Dev Weekly Apr 27-May 3, 2026: Microsoft-OpenAI Split, AWS Bedrock GPT-5.5, Pentagon AI Deals, Apple $111B

A heavy week even by 2026 standards. The biggest story is structural. Microsoft and OpenAI rewrote their partnership on April 27 in a way that ends Microsoft’s exclusivity, removes its revenue share to OpenAI, and clears the legal path for OpenAI’s $50 billion AWS deal. The next day AWS shipped GPT-5.5 and Codex on Bedrock. The Pentagon then signed eight tech companies onto classified networks but left Anthropic out. Earnings season closed with Apple at a record, Microsoft Azure up 40 percent, and Alphabet Cloud up 63 percent. On the dev side Cursor opened up its agent runtime as a TypeScript SDK, Warp open sourced its IDE, Sentry shipped a debugger that works in plain English, OpenAI dropped a coding agent orchestration spec called Symphony, IBM put out Granite 4.1, and Nvidia released Nemotron 3 Nano Omni. The Linux kernel had its worst week in years with a nine year old root bug going public, cPanel patched a 9.8 auth bypass that had been exploited since February, and a fresh npm worm hit official SAP packages. Here is the full picture.

Top Stories This Week

Microsoft and OpenAI Restructure Their Partnership -

On April 27, Microsoft and OpenAI announced a renegotiated deal that resolves the legal cloud over OpenAI’s $50 billion AWS commitment. The shape of the relationship is now very different.

What changed:

Microsoft’s license to OpenAI IP is non exclusive through 2032 instead of unlimited. OpenAI products will still ship first on Azure but can now be served on any cloud. Microsoft is no longer paying OpenAI a revenue share, while OpenAI keeps paying Microsoft a revenue share through 2030. Microsoft is also released from any potential lawsuit over OpenAI’s exclusive AWS deal for its Frontier agent making service. OpenAI itself converted to a public benefit corporation as part of the change.

Why it matters:

This is the end of the closed loop that defined Big Tech AI from late 2022 through 2025. OpenAI is now allowed to ship on AWS, Google Cloud, and Oracle as a first class citizen. Microsoft keeps the Azure relationship but loses the lock. For developers building on top of OpenAI APIs the practical change is that you should expect Codex, ChatGPT, and the Frontier agent stack to start showing up everywhere within weeks. The first proof of that arrived 24 hours later on Bedrock.

AWS Lights Up OpenAI Models, Codex, and Managed Agents on Bedrock -

On April 28, AWS announced that OpenAI frontier models, the Codex coding agent, and Amazon Bedrock Managed Agents are now available on Amazon Bedrock in limited preview.

What is in the box:

GPT-5.5 and the rest of the OpenAI frontier family run through the same Bedrock APIs you already use for Claude, Llama, and Nova. Codex is available through Bedrock via the CLI, desktop app, and VS Code extension. Amazon Bedrock Managed Agents are powered by OpenAI and ship with individual identities, full action logging, and inference that stays inside your AWS account.

Why it matters:

The release directly tests the new Microsoft deal. Within a day of the partnership change, GPT-5.5 stopped being an Azure exclusive. Models inherit Bedrock controls like IAM, PrivateLink, guardrails, encryption, and CloudTrail. The Register called it OpenAI climbing out of Microsoft’s bed and into AWS’s. For enterprises with AWS commitments, Codex and OpenAI usage now counts toward those contracts. Over 4 million people use Codex weekly so this is not a small SKU.

Pentagon Signs Eight Big Tech Vendors for Classified AI -

On May 1, the Pentagon announced agreements with eight tech companies to deploy AI on Impact Level 6 and Impact Level 7 classified networks. The companies are Microsoft, Amazon Web Services, Google, OpenAI, Nvidia, SpaceX, Oracle, and Reflection AI.

Scope:

IL6 and IL7 are the highest classification tiers. The Pentagon framed the systems as supporting decision superiority across all domains of warfare, including potential targeting and combat use. The official framing is that vendor diversification prevents lock in. Over 1.3 million DoD personnel already use the unclassified GenAI.mil platform.

The Anthropic gap:

Anthropic is not on the list. The Trump administration tried to designate the company a supply chain risk earlier this year after it refused to remove safety guardrails for autonomous weapons and mass surveillance. A federal judge blocked the ban in March, but Anthropic still got cut from this round. The White House has reportedly reopened conversations after the Mythos cybersecurity launch.

This is the largest single jump in classified AI procurement in US history. Whatever your take on military AI, this week was the moment the policy turned operational.

Apple Posts Best March Quarter Ever -

On April 30, Apple reported record fiscal Q2 2026 results with $111.2 billion in revenue, up 17 percent year over year, and $2.01 in diluted EPS, up 22 percent.

The headline numbers:

iPhone revenue hit $57 billion, a March quarter record and up 22 percent on what Tim Cook called the most popular lineup in Apple history. Services revenue set an all time high at $30.98 billion. Mac came in at $8.4 billion, iPad at $6.91 billion. All five geographic segments posted double digit growth, with Greater China up 28.1 percent.

Forward look:

Apple guided Q3 revenue growth of 14 to 17 percent, almost double the 9.5 percent Wall Street consensus. The board authorized a $100 billion share buyback. Cook said demand was off the charts but supply was constrained by advanced chip nodes at TSMC where the A19 and A19 Pro are made. Memory price inflation will hit margins in upcoming quarters.

Wider earnings context:

Microsoft reported Q3 FY2026 on April 29 with $82.9 billion in revenue, Azure up 40 percent, and the AI business at a $37 billion run rate (up 123 percent). Alphabet posted $109.9 billion in revenue with Google Cloud up 63 percent year over year on April 29, the fastest growth rate Cloud has ever recorded. Meta reported $56.31 billion in revenue at a 40.6 percent operating margin. Big Tech earnings season closed strong everywhere AI shows up in the income statement.

Anthropic Launches Claude Security in Public Beta -

On April 30, Anthropic opened Claude Security to public beta for Claude Enterprise customers. The tool runs on Claude Opus 4.7 and scans codebases for vulnerabilities the way a security researcher would, by tracing data flows and reading source rather than matching known signatures.

How it works:

Each finding ships with a confidence rating, the likely impact, reproduction steps, and a proposed fix. A multi stage validation pipeline runs before findings reach analysts so the false positive rate stays manageable. You can dismiss findings with a documented reason, schedule scans on a weekly cadence, and export to CSV or Markdown. Webhook hooks reach into Slack, Jira, and other trackers.

Track record:

Hundreds of organizations tested Claude Security in a closed preview that started in February. Anthropic says testers found vulnerabilities in production code that existing tools had missed for years. Major security vendors including CrowdStrike, Microsoft Security, Palo Alto Networks, SentinelOne, TrendAI, and Wiz are integrating Opus 4.7 into their own platforms in parallel.

Pricing note:

Opus 4.7 promotional pricing on GitHub Copilot also ended on April 30. The premium request multiplier is now 15x.

Developer Tools & Platforms

Cursor Ships TypeScript SDK in Public Beta -

Cursor released a TypeScript SDK in public beta on April 29. The SDK exposes the same runtime, harness, and models that power the Cursor desktop app, CLI, and web interface, so you can drive Cursor agents from your own code. Agents run either locally on a developer machine or in cloud mode where each agent gets a dedicated sandboxed VM with the repo pre cloned. The SDK ships with codebase indexing and semantic search, MCP server connections, subagent support, hooks for observing and controlling the agent loop, and token based pricing. The package is @cursor/sdk on npm. Faire, Rippling, Notion, and C3 AI are listed as early production users running it for three patterns: CI/CD pipeline automation that fixes failing builds, internal tools for non engineers, and embedded customer facing agents.

Warp Open Sources Its Agentic Development Environment -

On April 28, Warp open sourced its core IDE and introduced an Agentic Development Environment (ADE) backed by Oz, its cloud agent orchestration platform. OpenAI is the founding sponsor of the open source repo, with GPT-5.5 powering the Oz workflows. Oz handles the development lifecycle end to end: triage, planning, code, and pull request management. The pitch is that contributors stop writing code and start shaping what gets built while agents handle the implementation. Users can submit feature requests inside the ADE or through GitHub.

Sentry Launches Seer Agent for Plain English Production Debugging -

Sentry shipped Seer Agent on April 28. The agent answers questions like “Why is this page slow?” and “What changed before this started?” by reasoning across errors, spans, logs, traces, and code context. It runs across multiple services and repos using distributed tracing data. Seer Agent works in the Sentry UI and inside Slack, where teams can run multiplayer incident response in a thread that becomes a permanent record. It is available in beta to all Sentry users with Seer enabled, included with paid Seer subscriptions at $40 per active contributor per month.

OpenAI Releases Symphony Spec for Coding Agent Orchestration -

OpenAI released Symphony, an open source specification and reference implementation for orchestrating coding agents. Symphony is a long running service that polls an issue tracker like Linear, creates a deterministic per issue workspace, runs an agent session in isolation, monitors CI, and prepares the change for human review. Runtime behavior is loaded from a WORKFLOW.md file in the repo so each project can shape what its agents do. Internal teams at OpenAI saw landed pull requests rise 500 percent in the first three weeks because engineers stopped context switching between three to five concurrent Codex sessions. The spec is language agnostic and the reference implementation is in Elixir under Apache 2.0.

IBM Releases Granite 4.1 Family -

IBM released Granite 4.1 on April 29, the company’s most expansive open model release yet. The lineup covers language (3B, 8B, 30B parameters in base and instruct variants), vision (table and chart extraction), speech, embedding, and guardian models for harm detection. The dense decoder only language models support up to 512K tokens of context and emphasize tool calling and instruction following over chain of thought reasoning. Training used about 15 trillion tokens through a five phase pipeline plus supervised fine tuning on roughly 4.1 million curated samples and multi stage RL. The Granite 4.1 8B Instruct model matches or beats the previous 32B MoE on benchmarks despite the simpler architecture. Everything ships under Apache 2.0.

Nvidia Drops Nemotron 3 Nano Omni -

Nvidia released Nemotron 3 Nano Omni on April 28, a multimodal LLM unifying video, audio, image, and text understanding for enterprise agents. The architecture is a 30B-A3B Mamba2 Transformer hybrid MoE with 31B total parameters and 3.1B active. It accepts video up to 2 minutes, audio up to 1 hour, and images, with a 256K token context window in English. Nvidia says it is best in class on document intelligence and tops MediaPerf for video understanding throughput. Available on Build.Nvidia.com, Hugging Face in BF16, FP8, and NVFP4, and NGC, with vLLM and TensorRT-LLM support across Ampere, Hopper, and Blackwell.

xAI Launches Grok 4.3 API -

xAI released the Grok 4.3 API on April 30 with a 1 million token context window, native video input for the first time, native PDF, XLSX, and PPTX generation, new speech to text and text to speech APIs, and 16 agent parallel scheduling. Pricing dropped to $1.25 per million input tokens and $2.50 per million output, roughly a 40 to 58 percent cut versus Grok 4.20. Output speed lands around 207 to 216 tokens per second. The Artificial Analysis Intelligence Index puts it at 53.2 with 97.7 percent on tau squared Bench tool use and 90.1 percent on GPQA Diamond.

Hippocratic AI Launches Polaris 5.0 -

Hippocratic AI announced Polaris 5.0 on April 30, a healthcare specific constellation totaling 5 trillion parameters with a 700 billion parameter core and 31 co trained specialist models. Versus Polaris 4.0 it ships 28 percent faster time to first audio (1.5 seconds), 87 percent clinical ASR accuracy, 99.95 percent drug safety, and 99.75 percent clinical escalation safety. New skills include cough detection, drug name disambiguation, child protective services and suicide risk escalation, and native Mandarin with mid call switching. The model was validated by over 7,500 US licensed clinicians on more than 725,000 test calls.

GitHub Copilot Moves to Usage Based Billing -

On April 27, GitHub announced that all Copilot plans switch to usage based billing on June 1, 2026. Premium request units are out, AI Credits priced by token consumption (input, output, and cached) are in. Base plan prices stay the same: Copilot Pro at $10 per month, Pro+ at $39 per month. Code completions and Next Edit suggestions stay free. Copilot also retired the Student GPT-5.3-Codex model from the picker on April 27 and on the same day shipped a 20 percent faster cloud agent startup via Actions custom images. Separately, Copilot code review will start consuming Actions minutes on private repos starting June 1.

Arm Announces Performix -

On April 28, Arm launched Performix, a free performance analysis toolkit for AI agent development on Arm based infrastructure. It gives developers and agents system wide visibility, profiling data, and actionable optimization suggestions. Useful if you are running agent workloads on Graviton, Ampere, or Apple silicon and want to find out where the latency actually lives.

Guild.ai Opens Its AI Agent Control Plane -

On April 29, Guild.ai launched what it calls the first control plane for AI agents, with governance, identity enforcement, access control, and traceability across enterprise systems. The platform includes a governed runtime, a Managed Agent Center for versioning, an Agent Hub for sharing capabilities, and connectors for GitHub, Jira, Slack, Notion, Zendesk, and Google Workspace. The company is backed by a $44 million Series A from Google Ventures and others.

Keeper Security Ships Agent Kit -

Keeper Security launched Agent Kit on May 1 to handle secrets for coding agents. It integrates with Claude Code, Cursor, Codex, and GitHub Copilot, lets agents fetch encrypted credentials at runtime, and keeps secrets out of chat history while preserving role based access controls and audit logging. Aimed squarely at the kind of OAuth and credential exposure that has driven the last six months of supply chain incidents.

Security

Linux Kernel Copy Fail (CVE-2026-31431) Hits Every Distro Since 2017 -

CVE-2026-31431 was disclosed on April 29 by Theori researchers and is the worst Linux local privilege escalation in years. The bug sits in the kernel’s algif_aead crypto interface (AF_ALG sockets). A 2017 optimization for in place AEAD operations means the kernel passes references to page cache pages instead of copies, the source and destination buffers point to the same memory, and the authencesn algorithm writes 4 bytes past the boundary directly into the page cache of a spliced file. CVSS is 7.8 but exploitability is brutal.

A 732 byte Python proof of concept binds an AF_ALG socket, splices in /usr/bin/su, and calls recvmsg to corrupt the page cache. No race conditions. Working exploits exist for Ubuntu 24.04, Amazon Linux 2023, RHEL 10.1, and SUSE 16. The same primitive escapes Kubernetes containers. Affected versions are 4.14 through 7.0-rc. Patched in 7.0, 6.19.12, and 6.18.22. Anything you run that gives untrusted users a shell needs to be patched immediately.

cPanel Authentication Bypass (CVE-2026-41940) Exploited Since February -

cPanel and WHM patched CVE-2026-41940 on April 28, a 9.8 CVSS authentication bypass that has been exploited since February 23. The bug is a CRLF injection in the login flow plus a session encoding gap. Attackers slip a successful_internal_auth_with_timestamp key into the session and skip password validation entirely. CISA added it to the Known Exploited Vulnerabilities catalog. By May 1 The Register reported 1.5 million internet exposed cPanel instances and at least one ransomware case asking $7,000 from a small business. Patched builds: 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, 11.136.0.5. Apply with /scripts/upcp --force and restart cpsrvd.

Mini Shai-Hulud Worm Hits Official SAP npm Packages -

On April 29 between 09:55 and 12:14 UTC, attackers published malicious versions of four official SAP CAP packages: mbt@1.2.48, @cap-js/db-service@2.10.1, @cap-js/postgres@2.2.2, and @cap-js/sqlite@2.2.2. Combined weekly downloads are around 572,000. Each package ran a preinstall script that pulled the Bun runtime and a 11.6 MB obfuscated credential stealer that grabbed GitHub tokens, npm credentials, AWS Azure GCP keys, Kubernetes tokens, and CI runner secrets, including extracting them from runner memory. The malware then republished other packages owned by stolen credentials and dropped repos tagged “A Mini Shai-Hulud has Appeared” on victim accounts. Snyk’s writeup confirmed the same code hit intercom-client and the PyPI lightning package on April 30. Researchers attribute the campaign to TeamPCP. Audit any CI run that touched SAP CAP packages this past week.

ShinyHunters Spree: Vimeo, Udemy, Amtrak -

ShinyHunters had a productive week. Vimeo confirmed a breach on April 28 through compromised analytics vendor Anodot, exposing technical data, video titles, metadata, and some customer email addresses (no video content, no credentials, no payment data). The same day Udemy disclosed 1.4 million records stolen including names, addresses, phone numbers, employer info, and instructor payout methods. On April 29, Amtrak reported a breach discovered April 17 that exposed over 2.1 million customer records. All three trace back to compromised cloud services and third party integrations. The pattern from the Vercel breach two weeks ago has not changed.

Industry News

Big Tech Earnings Show AI Money Is Real -

The week was peak earnings. Microsoft Q3 FY2026 on April 29 hit $82.9 billion in revenue with Microsoft Cloud at $54.5 billion (up 29 percent), Azure up 40 percent, and the AI business at a $37 billion run rate (up 123 percent). Commercial remaining performance obligation grew 99 percent to $627 billion. Alphabet posted $109.9 billion in revenue on April 29 with Google Cloud at $20.03 billion (up 63 percent year over year, the fastest growth ever) and Search up 19 percent. CapEx guidance jumped to $180 to $190 billion for the year. Meta reported $56.31 billion in revenue at a 40.6 percent operating margin and $26.8 billion in net income. Apple closed it out on April 30 with the records covered above.

David Silver Raises $1.1B Seed for Ineffable Intelligence -

On April 27, former DeepMind RL lead David Silver, the researcher behind AlphaGo and AlphaZero, closed a $1.1 billion seed round at a $5.1 billion valuation for Ineffable Intelligence. Sequoia Capital and Lightspeed co led with Nvidia, Google, Index Ventures, and the UK Sovereign AI Fund. It is the largest seed round ever raised by a European startup. The thesis is that reinforcement learning can build a “superlearner” that discovers knowledge without imitating human text. Silver pledged 100 percent of his equity to charity through Founders Pledge.

Meta Acquires Assured Robot Intelligence for Humanoid Push -

On May 1, Meta acquired Assured Robot Intelligence (ARI), a robotics AI startup co founded by Lerrel Pinto (NYU and previously Fauna Robotics) and Xiaolong Wang (UC San Diego, former Nvidia). ARI specializes in whole body humanoid control, robot control models, tactile sensors, and self learning. The team joins Meta Superintelligence Labs and works alongside Meta Robotics Studio. Meta is pitching itself as the Android of humanoid robots, building licensable software and AI models for the next wave of physical machines. Terms were not disclosed.

Stripe Sessions 2026 Ships 288 Launches -

Stripe Sessions 2026 ran April 29 and 30 in San Francisco with 288 product launches centered on AI commerce. Highlights: Agentic Commerce Suite expansions with Google, Meta, OpenAI, and Microsoft so businesses can sell inside Gemini and AI Mode. Link wallets for agents that let AI agents make payments on a user’s behalf with one time use cards. Streaming payments for token usage via stablecoin micropayments. Machine Payments Protocol (MPP) for agent to agent transactions. Treasury expansion with instant free transfers between businesses.

Scout AI Raises $100M for Defense AI -

Scout AI closed a $100 million Series A on April 29 co led by Align Ventures and Draper Associates, called the largest defense tech Series A in US history. The company builds AI for unmanned warfare systems. Closely tied to the Pentagon spending shift covered above.

Manifest OS Raises $60M Series A for Legal AI -

Manifest OS raised $60 million in Series A on April 28 at a $750 million valuation, the largest Series A ever for a legal tech company. The platform sells AI driven legal services to enterprise customers.

Other Funding Rounds -

Actively raised $45 million Series B on April 28 (TCV and First Harmonic co led, total $68 million) for an AI go to market platform. OpenObserve raised $10 million Series A on April 29 (Nexus Venture Partners and Dell Technologies Capital) for AI native observability serving 6,000 organizations.

The Numbers That Matter

• $111.2B Apple Q2 FY26 revenue, best March quarter ever
• 40% Microsoft Azure growth, with AI at a $37B run rate
• 63% Google Cloud revenue growth, the fastest ever
• 8 Tech vendors signed onto Pentagon classified networks
• $1.1B Ineffable Intelligence seed, largest ever for a European startup
• 9.8 CVSS for cPanel CVE-2026-41940 exploited since February
• 572K Weekly downloads of the compromised SAP npm packages

Quick Hits

Microsoft and OpenAI restructure - April 27. Non exclusive IP license through 2032. OpenAI ships first on Azure but can serve from any cloud. Microsoft no longer pays OpenAI a revenue share. OpenAI keeps paying Microsoft through 2030. OpenAI converts to a public benefit corporation.

AWS and OpenAI on Bedrock - April 28. GPT-5.5, Codex, and Bedrock Managed Agents in limited preview. OpenAI usage applies to AWS commitments. Codex available via CLI, desktop app, and VS Code extension on Bedrock.

Pentagon AI deals - May 1. Eight vendors on IL6 and IL7. Microsoft, AWS, Google, OpenAI, Nvidia, SpaceX, Oracle, Reflection AI. Anthropic excluded.

Apple Q2 FY26 - April 30. $111.2B revenue, $57B iPhone, $30.98B services. Q3 guide 14 to 17 percent growth. $100B buyback authorized.

Microsoft Q3 FY26 - April 29. $82.9B revenue. Azure up 40 percent. Microsoft Cloud $54.5B. AI run rate $37B up 123 percent. Commercial RPO $627B up 99 percent.

Alphabet Q1 2026 - April 29. $109.9B revenue. Google Cloud $20.03B up 63 percent. Search up 19 percent. CapEx guide $180 to $190B.

Meta Q1 2026 - April 29. $56.31B revenue up 33.1 percent. Operating margin 40.6 percent. Net income $26.8B.

Anthropic Claude Security - April 30. Public beta on Opus 4.7. Scheduled scans, multi stage validation, Slack and Jira webhooks. Promotional pricing on Copilot ends.

Cursor SDK - April 29. TypeScript SDK in public beta. Cloud sandboxed VMs, subagents, hooks, MCP, token based pricing. Faire, Rippling, Notion, C3 AI in production.

Warp open sources ADE - April 28. OpenAI founding sponsor. Oz cloud agent orchestration. GPT-5.5 powers workflows.

Sentry Seer Agent - April 28. Plain English production debugging. Slack multiplayer incident response. $40 per active contributor on paid plans.

OpenAI Symphony - April 28. Open source spec for orchestrating coding agents from issue trackers. WORKFLOW.md per repo. Elixir reference implementation. 500 percent PR uplift on internal teams.

IBM Granite 4.1 - April 29. Language (3B, 8B, 30B), vision, speech, embedding, guardian. 512K context. Apache 2.0.

Nvidia Nemotron 3 Nano Omni - April 28. 30B-A3B Mamba2 Transformer hybrid MoE. 256K context. Video, audio, image, text. Build.Nvidia.com, Hugging Face, NGC.

xAI Grok 4.3 API - April 30. 1M context. Native video input. Native PDF, XLSX, PPTX. New STT and TTS. 16 agent parallel scheduling. $1.25 in, $2.50 out per million tokens.

Hippocratic AI Polaris 5.0 - April 30. 5T parameter healthcare constellation. 87 percent clinical ASR. 99.95 percent drug safety. Validated on 725K test calls.

GitHub Copilot billing - April 27. Usage based pricing on June 1. AI Credits replace premium request units. Code completions stay free. Cloud agent starts 20 percent faster. Code review consumes Actions minutes from June 1.

Arm Performix - April 28. Free performance toolkit for AI agent development on Arm.

Guild.ai control plane - April 29. Governance, identity, access, traceability for enterprise AI agents. $44M Series A from Google Ventures.

Keeper Agent Kit - May 1. Secrets management for Claude Code, Cursor, Codex, Copilot. Runtime encrypted retrieval. RBAC and audit logs.

Linux Copy Fail (CVE-2026-31431) - April 29. AF_ALG algif_aead page cache write. CVSS 7.8 with trivial PoC. Container escape. Patches in 7.0, 6.19.12, 6.18.22.

cPanel auth bypass (CVE-2026-41940) - April 28. CRLF injection plus session flaw. CVSS 9.8. Exploited since February. CISA KEV. ~1.5M exposed instances.

SAP npm Mini Shai-Hulud - April 29. mbt, @cap-js/db-service, @cap-js/postgres, @cap-js/sqlite. Bun based stealer. Self propagating worm. Hit intercom-client and PyPI lightning April 30. TeamPCP.

ShinyHunters spree - April 28 to 30. Vimeo via Anodot vendor. Udemy 1.4M records. Amtrak 2.1M records.

Ineffable Intelligence $1.1B seed - April 27. David Silver. Sequoia and Lightspeed co lead. Nvidia, Google, UK Sovereign AI Fund participate. $5.1B valuation.

Meta acquires ARI - May 1. Whole body humanoid control. Joins Superintelligence Labs.

Stripe Sessions 2026 - April 29 to 30. 288 launches. Agentic Commerce Suite. Link agent wallets. MPP. Streaming stablecoin payments.

Scout AI $100M Series A - April 29. Defense AI for unmanned warfare. Largest defense tech Series A in US history.

Manifest OS $60M Series A - April 28. Legal AI. $750M valuation. Largest legal tech Series A.

Actively $45M Series B - April 28. AI go to market.

OpenObserve $10M Series A - April 29. AI native observability.

Three threads worth pulling on. The first is the realignment. Microsoft’s exclusive era ended on April 27 and AWS shipped GPT-5.5 on Bedrock 24 hours later. The Pentagon then signed eight vendors instead of one or two. Whatever moat any single hyperscaler had on AI is being actively dismantled by procurement reality. Multi cloud is no longer a 2027 problem. The second is the new shape of the dev tools market. Cursor is shipping a programmable runtime. Warp is going open source with cloud agents. Sentry is debugging in English. OpenAI is publishing an orchestration spec rather than a product. The thing every one of them is selling is the same: agents you can run from outside the IDE, in CI, in chat, or embedded in your product. The IDE is becoming a thin client over a long running cloud loop. If you have not started thinking about how your engineering org adopts this, the next two quarters are when budget conversations turn into buying decisions. The third is the supply chain story is not slowing down. The Linux kernel had a nine year old root bug exploitable in 732 bytes of Python. cPanel had been rooted for two months before patches. Four official SAP packages got worm versions on the same morning. Two weeks ago the lesson was OAuth scope. This week the lesson is the same one but with a different shape: every package and every kernel module you trust by default is a soft target, and the time between disclosure and exploitation is now hours.

See you next week.