

The governance gap is staggering.

Kiteworks’ 2026 Data Security Report found that

63% of organizations cannot enforce purposeful limitations on AI agents.
60% cannot terminate a misbehaving agent.
80% of the Fortune 500 are deploying active AI agents anyway.

Spataro’s framing of Claude Cowork having “real limitations in corporate environments” is both accurate and self-serving.

The governance wrapper is valuable.

The question is whether it’s $99/user/month valuable when the underlying capability comes from someone else’s model.

The IBM inversion

In 1985, IBM and Microsoft co-developed OS/2. Microsoft simultaneously built Windows on the side. When Windows 3.0 took off, Microsoft pivoted and IBM was left holding the bag. The partner who controlled distribution won. The partner who contributed the engineering lost.

Now the roles are inverted. Microsoft is the enterprise distribution giant relying on a partner’s technology. Anthropic is the capability provider who could, at any point, decide the wrapper is less valuable than the brain.

The 13 enterprise plugins Anthropic launched for Claude Cowork in February (Google Drive, Gmail, Calendar, DocuSign, FactSet, Slack) suggest they’re already building their own wrapper. The PowerPoint and Excel skills update sharpens the point: Anthropic pushed org-shareable skills directly into the Office add-ins weeks before Microsoft’s E7 Frontier Suite ships in May.

Enterprises that want Claude’s agentic capability inside Office don’t need to wait for the $99/user/month wrapper. They can have it today.

There’s also MCP: the Model Context Protocol, which Anthropic co-founded and donated to the Linux Foundation alongside Block and OpenAI, with support from Google, Microsoft, and AWS. Over 10,000 active public servers. Adopted by ChatGPT, Cursor, Gemini, Copilot, and VS Code.

ELI5: What is MCP? It’s a universal adapter standard for AI tools. Like how USB-C lets you plug any charger into any laptop, MCP lets any AI model connect to any data source — your email, your files, your databases. Before MCP, every AI tool needed custom integrations. Now there’s one standard plug. The fact that Microsoft, Google, and OpenAI all adopted Anthropic’s standard tells you something about who’s setting the technical agenda.

When the ingredients become branded — when “Powered by Claude” is the 2026 version of “Intel Inside” — the platform provider has a problem. If customers start asking which model runs this instead of which platform is it on, value migrates from the wrapper to the brain.

What this means for your stack decision

In post #7, I argued that model choice is the least consequential decision in your AI strategy. At the chatbot layer, that’s still true. At the agent layer — where the AI touches your actual files, makes decisions, and takes actions — model capability starts to matter a lot more.

Three things to do now:

Test the “work with your actual files” pattern before buying the wrapper. Claude Cowork for Teams is economical to try. Claude Code has a generous free tier. See whether agentic AI delivers value with your actual workflows before committing to a $99/user/month bundle. The M365 E7 suite doesn’t GA until May — you have time. (make sure you setup Claude where you are not sharing Enterprise data with Anthropic)
Measure preference, not deployment. Copilot’s 3.3% penetration and 8% preference rate should be a warning. Buying seats is procurement. Usage is signal. If you’re already paying for Copilot, run the Recon Analytics test yourself: give a cohort access to multiple tools and see what they actually choose.
Solve the governance gap before scaling agents. The Kiteworks data (63% can’t enforce purpose limitations, 60% can’t terminate misbehaving agents) is an organizational emergency, not a vendor feature request. No amount of wrapper sophistication fixes a governance vacuum. Agent 365 offers to provide this as part of the E7 license.

To be fair

The strongest read of this announcement isn’t that Microsoft is hedging against OpenAI — it’s that Microsoft is doing exactly what good platform companies do.

Azure already hosts Llama, Mistral, and Grok alongside OpenAI’s models. Adding Claude to Copilot could be the same playbook applied one layer up: pick the best model for each job, wrap it in your security and compliance layer, and charge for the wrapper. If you’re a CIO who’s already committed to M365, that’s arguably good news — you get Claude’s agentic capability without managing another vendor relationship.

The uncomfortable question is whether the “confession” framing is too neat. Microsoft’s $5 billion Anthropic investment is 2.7% of their $135 billion OpenAI stake.

That’s a rounding error, not a pivot.

Call it what it is: Microsoft is becoming a model-agnostic distribution layer — which is either a position of strength (they own the customer relationship) or weakness (they’ve admitted they can’t win on the tech itself).

There’s a second concern worth naming: Anthropic is burning cash at an estimated $8-10 billion per year in compute.

Claude’s computer-use scores (72.5% on OSWorld versus GPT-5.2 at 38.2%) explain why Microsoft chose it for agentic tasks. But those scores don’t answer what happens to every enterprise that built on Claude if the next funding round doesn’t close.

The “Intel Inside” analogy flatters Anthropic — Intel’s position eventually commoditized when AMD and ARM caught up. Whether “Powered by Claude” becomes a genuine buying signal or stays a footnote in the release notes is still an open question.

Claude Code is at 4% of GitHub commits today and accelerating. If it hits 20% by year-end, we’ll look back at the Copilot Cowork announcement not as the moment Microsoft embraced model diversity — but as the moment the distribution layer started losing the argument.

What are you seeing on the ground: are your teams reaching for what IT approved, or what actually works?

References:

The Quiet Reorg: AI is Redrawing Financial Services Org Charts

Karthik’s AI Wanderlust — Sat, 07 Mar 2026 12:31:05 GMT

Hiring of workers aged 22-25 in AI-exposed occupations is down 14% since ChatGPT launched.

No press releases.
No severance packages.
No angry threads on LinkedIn.

The entry-level pipeline is quietly narrowing, and four major research reports published in recent months converge on the same conclusion: firms that treated AI as a technology purchase instead of a people investment have hollowed out their talent pipeline without building anything to replace it.

I’ve been reading these reports as they dropped — Anthropic, McKinsey, the NBER, Deloitte.

Read together, they describe a fundamental mismatch that most financial services leaders haven’t named yet.

Naming it is the first step to fixing it.

The four reports at a glance:

Anthropic — “The Economic Impacts Study” (March 5, 2026)
Mapped AI’s theoretical capability against observed real-world exposure across occupations and industries.
Used labor market data to track what’s actually changing in hiring, wages, and employment patterns post-ChatGPT.
The first empirical displacement study from a frontier model lab.
McKinsey — “The State of Organizations 2026”
Surveyed 10,018 leaders across industries and geographies on organizational health, AI readiness, and the barriers to capturing value.
Includes detailed case studies (Allianz, a P&C insurer)
The $1-to-$5 investment ratio that anchors much of this analysis.
NBER — “AI Adoption, Employment and Productivity” (2026)
Firm-level survey of ~6,000 companies across the US, UK, Germany, and Canada.
Tracks actual AI adoption rates, productivity effects, and employment predictions by sector.
Finance and insurance emerges as the highest-adoption sector in the UK.
Deloitte — “TMT Predictions 2026” (November 2025)
Annual technology forecast covering agentic AI, SaaS disruption, and digital labor integration.
Projects the AI agent market from $9B to $35-45B by 2030.
Maps three deployment approaches firms are taking.

The displacement nobody announces

Anthropic’s Economic Impacts Study, published March 5th, mapped theoretical AI exposure against what’s actually happening in the workforce. The headline finding isn’t mass unemployment.

Financial and investment analysts rank as the 7th most exposed occupation, with 57.2% observed exposure. Computer programmers sit at 74.5%. Customer service representatives at 70.1%.

No systematic unemployment increases in these roles.

The displacement is subtler.

Companies aren’t firing analysts. They’re not replacing the ones who leave, and they’re not hiring the next cohort at the same rate. The org chart shrinks from the bottom, one unfilled requisition at a time.

Meanwhile, the people still inside the building are already using AI without telling anyone. That gap between official adoption and actual usage makes the compression invisible from the top.

This isn’t a blue-collar story. Graduate degree holders are 3.9 times more exposed to AI than those with only a high school education. Workers in exposed occupations earn 47% more on average ($32.69/hr vs. $22.23/hr). AI is compressing the knowledge-worker tier, the very roles financial services firms built their operating models around.

The young workers who do get in are adapting faster than their managers expect, which only widens the gap between how firms plan and how work actually happens.

The NBER’s firm-level data tells the same story from the employer side. Between 89% and 95% of AI-using firms report “no impact” on current employment over the past three years. Those same firms predict +1.4% productivity gains alongside -0.7% employment effects over the next three. US firms specifically expect -1.19% employment reduction. UK firms, -1.36%.

That’s not a wave of layoffs.
It’s a slow tide going out…

Each number is small enough to ignore in any given quarter. Compounded across a sector over three years, it reshapes who works where.

UK AI non-use dropped from 45% to 25% in ten months. Finance and insurance leads UK adoption. The acceleration curve is steep, and hiring compression will follow.

Firms getting AI right are also paying more. NBER found that AI-adopting firms correlate with higher labor productivity and higher wages per employee.

They aren’t cutting costs on people.
They’re concentrating investment in fewer, higher-skilled roles.

Whether anyone is building the pipeline to fill those roles in five years is a different question.

The $5 problem nobody’s funding

McKinsey surveyed over 10,000 leaders globally for their State of Organizations 2026 report. The number that should bother financial services executives:

86% feel unprepared for AI in daily operations.
Only 6% are realizing AI’s full value.
Less than 20% see meaningful bottom-line impact.

The core finding is blunt:

for every $1 spent on AI technology, organizations need $5 on people readiness — reskilling, change management, workflow redesign.

Most firms have the ratio inverted. They bought the tools. They skipped making their people capable of using them.

I wrote about this exact failure mode a month ago: the bottleneck was never the technology. It was always the skills gap.

The top three barriers are all human problems:

concerns about AI (46%),
regulatory and ethical worries (44%),
organizational change management (39%).

The top three enablers mirror this:

ease of use (42%),
leadership championing (36%),
a dedicated team (36%).

One in six organizations has no C-level owner for AI adoption. Not a distributed ownership model.

No owner at all. In 1 in 6 companies!

Even where ownership exists, the strategy evaporates before it reaches execution.

40% of C-suite leaders say they understand their AI strategy.
Only 27% of middle managers agree.

That 13 percent gap means the strategy isn’t surviving the organizational resistance. It’s a slide deck in a Teams’ site.

There’s a resource problem stacked on top. 41% of leaders cite resource reallocation as a barrier. They know where the money should go. They can’t move it.

Budgets are locked into structures, teams, and vendor contracts built for a different era.

One firm McKinsey profiled audited itself:

60% excess meetings,
35% duplicate decisions,
two-month data lags,
1,000+ hours per month of manual reporting.

AI can’t fix that.

You fix the organization first, then deploy AI into workflows that actually work.

Automating a broken process just produces broken outputs faster.

What Allianz figured out

Allianz CHRO Bettina Dietsche: “In five years, two-thirds of the skills we need will be completely different.” They didn’t treat that as a theoretical concern.

They built AllianzGPT and got 60,000+ active users.

They integrated AI into underwriting, claims processing, and product design. Their employees average 43+ hours of learning per year, and employees voluntarily pushed it to 60. A P&C insurer in the same McKinsey research achieved 95% user acceptance on AI-assisted claims review.

The difference between Allianz and the 86% who feel unprepared isn’t the technology.

Allianz didn’t buy a better model.

They invested in making their people capable of working alongside it, then measured acceptance rather than just accuracy.

McKinsey’s data: firms that invest in people alongside technology are 4.3x more likely to stay in the top quartile.

NBER backs this from a different angle — wage growth is the strongest predictor of AI productivity gains. Firms paying more per employee get more AI value.

The people investment shows up directly in the numbers.

Firms that invested early in people readiness attract better talent, get more from their AI deployments, and build institutional muscle that grows over time.

Firms that bought tools without investing in people are stuck in a loop:

tools underperform,
which makes the case for people investment harder,
which means the tools keep underperforming.

The agent layer compresses the timeline

Everything above is the current state.

Deloitte’s TMT Predictions 2026 describes what’s next.

The AI agent market is projected at $9 billion in 2026, growing to $35-45 billion by 2030.

Agent orchestration is already deployed in financial investment research. By 2028, 33% of enterprise software is expected to include agentic AI capabilities.

Only 28% of firms believe they have mature agent capabilities, versus 80% who feel confident about basic automation. That 52-point gap matters. 86% of CHROs see digital labor integration as a central strategic priority, yet 40% of agentic AI projects could be canceled by 2027.

The business model is shifting underneath firms still negotiating seat licenses.

40% of enterprise SaaS is expected to move to usage or outcome-based pricing by 2030. (I intend to write more on the SaaS pricing strategies soon - it’s afascinating landscape!)
35% of current SaaS functionality could be replaced by AI agents.
83% of AI-native SaaS companies already price this way.

I wrote about the SaaS pricing model collapse two weeks ago — the agent layer is the mechanism driving it.

Deloitte identifies three approaches to agent deployment:

smart overlay on existing systems,
agentic by design for new builds, and
full process redesign.

The companies that only add AI on top of old systems are the same ones McKinsey identified as failing to invest enough in training their people.

For financial services, agents doing investment research, claims triage, compliance monitoring, and customer service create a category of “digital labor” that doesn’t fit existing workforce planning models.

The CHROs see it coming.

The operational capability isn’t there yet.

What to do about it

Four reports. Same finding. The companies winning at AI are investing in their people first.

The firms lagging behind are investing in tools first.

The agent layer is about to widen that gap.

Actions, by urgency:

This month:

Audit your AI investment ratio against the $1:$5 benchmark. For every dollar going to AI technology, how much goes to reskilling, change management, and workflow redesign?
If you can’t answer that from your current budget data, that’s the first problem.
Check whether you have a named executive owner for AI adoption. Not a committee. A person. NBER found that in the UK, CFOs lead AI adoption over CEOs (50% vs. 34%).
The question is whether the right person owns it — someone who controls budget.

This quarter:

Map your entry-level pipeline exposure. Which roles are you hiring fewer of? Is that intentional, or is it happening by default as managers quietly close requisitions?
Compressing from the bottom without building a development pathway for existing staff creates a skills gap that surfaces in three to five years.
Pick one AI-assisted workflow. Deploy it with structured learning support, not just a tool rollout.
Measure user acceptance, not just model accuracy. If acceptance is below 80%, the problem isn’t the AI.

This year:

Assess which workflows are candidates for agentic AI. Map the gap between your basic automation confidence and your agent readiness. If you need a framework for evaluating where your AI capabilities actually stand, the benchmarks guide is a starting point. Then use Deloitte’s three-tier framework: smart overlay, agentic by design, or full process redesign. Most firms default to overlay. The ones getting results are doing redesign.

The 86% who feel unprepared aren’t wrong. They’re running out of time to change it.

The hiring gates are already narrowing.

The agent layer is arriving.

The firms that figured out the people investment three years ago are 4.3x more likely to be outperforming everyone else.

When was the last time you checked whether your firm’s AI investment is going to tools or to the people who need to use them?
What ratio did you find?

References:

The SaaSpocalypse: $285B in smoke, and the question nobody's asking

Karthik’s AI Wanderlust — Mon, 02 Mar 2026 13:00:41 GMT

On February 3rd, 2026, someone at Jefferies typed “SaaSpocalypse” into a research note, and within hours traders were selling.

Thomson Reuters dropped 16% -- its worst single day ever.
RELX fell 14%.
LegalZoom cratered 20%.

The software sector ETF had already been sliding since September, but this was different.

This was a stampede for the exits.

What triggered the panic wasn’t a single event. It was a pile-up. Anthropic had released a legal plugin for Claude on January 30th -- a 200-line markdown prompt that could triage NDAs, flag non-standard clauses, and generate compliance summaries. (I wrote about Anthropic’s divergent approach to AI automation before the selloff -- the legal plugin was the logical next step.)

A week later, a startup called Base44 announced it had canceled $350,000 a year in Salesforce licenses after vibe-coding a replacement. Matt Shumer published “Something Big Is Happening” and it racked up tens of millions of views.

The narrative locked into place: AI is eating software. Sell everything.

And honestly? The bearish case writes itself.

The fear is not irrational

Look at the numbers.

Microsoft is sitting in a 26% drawdown.
Oracle has been cut in half.
The IGV software ETF plunged 28% from its September 2025 peak.
KPMG, yes KPMG, used AI as a negotiation weapon to squeeze its auditor Grant Thornton on fees, pushing them from $416,000 down to $357,000. That’s a 14% haircut, and the explicit reasoning was: AI makes this work cheaper now. Pass it on.
Cursor AI is achieving over 1,000 code commits per hour. Autonomous coding agents producing working software at a pace no human team can match. That’s a different category of threat than anything we’ve seen from developer tooling.

The fear driving the selloff is straightforward: if AI agents can do the work, why are we paying per-seat licenses for humans to log in and click buttons?

Satya Nadella himself trolled Salesforce at a conference, saying SaaS would “dissolve into agents sitting atop CRUD databases.” When the CEO of the world’s largest software company tells you the category is dissolving, people listen.

And the vibe-coding movement isn’t theoretical anymore. Founders are genuinely canceling enterprise contracts and rebuilding tools with AI in weeks.

The old SaaS sales pitch “it would take you 18 months and $2 million to build this yourself” sounds increasingly hollow when a capable developer with Claude or Cursor can prototype a replacement over a long weekend.

But here’s what the panic sellers are missing

Finbarr Taylor made a point the market hasn’t absorbed yet: you can clone the interface, but the interface was never the product.

A SaaS platform is the ten years of edge cases baked into it. The compliance certifications. The audit trail. The integrations with 200 other systems that all need transactional consistency.

Anyone who’s tried to rip out a deeply embedded enterprise tool knows the real cost isn’t the license, it’s the migration risk, the regulatory exposure, the thing you didn’t know the old system was doing until it stops doing it.

Bank of America analyst Vivek Arya pointed out something the market seems allergic to acknowledging: investors are simultaneously pricing in two mutually exclusive scenarios.

Either AI capex is deteriorating (bad for the hyperscalers building it),
or AI is destroying SaaS (which requires massive AI capex to happen).

Both stories can’t be true at the same time. Panic doesn’t do nuance.

(If you want to understand the physical infrastructure underpinning this capex, The Chip War is essential reading.)

There’s also what’s now being termed the Articulation Bottleneck.

A human’s vague intent “I need a CRM” represents less than 1% of the information needed to build a useful tool. The other 99% is workflow logic, permission hierarchies, data validation rules, compliance requirements, and integration specifications that nobody writes down because they’re embedded in institutional knowledge.

Vibe-coding a replacement for a weekend project is one thing. Vibe-coding a replacement for a system that processes $400 million in quarterly transactions is a different conversation entirely.

Michael Pollan once argued that “nutritionism” - reducing food to its individual nutrients - misses the point of eating.

Something similar is happening here.

Reducing SaaS to its lines of code misses the point of enterprise software. The code is the least interesting part.

Both arguments have a blind spot

Something structural is breaking. Enterprise software isn’t going anywhere. What’s actually dying is the per-seat pricing model, and both sides of the debate keep talking past it.

When AI agents do the work, they don’t log in. They don’t need a seat. They don’t show up in your active user count.

The entire economic architecture of SaaS is to charge per human, per month, scale with headcount and this collapses when the work shifts to agents that operate through APIs.

This is why Thomson Reuters got destroyed while the underlying demand for legal research didn’t change. Nobody stopped needing to review contracts.

The market just realized that charging lawyers $200 per seat per month is indefensible when a 200-line prompt does the triage work.

The vendors that will survive are the ones rebuilding for agentic-first architecture pricing on outcomes, on transactions, on value delivered. Everyone else is bolting a chatbot onto a legacy UI and calling it an “AI feature.”

That’s putting a touchscreen on a typewriter.

Nadella’s trolling of Salesforce was funny, but here’s the irony: the same logic threatens Microsoft Office.

If agents are sitting atop CRUD databases, why does anyone need Excel? The disruption doesn’t care about your market cap.

What this means for leaders

Every enterprise technology leader needs to audit their SaaS portfolio against a simple question:

Are we paying for access to a platform, or are we paying for access to a user interface?

If the answer is “user interface,” that contract is on borrowed time. If the answer is “platform” then the data, the workflows, the compliance infrastructure, the integration fabric and that vendor still has a place in the future of an enterprise.

A different-shaped and priced moat than it had two years ago, but still a moat.

This month:

Pull your top 10 SaaS contracts by spend. For each one, ask: what percentage of the value is the UI vs. the underlying data and workflow engine? If you can’t answer that question, you don’t understand your own stack well enough. (My guide to cutting through AI vendor benchmarks applies here too -- the same skepticism you need for model evals, you need for SaaS vendor claims about their “AI features.”)
Identify which vendors are pricing per-seat vs. per-outcome. The ones still clinging to seat-based models are telling you something about how seriously they’re taking the shift.

This quarter:

Run a small experiment. Pick one internal tool that’s pure UI -- something your team uses for data entry or simple lookups -- and see what it takes to replace it with an agentic workflow. Not to save money. To learn where the actual complexity hides. It hides somewhere you don’t expect.
Renegotiate at least one contract using the KPMG playbook. If AI is making the work cheaper, the savings should flow to you, not just to your vendor’s margin.

The companies that figure out what they’re actually selling whether its data, workflows, trust, compliance, will reprice and survive.

The ones that were really just selling a nice interface are in trouble. IMHO.

What’s the first SaaS contract in your portfolio that fails the “platform vs. UI” test?

References:

Book Review: The Chip War | Chris Miller

Karthik’s AI Wanderlust — Sun, 01 Mar 2026 13:02:50 GMT

There’s a machine that costs $350 million, lives in the Netherlands, and is made by exactly one company in the world. Every advanced chip — in your phone, your car, a fighter jet’s targeting system — gets printed using light that only that machine can produce. If something happens to that supply chain, we don’t have a backup plan.

That’s the book. That’s also the world we’re living in right now.

What it’s actually about

Chris Miller jumps between Cold War espionage, the biography of Morris Chang, the physics of lithography, and decades of Pentagon strategy — and somehow it all connects. The argument is simple: chips aren’t a component of modern power. They are modern power.

If you’ve read Yergin’s The Prize on oil geopolitics, or The Code Breaker on the CRISPR race, this sits in the same category. Dense, specific, genuinely illuminating. By page 99 you’re deep into EUV lithography and starting to understand why a $350 million light machine matters more for national security than most weapons programs.

What I kept thinking about after

He opens with a US destroyer. Ninety-six launch cells, looks terrifying. But it’s not the missiles that make it lethal — it’s the Aegis radar system that sees, tracks, and guides them. The whole book is really that one image scaled up. Raw firepower stopped mattering. Computing power is what wins now.

There’s a chapter on the Thanh Hoa Bridge in Vietnam that stuck with me. The US tried to bring it down for years — 800 unguided bombs, couldn’t do it. Then in 1972, 24 smart bombs dropped it in one mission. That’s the moment the US military started betting everything on precision over mass. Everything that followed — the chip race, Taiwan’s importance, the export controls we’re seeing today — traces back to that decision.

The part about why the Soviets failed is worth the price of admission alone. They weren’t short on talent or resources or even stolen designs. What they couldn’t replicate was the accumulated know-how of a factory floor that had been iterating for decades. Chipmaking isn’t a blueprint. It’s institutional knowledge that compounds over time. By the time you copy the current generation, the original is already two generations ahead.

And then TSMC. Morris Chang built what is genuinely the most important factory on earth — roughly 90% of the world’s advanced chips come from one company, on one island, 100 miles from China. Miller doesn’t dramatize this. He just shows you the dependency and lets it sit there.

Where it gets shakier

The China section feels a bit dated. Miller wrote this in 2022, and Chinese progress on lower-end chip manufacturing has moved faster than he anticipated. The core argument still holds, but some of the specific capability gaps he describes have narrowed. Worth keeping in mind as you read.

The policy section at the end also left me wanting more. He covers the CHIPS Act, export controls, allied fab investment — but doesn’t really wrestle with whether spending billions to build fabs in Arizona actually solves the concentration problem, or just relocates it. That question is sitting right there in his thesis. He acknowledges it and moves on.

Should you read it?

If you work anywhere near defense, enterprise AI, supply chain, infrastructure, or policy — yes. It’s one of those books that quietly reframes how you read the news. You finish it and suddenly the chip-related headlines that used to feel technical and distant start making sense.

It’s not a quick read. Miller assumes you’ll stay with him through the technical details. If you’re looking for a high-level take, there are shorter paths. But if you put in the time, the payoff is real.

What made me write this now

I read Chip War a while back and had it sitting on my list to review. Then this week happened.

On February 26, Pakistan declared open war on Taliban-controlled Afghanistan. Airstrikes on Kabul and Kandahar by February 27. Actual state-on-state military conflict, not a proxy situation. And then on February 28, military strikes escalated between Israel and Iran.

What hit me reading both stories through Miller’s lens: neither Pakistan nor Afghanistan manufactures semiconductors. The weapons being used — the guidance systems, the radar, the communications infrastructure — run entirely on chips made somewhere else. That dependency is invisible until a conflict makes it visible.

On the US, Israel, Iran side, there’s a chip plant under construction in Ashkelon, designed for AI and defense applications. Israel’s defense exports hit $14.8 billion in 2024. When conflict reaches regions that are starting to build semiconductor infrastructure, the questions Miller raises aren’t academic anymore.

Underneath all of it, TSMC still makes roughly 90% of the world’s most advanced chips. One disruption to that supply chain — a car misses one $1 chip and a $50,000 vehicle can’t be completed. An AI training run stalls. A weapons system goes offline.

Miller’s point wasn’t that this would definitely happen. It was that we built an incredibly efficient global system with almost no redundancy, and at some point that tradeoff would get tested. This week felt like a test.

Moore’s Law — the idea that chip density doubles roughly every two years — gets talked about like it’s a force of nature.

It isn’t.

It’s the product of continuous investment, compounding expertise, and stable conditions for innovation. Sustained instability doesn’t just affect chip supply today. It erodes the conditions that make future chips possible.

I’m not drawing geopolitical conclusions here.

I don’t have an angle on who’s right or wrong in any of these conflicts. But I do think Miller gave us a useful lens, and right now that lens is clarifying rather than distorting.

The question I keep coming back to

We’ve spent years optimizing for efficiency in our supply chains — chips, components, software dependencies. Miller’s book is essentially a long argument for why that optimization has a hidden cost that we’ve been deferring.

What would it actually look like to build resilience into the systems your organization depends on?

Not as a thought experiment — as a real decision with real tradeoffs?

That’s the question I’m sitting with.

Reviewed for the next reader, not the author.

https://amzn.to/4kZrzYx

References:

When your AI prediction ages badly, the interesting part is why

Karthik’s AI Wanderlust — Sat, 28 Feb 2026 22:14:57 GMT

Three weeks ago, I wrote that Microsoft and Anthropic represented two fundamentally different philosophies of AI automation. Microsoft was betting on scheduled workflows. Anthropic was betting on continuous context. I deduced it as a genuine fork in the road.

Then, on February 25th, Anthropic launched Scheduled Tasks in Claude Cowork. Daily, weekly, hourly, on-demand. The very capability I said they were deliberately avoiding.

And one I am thoroughly enjoying!

So I was wrong. But I was wrong in a way that reveals something more important than the original argument.

The prediction that missed

Let me be specific about what I got wrong. I argued that Anthropic’s approach to work automation was philosophically opposed to scheduling. That their persistent-context model meant they didn’t need to carve work into discrete, time-triggered chunks. That scheduling was Microsoft’s game, and Anthropic was playing a different one entirely.

The original piece drew a clean line between two visions.

Clean lines make for good writing. They don’t always survive contact with product roadmaps. Especially in the age of exponential AI!

What actually happened: Anthropic looked at the same data everyone else is looking at and reached the same conclusion. Recurring knowledge work needs automation.

Claude Cowork’s scheduled tasks let users define recurring jobs in natural language, pick a cadence, and let Claude handle the rest. No code required. No IT ticket. No template library.

That last part is where the original thesis wasn’t entirely wrong. It was just aiming at the wrong variable.

Scheduling was never the divide

Both launches reveal the same thing: the interesting difference between Microsoft and Anthropic was never whether to schedule AI work.

Microsoft Teams AI Workflows, which completed global rollout in mid-February, operates through a specific governance model.

Admin-controlled scheduling.
Predefined templates.
IT enablement required.
The feature ships turned OFF by default and requires explicit admin activation through Power Platform security policies.

Anthropic’s version starts from the opposite end. A knowledge worker opens Claude, describes a recurring task in plain English, sets a schedule, and it runs. The plugin architecture launched January 30th adds MCP integrations, sub-agents, and custom slash commands. An enterprise plugin catalog is planned but not yet shipped.

Same capability. Radically different theory of adoption.

Microsoft is building top-down governance: IT defines what’s possible, employees operate within those boundaries. This is the logical extension of the “Frontier Firm” vision from Ignite 2025.

Anthropic is building bottom-up extensibility: individuals define what they need, governance layers get added as organizations mature.

This is a control debate, not a scheduling debate.

The shadow AI problem neither has solved

The control question matters more than the feature question.

According to Cybersecurity Dive, 80% of office workers already use AI tools, but only 22% use employer-provided ones. I wrote about this gap in Secret Cyborgs Are Already Running Your Company. That gap is a design problem. Shadow AI exists because approved systems solve the wrong problem at the wrong altitude.

Microsoft’s approach addresses the IT leader’s fear: ungoverned AI doing ungoverned things.

Fair.

But if the governance model creates enough friction that workers route around it, you’ve built a compliance artifact, not a productivity tool.

Anthropic’s approach addresses the knowledge worker’s frustration: I know exactly what I need automated, just let me describe it.

Also fair.

But without governance scaffolding, you get 200 employees running 200 custom automations with no visibility, no audit trail, and no consistency.

McKinsey’s latest data sharpens the point: 88% of organizations now use AI in some capacity, but only 39% report zero impact on EBIT.

The gap between adoption and value isn’t about which AI you pick. It’s about whether the automation model matches how work actually flows through your organization.

What this means for leaders making platform bets

Most organizations will need both philosophies, and the ones that pick a side too early will pay for it.

This pattern repeats in enterprise environments.

A top-down platform gets mandated, adoption stays shallow, and the real work happens in unsanctioned tools. Or a bottom-up tool spreads virally, creates genuine value, then gets killed by security review because nobody planned for governance.

The organizations that extract actual value from AI automation in 2026 are the ones that treat this as a sequencing problem, not a platform choice.

This quarter:

Audit your shadow AI. Not to shut it down — to learn what problems your people are actually solving. The 80/22 gap is a map of unmet needs.
Test both models on the same workflow. Pick one recurring knowledge task. Run it through Microsoft’s template-driven approach and through a natural language definition in Claude. Compare not just output quality but adoption friction.
Define your governance floor, not your governance ceiling. Non-negotiable controls are data boundaries, audit logging, access controls. Everything above that floor should be flexible enough to accommodate both directions.

This year:

The market for AI workflow automation is projected to reach $14.3B, with efficiency gains of up to 40% in knowledge work. That value won’t go to organizations that standardize on a single automation philosophy. It’ll go to organizations that build a governance layer thin enough to enable speed and thick enough to maintain control.

Microsoft’s six core capabilities for scaling agent adoption and Anthropic’s plugin catalog are both heading toward the same destination.

The question is whether your organization can move from both directions simultaneously, or whether you’ll pick a lane and wonder why the other half of your workforce isn’t in it.

My original article drew a clean line between two AI philosophies. Reality blurred it in three weeks. What is your organization actually optimizing for when it picks an AI automation platform — control or capability?

References:

Prior articles in this series:

Two Claudes, One Machine. A 20 min setup guide.

Karthik’s AI Wanderlust — Thu, 26 Feb 2026 18:43:21 GMT

Set the environment variable `CLAUDE_CONFIG_DIR` to point at different directories, and Claude Code becomes a different person — different login, different skills, different plugins. I use two terminal apps (Ghostty for personal, Warp for work), each automatically routing to its own config. Shared skills live in a third directory and get symlinked into both. The whole setup takes 20 minutes and runs on about 6 lines of shell config. Full walkthrough below.

I’ve been using Claude Code daily — for personal projects, for work, for the weird late-night “what if I built a...” experiments that never quite turn into anything. And for months, I had a problem that sounds trivial but was quietly driving me nuts: I only had one Claude Code account on my machine, and it was doing double duty.

My work prompts were bleeding into my personal context. Skills I’d built for side projects were showing up at work. My API keys, my MCP servers, my plugins — all jammed into one configuration directory that Claude reads every time it starts up.

I knew I needed to split them. I just didn’t know how Claude Code actually organizes itself on disk, and the docs weren’t making it obvious. So I spent a weekend figuring it out. Here’s what I learned.

The One Thing You Need to Understand

Claude Code stores everything about your account — your login credentials, your settings, your skills, your plugins — in a single directory. By default, that’s ~/.claude/ on your machine.

Here’s what I wish someone had told me upfront: there’s an environment variable called CLAUDE_CONFIG_DIR that tells Claude Code where to look. Change the variable, and Claude becomes a completely different person. Different login, different skills, different plugins. Same machine.

That’s it. That’s the whole trick. Everything else in this post is just making that one idea convenient.

Why Not Just Switch Accounts?

Sure, you can log out and log back in. But if you’re using Claude Code throughout the day — terminal open, context loaded, mid-conversation — logging out destroys all of that. You also lose your plugin configurations, custom skills, and MCP server setups every time you switch.

I wanted something dumber and more reliable. Open one terminal, you’re personal. Open the other, you’re work. No switching ritual.

The Setup: Two Terminals, Two Lives

I use two different terminal apps: one for personal, one for work. This isn’t strictly necessary — you could use one terminal with different profiles — but having two distinct apps makes the boundary feel real. You open the personal terminal and you’re in personal mode. There’s no ambiguity.

Here’s the structure I ended up with:

~/.claude-personal/     <- personal account config, credentials, plugins
~/.claude-work/         <- work account config, credentials, plugins
~/.claude-shared/       <- skills shared between both (symlinked into each)

Step 1: Create the directories

mkdir -p ~/.claude-personal/skills ~/.claude-personal/plugins
mkdir -p ~/.claude-work/skills ~/.claude-work/plugins
mkdir -p ~/.claude-shared/skills ~/.claude-shared/plugins

I started fresh for both — no copying from my existing ~/.claude/. That old config had accumulated cruft (stale plugin references, settings I’d forgotten about), and copying it would have just moved the mess into two places.

Back up your existing config first, though:

cp -a ~/.claude ~/.claude-backup-$(date +%Y%m%d)

Step 2: Set up each account’s config

Each directory needs a settings.json. Here’s a minimal one:

{
  "permissions": {
    "allow": ["WebSearch", "WebFetch"]
  },
  "enabledPlugins": {},
  "effortLevel": "medium"
}

If you use MCP servers, drop an mcp.json in each directory too:

{
  "mcpServers": {
    "your-server": {
      "command": "/path/to/your/server",
      "args": ["mcp"]
    }
  }
}

You can have the same servers in both accounts or different ones. Your call.

Step 3: Route each terminal to the right config

For your personal terminal (I use Ghostty), you can set the environment variable directly in the terminal’s config. In Ghostty, there’s a command option that lets you specify how shells start:

command = /bin/zsh --login -c "CLAUDE_CONFIG_DIR=$HOME/.claude-personal exec zsh"

Every shell that opens in Ghostty now automatically points Claude Code at the personal config.

For your work terminal (I use Warp), I added a block to my ~/.zshrc:

# Warp -> work account automatically
if [[ "$TERM_PROGRAM" == "WarpTerminal" ]]; then
  export CLAUDE_CONFIG_DIR="$HOME/.claude-work"
fi

Warp sets $TERM_PROGRAM to "WarpTerminal" in every shell session. So any shell opened in Warp automatically gets the work config. No extra steps. No remembering.

Step 4: Log in from each terminal

Open your personal terminal:

claude login    # browser opens, sign in with personal account
claude /status  # verify it shows your personal email

Open your work terminal:

claude login    # browser opens, sign in with work account
claude /status  # verify it shows your work email

That’s it. From now on, claude in each terminal knows who it is.

Step 5: Install plugins per-account

One thing that tripped me up: plugins can’t be file-copied between configs. You have to install them through Claude Code, and each install goes into whatever config directory is currently active.

# In your work terminal
claude install frontend-design@claude-plugins-official
claude install swift-lsp@claude-plugins-official

# In your personal terminal
claude install frontend-design@claude-plugins-official

The claude install command automatically updates settings.json for you. Don’t manually edit the enabledPlugins section — I tried, and stale references to plugins that no longer exist caused “plugins failed to load” errors on every startup.

Sharing Skills Between Accounts

This was the part I cared about most. I have skills — sets of instructions and reference files that tell Claude how to do specific things — and some of them are useful everywhere. A research report generator, for instance, is useful at work and at home.

The solution is symlinks. Put the real skill in ~/.claude-shared/, then create symlinks from each account’s skills/ directory:

# Put the skill in shared
cp -a ~/my-useful-skill ~/.claude-shared/skills/

# Symlink into both accounts
ln -sfn $HOME/.claude-shared/skills/my-useful-skill ~/.claude-personal/skills/
ln -sfn $HOME/.claude-shared/skills/my-useful-skill ~/.claude-work/skills/

Now both accounts see the skill. Edit it from either side, and the other picks up changes instantly — because they’re both pointing to the same files.

Important gotcha: symlinks must use absolute paths on your actual machine (like /Users/yourname/...). Relative paths or paths inside sandboxed environments silently fail, and the skill just won’t show up. I lost an hour to this.

For skills that should only exist in one account — say, a company-specific presentation template — just drop them directly in that account’s skills/ folder. No symlink needed.

Skills vs. Commands: When to Use Which

This confused me at first because they live in similar places and do similar-sounding things. But once I understood the difference, I started reaching for the right one instinctively.

A command is a saved prompt. It’s a markdown file that lives in your-project/.claude/commands/ and gets injected into the conversation when you type its name with a slash. I have one called /daily that asks Claude to review what changed in my notes today and surface anything I should act on. The whole thing is a single markdown file — maybe 15 lines of instructions. That’s it. No supporting files, no context beyond what’s in the prompt itself.

A skill is a command with a brain. It lives in your-project/.claude/skills/ (or ~/.claude-{account}/skills/ at the user level) and it’s a folder, not a file. Inside that folder you can put a SKILL.md with instructions, but you can also include reference files, templates, example outputs, knowledge directories — anything Claude should read before doing the work. I have a skill for generating research reports that includes an HTML template, a CSS file for styling, and examples of what good output looks like. Claude reads all of that before it starts writing. A command can’t do that.

The rule of thumb I landed on: if your prompt needs to reference other files to do its job well, make it a skill. If it’s self-contained instructions, a command is simpler and works fine.

A few examples from my setup:

My /daily and /startday prompts are commands. They’re short instructions that tell Claude what to review and how to summarize it. No reference material needed.

My research report generator is a skill. It needs an HTML template, styling rules, and example outputs to produce something that looks professional. A bare prompt wouldn’t get close.

My presentation builder is a skill. It references a corporate slide template file so Claude generates .pptx files with the right fonts, colors, and layouts. Without that template file sitting in the skill folder, Claude would just guess at the formatting.

One more thing worth knowing: commands only work at the project level. You cd into a project, and its commands show up. Skills work at both levels — project-level skills activate when you’re in that directory, and user-level skills (the ones in ~/.claude-personal/skills/ or ~/.claude-work/skills/) follow you everywhere regardless of what directory you’re in.

Understanding the Layers

There’s a subtlety here that took me a while to grasp. Claude Code actually looks for skills and configuration in multiple places, layered on top of each other:

User-level skills (~/.claude-{account}/skills/) — these are what we’ve been setting up. They’re tied to your account and follow you everywhere.

Project-level skills (your-project/.claude/skills/) — these live inside a specific project directory. When you run Claude Code inside that project, these skills activate automatically, regardless of which account you’re using. They’re great for project-specific workflows.

Project-level commands (your-project/.claude/commands/) — similar to skills but simpler. A command is a prompt template that gets injected into the conversation when you invoke it (like /daily or /startday). A skill is richer — it can include reference files, knowledge directories, and scripts alongside its instructions.

The dual-account setup only affects the user level. Project-level skills and commands work exactly the same as before.

The Override Aliases

Most of the time, the terminal-based routing handles everything. But occasionally you need to cross the line — run a personal command from your work terminal, or vice versa. For those moments, I added two aliases to my ~/.zshrc:

alias pclaude='CLAUDE_CONFIG_DIR=~/.claude-personal claude'
alias wclaude='CLAUDE_CONFIG_DIR=~/.claude-work claude'

Type pclaude in any terminal, and it runs Claude Code with your personal config, just for that one session. These are the escape hatches. I use them maybe once a week.

What About Claude Desktop?

Here’s the honest answer: Claude Desktop (and its Cowork mode) doesn’t support CLAUDE_CONFIG_DIR. It manages its own authentication through the app’s UI, and there’s no profile switching — you sign out and sign back in. It’s a known gap, and there’s an open GitHub issue tracking it.

My workaround: I keep Desktop signed into my work account (since that’s where I use it most during the day). For personal GUI access, I use a different client that supports the environment variable.

Not ideal, but functional.

The Gotchas I Hit So You Don’t Have To

Stale plugin references break startup. If enabledPlugins in your settings.json references a plugin that isn’t actually installed, Claude Code throws a “plugins failed to load” error every time. Some plugins that existed a few months ago have been deprecated. Only list what’s actually installed.

Symlinks must use real absolute paths. Not relative paths, not paths from inside a VM or container. The symlink target has to resolve on your actual machine, or Claude Code silently ignores the skill.

Start fresh, don’t copy. Copying your existing ~/.claude/ into the new directories brings along all the accumulated weirdness — broken references, settings you forgot you changed, credentials in the wrong state. A clean start takes five extra minutes and saves hours of debugging.

claude install is the only safe way to add plugins. It handles updating settings.json correctly. Manual edits tend to get the format wrong or reference plugins by their old names.

Is This Worth It?

For me, absolutely. The cognitive load of having one tangled config was small on any given day, but it accumulated. Work plugins showing up in personal projects. Personal skills cluttering my work environment. The nagging feeling that my contexts were cross-contaminating each other.

Now I open Ghostty and I’m home. I open Warp and I’m at work. Same tool, same AI, right context. The whole thing runs on one environment variable and a few lines in my shell config.

The whole setup takes about 20 minutes if you follow these steps. The rollback is trivial — delete the new directories, restore your backup, remove the shell config lines. Low risk, high reward.

Quick Reference Card

The magic variable:

export CLAUDE_CONFIG_DIR="$HOME/.claude-personal"

Directory structure:

~/.claude-personal/          # personal config, credentials, plugins
~/.claude-work/              # work config, credentials, plugins
~/.claude-shared/skills/     # skills symlinked into both

Terminal routing (in ~/.zshrc):

# Route by terminal app
if [[ "$TERM_PROGRAM" == "WarpTerminal" ]]; then
  export CLAUDE_CONFIG_DIR="$HOME/.claude-work"
fi

Override aliases (in ~/.zshrc):

alias pclaude='CLAUDE_CONFIG_DIR=~/.claude-personal claude'
alias wclaude='CLAUDE_CONFIG_DIR=~/.claude-work claude'

Share a skill between accounts:

ln -sfn $HOME/.claude-shared/skills/my-skill ~/.claude-personal/skills/
ln -sfn $HOME/.claude-shared/skills/my-skill ~/.claude-work/skills/

Skills vs. commands:

Command — a saved prompt. Single .md file in project/.claude/commands/. Project-level only. Use when your instructions are self-contained.

Skill — a folder with instructions + reference files. Lives in project/.claude/skills/ or ~/.claude-{account}/skills/. Works at project level or user level (follows you everywhere). Use when your prompt needs templates, examples, or supporting files.

Gotchas:

Symlinks must use absolute paths (/Users/you/...), not relative
Install plugins with claude install, never edit enabledPlugins by hand
Start fresh — don’t copy your old ~/.claude/ into the new directories
Claude Desktop doesn’t support CLAUDE_CONFIG_DIR yet

The key insight came from a post by Jacques Thibodeau about using aliases for multi-account Claude Code, and a GitHub gist documenting the CLAUDE_CONFIG_DIR approach.

The Enterprise Leader’s Guide to AI Benchmarks in 2026

Karthik’s AI Wanderlust — Mon, 23 Feb 2026 13:03:17 GMT

TL;DR: Most AI benchmarks are saturated, contaminated, or gamed. The three that matter most for enterprise are SWE-bench (code), SimpleQA (hallucination rate), and BFCL (tool use). No single model wins everywhere — and model choice is probably the least important decision in your AI strategy.
Scroll to the Quick Reference Card at the bottom for a one-table cheat sheet.

Why this guide exists

AI benchmarks were supposed to make model selection straightforward: run standardized tests, compare scores, pick the winner.

That’s not how it works. The benchmark field in early 2026 has four structural problems, and ignoring any of them means making procurement decisions on bad data.

Saturation. MMLU, HumanEval, and AIME 2025 have ceiling scores across frontier models. When every contender scores 89-94%, the benchmark stops discriminating. Stanford’s 2025 AI Index confirmed it: MMLU no longer separates frontier models from each other.

Contamination. StarCoder-7b scored 4.9x higher on leaked benchmark data versus clean data. ARC benchmarks showed 23.6% score inflation from training set overlap.

A February 2025 interdisciplinary review (arXiv 2502.06559) adds a systemic finding: only 9 of 30 major models publicly report train-test overlap — and every lab uses a different detection method. Cross-model comparison is fundamentally unreliable.

Gaming. Selective model submissions inflate leaderboard scores by up to 100 points. Labs submit their best variant to each benchmark, cherry-pick the ones where they lead, and bury the rest.

The data wall. Epoch AI predicts the industry will exhaust all high-quality human text on the internet by 2026-2028. When that happens, model training shifts to synthetic data — data generated by other models.

Early research shows this risks “model collapse,” where outputs become increasingly homogeneous and detached from real-world distributions. Benchmarks trained on today’s data may not predict tomorrow’s model behavior.

Benchmarks aren’t useless. But you need to know which ones carry signal and which are marketing material. This guide covers every major benchmark an enterprise buyer will encounter, rates each for enterprise relevance, and gives you a framework for using them in procurement and evaluation.

A word on price before we get into this

Model performance is converging. Model costs are collapsing. Both facts change how benchmarks should influence your decisions.

Inference cost collapse

The cost of running AI models has fallen faster than almost anyone predicted:

GPT-3.5 equivalent inference: $20.00 per million tokens (late 2022) to $0.07 per million tokens (late 2024) — a 280x reduction in two years.
Hardware efficiency: Energy efficiency per inference is improving roughly 40% year-over-year.

When inference was expensive, selecting the cheapest model that met your threshold made sense. When inference is nearly free, the question shifts: which model produces the fewest errors that require human correction?

A model that costs 3x more per token but halves your error rate will almost always win on overall cost. The old procurement question was “which model is cheapest per token?” The new one is “which model costs least per correct output?”

Model convergence

The performance gap between model tiers is narrowing fast:

Open-weight vs. proprietary gap: Over 8% in early 2024, down to 1.7% in early 2025.
Top-1 vs. Top-10 Elo gap: 11.9% to 5.4% in the same period.
US vs. Chinese model gap on HumanEval/MMLU: 31+ points to near parity.

When the performance delta between the best model and the tenth-best is 5%, vendor lock-in becomes riskier than model choice. Build for portability.

Current pricing landscape

Prices as of February 2026. Last verified: 2026-02-21.

The pricing story has flipped completely since 2024. The old premium-vs-budget calculus is gone.

Gemini 3.1 Pro (released February 19) matches or beats GPT-5.2 on several reasoning benchmarks at $2/M input versus $1.75/M.
DeepSeek V3.2 delivers roughly 90% of GPT-5.2’s performance at about 1/50th the cost.
Claude Opus 4.6 (released Feb 4) dropped from $15/M to $5/M while adding a 1M-token context window.

The meaningful price split now isn’t premium vs. mid-tier — it’s Western frontier vs. DeepSeek. If your data governance and compliance posture allows it, DeepSeek V3.2 at $0.27/M changes the math on almost every high-volume workload. If it doesn’t, Gemini 3.1 Pro is the best value in the Western tier.

For 80% of enterprise workloads, the mid-tier model is still the right call — it’s just that mid-tier is now dramatically cheaper and more capable than it was 12 months ago.

What the benchmarks actually tell us

Enterprises consistently focus on the wrong benchmarks. Here’s what matters for actual business decisions.

General-purpose benchmarks

The benchmarks that matter most for enterprise are the ones you’ll never see in a vendor pitch deck. SWE-bench tells you whether a model can actually fix real code. SimpleQA tells you how often it hallucinates — the single most important metric for any regulated industry. BFCL measures whether a model can call tools and chain actions, which is the foundation of every agentic workflow your organization will build in the next two years.

MMLU, the number you’ll see most often, tells you almost nothing.

METR measures how long a task an AI agent can reliably finish without human help — real-world autonomy, not exam performance. The metric is the human expert task duration at which the model succeeds 50% of the time.

GDPVal evaluates AI output against human expert output head to head across 44 professional occupations and 9 industries. It measures whether AI can actually do jobs, not just answer questions about them.

Agentic AI benchmarks

BFCL and METR measure whether a model can use tools and complete tasks. This category goes further — it puts agents inside real operating environments and measures whether they can navigate the messy, multi-step reality of actual computer use, customer interactions, and enterprise API chains. These are the benchmarks that matter if you’re building anything autonomous.

The OSWorld gap is the biggest story in agentic benchmarking right now. Claude Opus 4.6 scores 72.7% on OSWorld — computer-use tasks requiring real GUI navigation across apps and browsers. GPT-5.2 scores 38.2% on the same benchmark. That’s not a rounding error. It means if you’re building an agent that operates a computer rather than just generating text, model choice matters a lot more than the frontier snapshot table suggests.

τ-bench reveals a different truth. Claude Opus 4.6 hits 91.9% on the Retail scenario — meaning agents can handle the overwhelming majority of real customer service interactions without escalation. That’s deployable. Most enterprise leaders evaluating AI for customer ops are still running pilots based on chatbot demos. τ-bench is the eval that tells you whether you can actually put it in production.

So who’s actually winning? It depends entirely on what you’re measuring.

Frontier model performance snapshot (February 2026)

No single model dominates every dimension. Gemini 3.1 Pro leads on reasoning and factuality. Claude leads on code, computer use, and agentic tasks — the 72.7% vs 38.2% OSWorld split between Claude Opus 4.6 and GPT-5.2 is the largest capability gap between frontier models in any current benchmark. GPT-5.2 leads on professional work quality (GDPVal) and math.

The right model for your organization depends entirely on what you’re building — and that’s a question no leaderboard can answer for you.

Notes on the snapshot table:

[a] BFCL score reflects Claude Opus 4.1, the most recent Claude submission to the leaderboard at time of publication. Opus 4.6 has not yet been formally benchmarked on BFCL.

[b] SimpleQA score of 72.1% is confirmed for Gemini 3 Pro (released November 2025); Gemini 3.1 Pro leads on factuality across available evaluations but a formally published 3.1 Pro score was not available at time of publication. Verify against Google DeepMind’s current benchmark data.

[c] METR time horizon estimate for Claude Opus 4.6 (~14.5 hrs) is preliminary and noted as high-variance by METR. Gemini 3.1 Pro clocks ~11 hrs at the same threshold. The metric measures human expert task duration at which the model succeeds 50% of the time — a fundamentally different signal than accuracy scores.

[d] GDPVal scores: Claude Opus 4.5 at 59.6%, Gemini 3 Pro at 53.5% win-or-tie rate vs. human experts. GDPval-AA Elo (Artificial Analysis agentic version): Claude Sonnet 4.6 leads at 1633, Claude Opus 4.6 at 1606.

General benchmarks give you a starting point. But if you’re in financial services, they’re not enough.

Financial-specific benchmarks

General benchmarks are insufficient for financial services. The real question is whether a model can handle the specific reasoning that financial work demands: numerical extraction from dense filings, multi-step calculations with verifiable logic, temporal reasoning across reporting periods, and regulatory interpretation.

A new class of domain-specific benchmarks has emerged. Most enterprise leaders haven’t encountered them yet.

The TAT-QA reality check

Here’s the number that should make your procurement team uncomfortable: TAT-QA tests models on real SEC filings where the answer requires combining information from tables and surrounding text — exactly what financial analysts do every day. Human expert F1 score: 90.8%. At publication, top models struggled below 60% — current frontier models score higher, but the human gap remains significant. That gap tells you more about AI readiness for financial document processing than any MMLU score ever will.

XFINBENCH scores

Note: XFINBENCH is an academic benchmark; formal evaluations of current frontier models (GPT-5.2, Claude Opus 4.6, Gemini 3.1 Pro) haven’t been published yet. Scores below are from the original paper — treat them as a baseline for the human gap, not a current model ranking.

Human experts still outperform those 2024-era models by 12+ points on overall financial reasoning. Current frontier models will score higher — but the pattern that matters is unlikely to change: statement judging approaches human performance, quantitative reasoning does not. Model selection matters far less than whether your workflow can handle the cases the model gets wrong.

Models can tell you if a financial statement is wrong. They can’t reliably do the math to prove it. Statement judging — is this financial claim true or false? — is the one area where models approach human performance. Quantitative reasoning, the thing that actually matters for trading, risk, and compliance, is where they struggle.

Use case mapping

Here’s how to connect benchmarks to the enterprise functions where AI is creating real value in financial services.

Algorithmic trading and quantitative research

Relevant benchmarks: SWE-bench Verified (code reliability), XFINBENCH (financial calculation with chain-of-thought), FinChain (verifiable reasoning traces).

Can the model generate trading logic with auditable reasoning? Can it maintain accuracy across multi-step calculations? Agentic AI in payments is already routing decisions in under 200ms. The threshold here isn’t accuracy in isolation — it’s latency-adjusted accuracy. FinChain’s executable Python traces give you something the other benchmarks don’t: a verifiable audit trail from input to output — which is increasingly a regulatory expectation, not just a nice-to-have.

Risk and fraud detection

Relevant benchmarks: GPQA Diamond (adversarial reasoning), HLE (frontier reasoning under uncertainty), HELM (robustness and bias evaluation).

Adversarial robustness matters more than raw accuracy. A fraud detection model that scores 95% but fails predictably on adversarial inputs is worse than one that scores 90% with graceful degradation. Fraud detection is the top AI use case across financial services respondents (NVIDIA, 2026). The question is whether their evaluation framework catches the failure modes that matter.

Intelligent document processing

Relevant benchmarks: TAT-QA (hybrid table/text from SEC filings), FinQA (numerical extraction from earnings), DocVQA (document visual QA).

Test against real financial documents with mixed tables and narrative text. If a model can’t outperform 60% F1 on TAT-QA, it’s not ready for production document processing without heavy human oversight. Period. DocVQA adds a visual layer — can the model parse scanned documents, not just clean text? For organizations still processing paper-heavy workflows, this is the benchmark that predicts real throughput improvement.

Wealth management and advisory

Relevant benchmarks: ConvFinQA (multi-turn financial dialogue), Chatbot Arena (human preference in conversation), FLaME (financial language fluency).

Can the model maintain financial accuracy across a multi-turn conversation? Can it correct its own errors when challenged? A model that gives a perfect single answer but loses context on follow-up questions will frustrate advisors within a week.

Agentic workflows (cross-functional)

Relevant benchmarks: BFCL (function calling), SWE-bench Verified (code execution), SimpleQA (factual grounding), METR (task autonomy), OSWorld (computer use), τ-bench (domain agents), Scale SEAL Agentic Tool Use Enterprise (API chains).

A significant share of financial industry respondents are already using or assessing agentic frameworks, with agentic AI ranking among the fastest-growing use case categories (NVIDIA, 2026). The evaluation stack for agentic systems has three layers — and most organizations are only looking at the first one.

Layer 1 — Tool calling. BFCL: can the model call the right API, with the right parameters, at the right time? A 70% BFCL score means 30% of tool calls fail. For autonomous agentic systems, that failure rate requires robust fallback design, not just monitoring.

Layer 2 — Real environment operation. OSWorld and Terminal-Bench measure whether an agent can actually navigate a computer, not just generate instructions about it. Claude Opus 4.6 at 72.7% on OSWorld versus GPT-5.2 at 38.2% is the kind of gap that determines whether your computer-use agent ships or sits in a demo. τ-bench (tau-bench) tests agents inside domain-specific customer service scenarios with real policy documents and tool calls — Claude hits 91.9% on the Retail scenario.

Layer 3 — Autonomous task completion. METR’s time horizon asks: how long a task can the model complete without human intervention? Claude Opus 4.6 at ~14.5 hours means it can reliably handle tasks that would take a human expert most of a workday. That number has been doubling every 7 months for six years. The METR score tells you how much human oversight your agentic workflows actually need — which is a design question no accuracy benchmark can answer. The philosophical divide between Microsoft and Anthropic on this is worth understanding before you architect your stack.

The explainability trade-off

Reasoning models — o3, GPT-5.2 Thinking, Gemini Deep Think, models that “think” before answering — are measurably more capable. They score higher on GPQA Diamond, XFINBENCH, and other reasoning-heavy benchmarks. They’re also more opaque. The chain-of-thought that makes them powerful makes them harder to explain to a regulator.

For regulated industries, this creates a direct conflict between performance and compliance. The best-performing model may not be the one you can deploy.

Decoupling generation from execution

The practical answer: decouple AI generation from deterministic execution. Let the model reason and recommend. Have deterministic systems validate the output before it touches a customer, a trade, or a filing. Benchmark the model on accuracy. Benchmark the system on reliability. They’re different questions with different acceptable failure rates.

The measurement problem

Eighty-eight percent of organizations are now using AI — and nearly two-thirds can’t get past the pilot stage. That’s not a model problem. It’s a measurement problem — and more often than not, a skills problem.

80% of AI value comes from redesigning the work, not picking a better model. The delta between a 90% MMLU score and a 92% score will never matter as much as whether you’ve redesigned the workflow around the AI or bolted it onto the existing one. Individual workers are already figuring this out — the gap is at the organizational level.

Organizations with structured ROI measurement frameworks report 5.2x higher confidence in their AI investments (Second Talent, 2026). Ninety-two percent of early technology adopters report positive ROI, with average returns of 192%. The common factor isn’t which model they picked. It’s that they built measurement into the deployment from day one. The ones still struggling aren’t lacking tools — they’re lacking the internal capability to use them.

Mid-market Large enterprise Pilot → production 90 days 9+ months Average ROI 35% Varies widely What’s different Pick a threshold, test, ship Form a committee

Sapphire Ventures predicts that by 2026, enterprise evaluations will move toward private, grounded benchmarks built on proprietary data that reflect actual business processes. Your data quality, workflow integration, and measurement discipline will drive differentiation — not a two-point lead on a public leaderboard.

What to do with this

The model choice is probably the least consequential decision in your AI strategy. Work redesign, data quality, integration depth, and measurement discipline will determine 80% of the outcome.

Do this now. Identify the three to five workflows where AI creates the most value in your organization. For each one, define what “good” looks like in terms your business cares about: resolution rate, error rate, cycle time, customer effort. These are your private benchmarks.

Before the end of Q1, run your top two model candidates against your actual workload. Not a vendor demo. Not a public benchmark. Your data, your edge cases, your failure modes. The results will look nothing like the leaderboard — that’s the point. Given model convergence, also test whether you can swap models without rebuilding your pipeline. The ability to swap is not a nice-to-have — because if you’re locked into one vendor and they raise prices or get outcompeted, you’re stuck rebuilding from scratch.

If you’re building anything in financial services, stop evaluating against MMLU. Map your use cases to TAT-QA, FinQA, and XFINBENCH. The domain-specific benchmarks above exist precisely because general benchmarks don’t predict financial task performance.

If you’re in a regulated industry, start aligning your AI evaluation process with the US Treasury FS AI RMF now. Don’t wait for OSFI E-23 to take effect in May 2027. The organizations that treat regulatory compliance as a design constraint rather than an afterthought will move faster, not slower — because they won’t be rebuilding governance frameworks under deadline pressure.

Build your own benchmark. GDPVal points the direction. OpenAI built it by asking what actual knowledge workers produce — legal briefs, engineering blueprints, care plans — and measuring AI output against human expert output head to head. GPT-5.2 Thinking wins or ties against human experts 70.9% of the time across 44 professional occupations. That’s the kind of measurement that translates to a hiring or workflow decision. Take your five highest-volume, highest-stakes work products and run your model candidates against them. That’s your benchmark. Everything else is someone else’s leaderboard.

The labs are optimizing for the leaderboard. You should be optimizing for your customers. Those are different problems.

A note on the numbers: Benchmark scores, pricing, and adoption statistics in this article are drawn from publicly available sources and reflect information available at time of publication (February 2026). The AI landscape moves fast — specific scores may have shifted, pricing will have changed, and some benchmarks cited here may already be saturated or superseded. The figures are illustrative of broader patterns and directional trends, not precision instruments. Verify against current vendor documentation and primary sources before making procurement decisions.

Quick Reference Card

Screenshot this. Share it in Slack. Tape it to the wall next to the vendor pitch deck.

References

Microsoft wants to schedule your AI. Anthropic wants to make scheduling obsolete.

Karthik’s AI Wanderlust — Sat, 21 Feb 2026 19:27:41 GMT

Both companies shipped updates to the same problem this week. Same problem, opposite logic. That gap will determine which of your people thrive with AI and which ones quietly route around what you bought.

Microsoft’s bet: cron jobs for knowledge workers

Microsoft isn’t testing one feature. They’ve shipped a philosophy.

AI Workflows in Teams went GA with scheduled prompts that run on predetermined cadences and deliver results to channels, chats, or individual users: automated status reporting, meeting support, information distribution, compliance monitoring, knowledge management. Full admin controls for permissions, data sources, execution monitoring, and DLP policies.

January’s Copilot updates added Agent Mode that edits documents, spreadsheets, and presentations directly. Voice Memory for persistent context. New Purview security integration.

TestingCatalog spotted “Tasks” in testing: three agent modes (Researcher, Analyst, Auto) with one-time, daily, weekly, and monthly scheduling. Output quality rated “notably high” for slides and web-based reports.

Identify repeatable work, define a cadence, let agents run. Cron for AI, production-ready in Teams.

Anthropic’s bet: context that accumulates

Sonnet 4.6 launched the same week with a different premise.

In head-to-head blind evaluations, users preferred Sonnet 4.6 over its predecessor 70% of the time. They preferred it over Opus 4.5, a model priced five times higher, 59% of the time on tasks where the older model tended to overcomplicate instructions. That’s Opus-class output at $3 per million input tokens.

Sonnet 4.6 improved 15 points over its predecessor on heavy reasoning Q&A across real enterprise documents — contracts, regulatory filings, policy stacks with cross-references buried three levels deep. I don’t focus too much on benchmarks but it was hrad to ignore half a trillion dollars in SaaS stocks vanishing with the Anthropic plugins made an appearance.

For those of us in insurance, 94% accuracy on insurance benchmarks for computer use workflows is what changes the math. The model navigates quoting systems, claims platforms, and multi-step web forms at near-human accuracy.

In an industry where most AI pilots die on “our systems don’t have APIs,” 94% means the no-API excuse runs out.

MCP connector support now integrates directly with S&P Global, LSEG, and Moody’s from inside Claude. Context compaction keeps 200+ message sessions coherent. The Vending-Bench benchmark showed the model planning 10 months ahead with strategic pivots mid-execution.

No scheduling. No mode switching. Context accumulates. The model adapts.

Microsoft is building for how enterprises buy. Anthropic is building for how work gets done.

88% of organizations use AI. 39% see zero EBIT impact. That gap isn’t a deployment problem. It’s an architecture problem.

Microsoft says the gap closes by scheduling discrete tasks at fixed intervals. Anthropic says it closes by maintaining continuous context and letting the model figure out what’s relevant.

People abandon AI at three weeks because they lack the judgment to use it well. The ones who don’t abandon it route around official systems. 78% use unapproved tools. The ones who stick are driven by intrinsic desire to expand their capabilities, not by mandates.

Those secret cyborgs aren’t scheduling their AI. They’re maintaining threads that run across days, projects, shifting priorities.

Because most knowledge work isn’t a fixed task on a fixed schedule. “Every Monday at 9, generate this report” covers maybe 15% of what a knowledge worker does.

The rest is three projects evolving at once, priorities shifted Tuesday, something a client said last week that just became relevant to a decision due Friday. Scheduled agents are just the tip of the iceberg.

Continuous reasoning carries a lot more weight.

The split that explains the shadow AI problem

Microsoft’s approach fits enterprise procurement. Clear permissions model, predictable cost structure, runs on the existing Microsoft stack.

Anthropic’s approach fits how work actually happens. Context accumulates instead of resetting. The model adjusts to changing priorities without rescheduling.

Computer use works with any tool, not just Microsoft apps. And Opus-class performance at Sonnet pricing is hard to argue with on a per-task basis.

80% of office workers use AI. Only 22% use employer-provided tools. They’re maintaining context across conversations, across projects, across weeks. Because that’s how their work actually runs.

The shadow AI economy exists because the tools the governance team approved solve the wrong problem or solve a fraction of the problem statement.

What leaders should do with this

Most enterprises will run both architectures.

Scheduled agents for compliance reporting, routine metrics, fixed-cadence communications.

Continuous reasoning for strategic planning, complex investigations, anything where priorities shift faster than schedules update.

Which one wins matters less than which one your organization defaults to when no one’s made the choice explicit. That default tells you whether you’re designing for governance or for output.

Watch what your best people actually do. If they’re requesting scheduled Copilot agents, they think in fixed workflows. If they’re building multi-day AI threads, they think in accumulated context. The behavior tells you which architecture your culture will use regardless of what you procure.

Decide what you’re optimizing for. Scheduled agents are auditable and easier to explain to regulators. Continuous reasoning produces better results but requires trusting the model with more context. Deloitte found 33% of enterprises are positioned to realize AI productivity gains.

The scheduled-vs-continuous default is probably part of the reason why that number isn’t higher.

Organizations with the judgment skills gap will default to scheduled tasks because “run this report every Monday” is teachable.

“Maintain strategic context across weeks” doesn’t come naturally. But the people with intrinsic drive to expand their capabilities are already operating in continuous mode, outside your approved systems, getting results you’re not measuring.

You can buy scheduled agents and feel good about governance. Or you can acknowledge that your best people are already reasoning continuously, and build a system that makes that visible instead of invisible.

Your shadow AI isn’t a compliance problem. It’s a signal about the gap between what you approved and what work actually demands.

References:

“AI native” is not a generation. It’s a drive.

Karthik’s AI Wanderlust — Tue, 17 Feb 2026 13:03:26 GMT

I’ve watched the same pattern transpire where I work: some people hit the three-week wall with AI and quit. Others never stop.

The difference isn’t age, technical background, or job title.

The first article in this series showed employees abandon AI at three weeks because they lack judgment skills.

The second showed 78% route around official tools because approved paths don’t work. Both true. Both symptoms. The underlying condition is motivation, specifically what kind.

The people who stick share an orientation toward their own capabilities: they want to expand what they can do, not just finish what’s on the list.

The generation myth doesn’t hold

The tech industry loves generational labels. “Gen Z is AI native.” “Millennials are digital natives.” Intuitive. Mostly wrong.

HBR reported in January 2026 that openness to experience, not age, is the strongest predictor of AI success. People high in openness treat AI as a multiplier. People low in openness experience it as a threat, regardless of age.

A Medium analysis of adoption patterns found that millennials, not Gen Z, integrate AI most consistently into real work deliverables (90% workplace comfort). Gen Z uses more tools but inconsistently. They juggle apps. Millennials build habits. Expertise comes from consistency, not frequency.

McKinsey identifies four foundational AI mindsets: curiosity, adaptability, responsibility, and human-centered thinking. All learnable. None age-dependent.

If “AI native” were generational, the youngest workers would dominate adoption metrics. They don’t.

What actually predicts who sticks

Self-determination theory identifies three psychological needs that drive sustained engagement: autonomy, competence, and relatedness.

A 2025 Nature study found that intrinsic motivation to learn AI is the strongest predictor of sustained adoption. Not mandates. Not incentives. Not training budgets. The internal drive to get better because it expands your sense of what’s possible.

The people who push through the three-week wall aren’t more disciplined. They experience AI differently. A reluctant user sees “another tool I have to learn.” The intrinsically motivated user sees “I can rethink this entire problem.”

Ethan Mollick’s research at Wharton found lower-skilled workers see 40%+ productivity gains with AI, and the expertise threshold is about 10 hours of deliberate use. Less than two weeks of 45-minute daily experiments. The wall isn’t difficulty. It’s whether someone has internal motivation to put in those 10 hours when nobody’s making them.

The shadow AI economy from article two makes more sense now. Those 78% using unapproved tools aren’t natural rule-breakers. Their intrinsic motivation to expand capabilities outweighs the friction of official channels. They found a way because they wanted to, not because someone told them to.

Identity, not tools

“AI native” is not a demographic. It’s a relationship with your own capability.

Scaled Agile draws the distinction between “thinking with AI at the core” versus “using AI to optimize existing work.” Google Cloud describes the AI-native mindset as first-principles reimagining, not tool familiarity.

Two people, same task:

Tool user: “I have a report to write. Can AI help me write it faster?”

AI native: “I need to inform a decision. If I started this problem from scratch today, knowing what AI can do, how would I approach it differently?”

The first person saves time. The second person changes outcomes. Not because they attended better training, but because expanding their capability is inherently satisfying.

Research on AI attitudes confirms this: curiosity combined with autonomy and expanding capability predicts sustained engagement. Extrinsic pressure (compliance mandates, top-down directives) correlates with abandonment at three weeks. The interventions organizations use to drive adoption kill it.

What this means for leaders

You can’t mandate someone into wanting to expand their capabilities.

The usual playbook (mandates, KPIs, training compliance) is counterproductive for the people you most need to reach.

McKinsey found that organizations with senior leaders actively role-modeling AI use are 3x more likely to capture AI value.

Not leaders who approve AI budgets.

Leaders who visibly use AI, share what they’ve learned, and treat their own skill-building as ongoing.

This month:

Identify who already has the drive. They’re in the shadow AI economy. They ask “what if we approached this differently” in meetings. They kept going after week three. Build from them outward, not top-down.

Stop measuring adoption by logins. “How many people used the tool” is vanity. “How many people solved a problem differently than they would have six months ago” is signal.

This quarter:

Design AI enablement around autonomy, not compliance. Give people problems to solve, not tools to use. Let them choose their path. Autonomy drives sustained engagement.

Create spaces for relatedness. People sustain motivation when connected to others doing the same thing. Internal communities, shared experiments, visible peer learning. Regular, structured time for people to show each other what they’ve figured out.

Reward the mindset, not just the output. When someone rethinks a process from first principles using AI, celebrate the thinking, not the efficiency gain.

The trilogy:

People quit AI because they lack judgment skills (article one).
The ones who don’t quit route around broken systems (article two).
Some people push through and others don’t based on an intrinsic drive to expand what they’re capable of (this article).

That drive isn’t generational, demographic, or something you can mandate.

You can create the conditions where it exists. Or you can keep running adoption campaigns that produce three weeks of excitement and a year of abandonment.

The choice isn’t whether to invest in AI adoption. It’s whether you’re willing to admit that the problem isn’t tools, training, or budgets. It’s that you’ve been trying to force a behavior that only works when it’s chosen.

What made you stick with AI past the point where it stopped being easy? I’d like to hear what kept you going.

References:

Google Cloud, “Cultivating an AI-Native Mindset”

HBR, “How Gen Z Uses Gen AI — and Why It Worries Them” (Jan 2026)

Medium, “The 62% AI Paradox” (2026)

Scaled Agile, “What Is AI Native?”

Nature, “Self-Determination Theory and AI Learning” (2025)

Nature, “Positive Attitudes and AI Adoption” (2025)

McKinsey, “Human Skills for the AI Workplace” (2026)

McKinsey, “The State of AI” (Nov 2025)

Ethan Mollick, “The Cybernetic Teammate”

CIO Magazine, “Shadow AI and Enterprise Leaders” (Jan 2026)

Deloitte, “State of AI in the Enterprise” (2026)

Secret Cyborgs Are Already Running Your Company

Karthik’s AI Wanderlust — Sun, 15 Feb 2026 14:02:52 GMT

Someone in your organization is pasting sensitive client data into ChatGPT to meet a deadline right now. They know it’s against policy. They’re doing it anyway. Their manager, who does the same thing, won’t stop them.

This is how most enterprises actually operate in 2026.

I’ve spent twenty six years watching gaps between what organizations claim and what they do. This one is the widest I’ve ever seen.

The official story is governance frameworks and approved tool lists. The real story is tens of thousands of employees building a parallel AI economy in the shadows because the official one doesn’t work fast enough.

The numbers don’t add up

Start with the headline: 88% of organizations now use AI in at least one business function, according to McKinsey’s November 2025 State of AI report.

Sounds like progress.

Then look at the next number: nearly two-thirds haven’t moved AI beyond experimentation, and 39% report zero impact on EBIT.

88% adoption. 39% seeing no financial impact.

That’s not a growing pain. That’s a system-level failure.

The people actually getting value from AI? They’re hiding it.

Your best people are quietly solving problems your approved stack can’t touch.

This isn’t a security problem. It’s a management problem.

The instinct is to treat shadow AI as a compliance threat. The security numbers back that up:

60% of organizations have had at least one data exposure incident from employee AI use.
Shadow AI incidents now account for 20% of all data breaches, costing $4.63 million on average versus $3.96 million for standard breaches.

Real risks. No question.

But locking down AI access is like banning smartphones in 2012. You’re fighting the tide while your competitors learn to swim in it.

Employees are telling you — through their behavior — that your official AI strategy doesn’t solve their actual problems.

74% of workers say their employer’s AI training is “average to poor.”
Only 13% have received any AI training at all, even though 55% want more.
52% have received zero guidance on safe AI use.

We told people to use AI. Didn’t train them. Didn’t give them safe tools. Didn’t even define what “safe” looks like. Then we acted surprised when they improvised.

The leadership problem

Shadow AI isn’t a frontline issue. It starts at the top.

CIO Magazine reports that executives are “major culprits” in shadow AI use. BCG found that 78% of managers use AI regularly, compared to just 51% of frontline employees. The people writing AI policy are the ones ignoring it.

Leadership pushes AI adoption targets while quietly using whatever tools they want. Middle management follows suit. Frontline employees get the message: results matter more than rules.

The governance infrastructure? It barely exists.

Do the math. If 72% say they’ve scaled AI but only 33% have governance, roughly 40% of enterprises are running AI at scale with no guardrails.

That’s not adoption. That’s organized chaos.

What this means for leaders

The secret cyborg economy isn’t going away.

Global AI spending hits $2.5 trillion in 2026, up from $1.7 trillion in 2025. Enterprise LLM spending jumped 180%, from $2.5 million to $7 million on average.
62% of organizations are experimenting with AI agents.

Shadow AI will get worse before it gets better.

You have two choices. Fight it with more policies nobody follows. Or build a system that makes the official path faster and safer than the shadow one.

Start here!

This month:

Run an anonymous audit. Find out what tools people are actually using. Not to punish — to learn. The gap between your approved list and reality is your strategy’s report card.

Update your acceptable use policy. If you’re in the 85% that hasn’t, you’re governing AI with rules written for a pre-AI world.

This quarter:

Close the training gap. Deloitte’s 2026 report calls the AI skills gap — not technology — the biggest barrier to integration. Yet only 28% of tech organizations plan upskilling investments, even though 80% say it’s the most effective intervention.

Train people on judgment and AI intuition, not just prompting.

Make governance a product, not a policy. Build an internal AI platform that’s genuinely easier to use than ChatGPT with a personal login. If your secure option requires three approvals and a ticket, you’ve already lost.

Hold leadership accountable first. If executives won’t use the approved tools, nobody else will either. Model the behavior before mandating it.

The organizations that figure this out won’t just reduce risk. They’ll capture the productivity gains currently leaking through shadow channels — gains that Deloitte says only a third of enterprises are positioned to realize.

The ones that don’t will keep writing policies nobody reads, for tools nobody uses, while the real AI economy hums along in browser tabs that close before the boss walks by.

Is shadow AI a problem in your organization — or a signal?

References: