What is the biggest software developer news from May 25 to 31, 2026?

The biggest news is the funding and product double from Anthropic on May 28, 2026. Anthropic closed a 65 billion dollar Series H round at a 965 billion dollar post-money valuation, becoming the world's most valuable AI startup ahead of OpenAI's 852 billion dollar mark. On the same day, it released Claude Opus 4.8 with Dynamic Workflows that can orchestrate up to 1,000 parallel subagents in Claude Code, a Fast Mode that is roughly 2.5 times faster than previous Opus releases, and a 1 million token context window. The model is also available in Cursor, GitHub Copilot, Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Foundry from launch day.

What happened with the Glassworm botnet on May 26 and 27, 2026?

CrowdStrike, Google, and the Shadowserver Foundation coordinated a takedown of the Glassworm botnet on the afternoon of May 26, 2026, with public disclosure on May 27. Glassworm had operated since early 2025, poisoning more than 300 GitHub repositories through stolen developer credentials, malicious VS Code extensions on the OpenVSX marketplace, and compromised npm and Python packages. The takedown disabled four command-and-control channels that used the Solana blockchain, BitTorrent peer-to-peer networks, Google Calendar, and rented virtual private servers as resilient resolution layers. The malware delivered a Node.js remote access trojan called GlasswormRAT across Windows, Linux, and macOS.

How big is the Cognition Series D and what does Devin do?

Cognition raised more than 1 billion dollars on May 27, 2026 at a 25 billion dollar pre-money and 26 billion dollar post-money valuation. The round was co-led by Lux Capital, General Catalyst, and 8VC, with participation from Founders Fund, Ribbit Capital, Atreides, Layer Global, Elad Gil, and others. The valuation more than doubled from the 10.2 billion dollar mark Cognition hit just eight months earlier in September 2025. Devin is Cognition's autonomous AI software engineer that plans tasks, writes code, debugs failures, runs tests, browses documentation, interacts with developer tools, and deploys software with minimal supervision. Customers include Mercedes-Benz, NASA, Goldman Sachs, and Santander. Cognition reports a 492 million dollar annualized revenue run rate, with Devin writing roughly 89 percent of the code Cognition's own engineers commit.

Dev Weekly May 25-31, 2026: Anthropic Hits $965B, Claude Opus 4.8 Ships, Cognition Raises $1B, Glassworm Botnet Goes Down, Wix Cuts 1,000

Q: Why did Wix lay off 1,000 people?

Wix CEO Avishai Abrahami announced on May 28, 2026 that the company is cutting approximately 1,000 employees, or roughly 20 percent of its 5,277 person workforce. Abrahami posted the message simultaneously on X, LinkedIn, and to staff. He cited two structural reasons. First, the strengthening of the Israeli shekel against the US dollar, which makes the heavily Israel-based workforce increasingly expensive in dollar terms. Second, what he called the most significant shift in how companies are built since the invention of modern programming languages in the 1970s, meaning the AI-driven restructuring of software work. Wix is moving to a flatter management structure and creating new roles such as xEngineer and Creators. The stock has fallen more than 50 percent in 2026.

Another heavy week for the software industry. Anthropic raised 65 billion dollars on May 28 at a 965 billion dollar valuation, leapfrogging OpenAI to become the world’s most valuable AI startup, and shipped Claude Opus 4.8 with Dynamic Workflows on the same day. Cognition raised more than 1 billion dollars on May 27 at a 26 billion dollar valuation for Devin. CrowdStrike, Google, and Shadowserver took down the Glassworm botnet after two years of open source supply chain attacks. GitHub confirmed the TeamPCP intrusion that walked off with about 3,800 internal repositories. Wix announced 1,000 layoffs on May 28, citing AI and a strong shekel.

OpenAI brought Codex Computer Use to Windows, xAI shipped Grok Build, Cursor released 3.6 with Auto-review, and Microsoft published Lens, its first 3.8 billion parameter text to image model. Snowflake committed 6 billion dollars to AWS, Salesforce reported a record Q1, and Mistral launched its Industrial Engineering stack with Airbus, BMW, EDF, and CMA CGM. Here is everything that mattered in the developer world.

Top Stories This Week

Anthropic Closes $65B Series H at $965B Valuation -

On May 28, Anthropic closed a 65 billion dollar Series H at a 965 billion dollar post-money valuation, overtaking OpenAI’s 852 billion dollar mark from March to become the world’s most valuable AI startup. The round was co-led by Altimeter Capital, Dragoneer, Greenoaks, Sequoia Capital, Capital Group, Coatue, and D1 Capital Partners. Institutional investors Baillie Gifford, Blackstone, Brookfield, D.E. Shaw Ventures, DST Global, and Fidelity Management also participated.

Strategic infrastructure partners Samsung, SK Hynix, and Micron joined the round, putting the three companies that control more than 90 percent of global high bandwidth memory capacity onto the same cap table. A portion of the round, 15 billion dollars, comes from previously committed hyperscaler investments including 5 billion dollars from Amazon announced in April.

Anthropic said run-rate revenue crossed 47 billion dollars earlier in May, up sharply from its February Series G at a 380 billion dollar valuation. The presence of crossover investors like T. Rowe Price, Fidelity, and Baillie Gifford signals this is likely Anthropic’s last private round before an IPO, with reporting pointing to a potential October 2026 listing window.

Anthropic Ships Claude Opus 4.8 With Dynamic Workflows -

On the same day as the funding announcement, Anthropic released Claude Opus 4.8, just 41 days after Opus 4.7. The release brings real gains in coding and math benchmarks, including 69.2 percent on SWE-bench Pro, 74.6 percent on Terminal-Bench 2.1, 83.4 percent on OSWorld-Verified, and 57.9 percent on Humanity’s Last Exam with tools. Anthropic also said Opus 4.8 is roughly four times less likely than Opus 4.7 to let flaws in its own code pass unremarked.

The headline feature is Dynamic Workflows in Claude Code, a new orchestration mode that coordinates up to 1,000 parallel subagents on a single task. The pitch is codebase-scale migrations across hundreds of thousands of lines of code in a single run. Fast Mode is now roughly 2.5 times faster than previous Opus releases and 3 times cheaper. Pricing stays at 5 dollars per million input tokens and 25 dollars per million output tokens for regular usage, and 10 and 50 dollars for Fast Mode.

Developers can call the model as claude-opus-4-8 through the Claude API, with day-one availability on Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Foundry. Anthropic also said it expects to make its cybersecurity-focused Mythos-class models available through a general release in the near future, once stronger safeguards are in place.

Cognition Raises $1B at $26B Valuation for Devin -

On May 27, Cognition raised more than 1 billion dollars at a 25 billion dollar pre-money and 26 billion dollar post-money valuation, more than doubling from the 10.2 billion dollar valuation it hit eight months ago. Lux Capital, General Catalyst, and 8VC co-led the round, with participation from Founders Fund, Ribbit Capital, Atreides, Layer Global, Elad Gil, Soma Capital, Omri Casspi, Alpha Wave, Bain Capital Ventures, and Vitruvian.

Cognition’s flagship product Devin is an autonomous AI software engineer that plans tasks, writes production code, debugs failures, runs tests, and ships software end to end. Customers include Mercedes-Benz, NASA, Goldman Sachs, and Santander. Annualized revenue run rate hit 492 million dollars, up from 37 million dollars in May 2025. Cognition CEO Scott Wu said Devin already writes roughly 89 percent of the code that Cognition’s own engineers commit.

CrowdStrike, Google, and Shadowserver Take Down Glassworm Botnet -

On the afternoon of May 26, CrowdStrike, Google, and the Shadowserver Foundation simultaneously struck all four command-and-control channels behind the Glassworm botnet, cutting its operators off from their army of infected developer machines. CrowdStrike confirmed the operation publicly on May 27.

Glassworm had run since at least early 2025, targeting developers with access to source code repositories, cloud platforms, CI/CD pipelines, and package registries. Its operators poisoned more than 300 GitHub repositories using credentials stolen in earlier infections, published trojanised VS Code extensions on the OpenVSX marketplace disguised as time trackers and code formatters, and slipped malicious code into npm and Python packages through postinstall hooks. The extensions also targeted Cursor, Positron, Windsurf, and VSCodium.

The command-and-control infrastructure used the Solana blockchain, the BitTorrent peer-to-peer network, Google Calendar entries, and rented virtual private servers as resolution layers. The final payload was a Node.js remote access trojan dubbed GlasswormRAT that worked across Windows, Linux, and macOS.

GitHub Confirms TeamPCP Stole 3,800 Internal Repositories -

On May 27, GitHub publicly confirmed that the cybercrime group TeamPCP exfiltrated approximately 3,800 internal GitHub repositories after a single employee installed a poisoned Visual Studio Code extension. The chain ran through the backdoored Nx Console 5.0 extension that briefly slipped onto the Visual Studio Marketplace for somewhere between 11 and 18 minutes. That window was long enough for the build to land on the GitHub employee’s machine.

TeamPCP is now advertising the stolen code on a dark-web forum with a floor price of 50,000 dollars per buyer. GitHub also added a 2FA approval gate that requires a live challenge before any package can be promoted to public, an effort to block stolen automation tokens from silently pushing malicious versions in future attacks.

GitHub Hits Global Outage on May 27 -

On May 27 at roughly 12:10 UTC, GitHub started seeing degraded performance across Git operations, issues, pull requests, and API requests. The incident was officially acknowledged at 12:54 UTC and marked resolved by 13:16 UTC. The outage affected backend API services and user-facing surfaces, leading to delays, failed pushes, and broken integrations for teams worldwide. GitHub said it would publish a full root cause analysis once the investigation completes.

Wix Cuts 1,000 Staff, Around 20% of the Company -

On May 28, Wix CEO Avishai Abrahami confirmed roughly 1,000 layoffs in a message posted simultaneously on X, LinkedIn, and to all staff. That is about 20 percent of the company’s 5,277 person headcount at the end of Q1, the largest single-event reduction in the company’s 20 year history.

Abrahami cited two structural forces. First, the strengthening of the Israeli shekel against the US dollar, which makes the heavily Israel-based workforce increasingly expensive in dollar terms. More than 60 percent of Wix employees are based in Israel. Second, what he called the most significant shift in how companies are built since the invention of modern programming languages in the 1970s. The company is flattening management layers and introducing new roles around AI work, including a position called xEngineer and a broader Creators category. Wix stock has fallen more than 50 percent in 2026.

OpenAI Brings Codex Computer Use to Windows -

On May 29, OpenAI released a major Codex update for Windows that brings two features previously limited to macOS: Computer Use, where Codex sees what is on the screen, clicks buttons, and types to complete tasks; and remote control through the ChatGPT mobile app on iOS and Android. The Codex Windows app, version 26.527, runs Computer Use in the foreground, which means users cannot continue working in the same Windows session while Codex drives another app.

On May 29, OpenAI also announced mobile control for Windows machines. Users can connect their PC to Codex in the ChatGPT mobile app and start new threads, send follow up instructions, approve actions, review diffs and test results, and check screenshots or terminal output from a phone while Codex hunts bugs and tests apps on the PC.

xAI Ships Grok Build Coding Agent at $300/Month -

On May 25, xAI launched Grok Build, a terminal-based coding agent aimed squarely at Anthropic’s Claude Code and GitHub Copilot. The early beta is available only to SuperGrok and X Premium Plus subscribers at 300 dollars per month. Elon Musk publicly acknowledged that xAI had fallen behind on coding tools, and the Grok Build 0.1 model briefly surfaced on the xAI API roughly five days before the official beta. The CLI ships with a built-in /feedback command so xAI can iterate against real users.

Developer Tools & Platforms

Cursor 3.6 Introduces Auto-review Run Mode

On May 29, Cursor 3.6 shipped Auto-review as a new agent run mode that lets Cursor work longer with fewer approval prompts. Auto-review applies to Shell, MCP, and Fetch tool calls and runs them through three checks in order. First, an allowlist for calls you trust by default. Second, a sandbox that runs supported calls with network and filesystem restrictions on macOS, Linux, and Windows via WSL2. Third, an LLM classifier subagent that decides whether anything else should run, retry, or get bumped to a manual approval prompt.

Cursor was clear in the release notes that the classifier is non-deterministic, so Auto-review is best-effort convenience rather than a security boundary. Teams that need strict control should stick with allowlist plus manual approvals. On May 28, Claude Opus 4.8 also landed in Cursor, where it scores better than Opus 4.7 on CursorBench and works more efficiently on long horizon tasks.

Claude Opus 4.8 Generally Available in GitHub Copilot -

On May 28, GitHub made Claude Opus 4.8 generally available for Copilot Pro+, Business, and Enterprise plans. The model shows up in the model picker across VS Code chat, ask, edit, and agent modes, Visual Studio, the Copilot CLI, the Copilot cloud agent, the GitHub Copilot App, github.com, GitHub Mobile, JetBrains, Xcode, and Eclipse. The model launches with a 15x premium request multiplier until usage based billing kicks in on June 1.

On May 26, GitHub also released targeted model rules in public preview, letting Enterprise owners allow specific Copilot models for specific organizations rather than a single enterprise-wide setting. Copilot CLI also shipped versions 1.0.55, 1.0.56, and 1.0.57 across May 28 and 29 with smarter model selection, MCP and BYOK improvements, richer diff view, theme aware colors, and better timeline rendering.

Anthropic Releases Security-Guidance Plugin for Claude Code -

On May 26, Anthropic shipped a security-guidance plugin for Claude Code that lives by default in the Anthropic marketplace. The plugin uses regex-based pattern matching to catch roughly 25 common dangerous code patterns such as unsafe loading practices and hardcoded secrets. When Claude spots one of those patterns during a coding session, it prompts the developer to fix it in the same window rather than punting to a separate security tool. The plugin sits inside Anthropic’s broader Claude Code Security initiative, which launched in research preview on February 20, 2026, and went to public beta for Enterprise customers in late April.

OpenAI Codex Desktop Adds Computer Use, Memory, and 90+ Plugins -

On May 25, OpenAI rolled out a major Codex desktop update that turns the product from a coding-only assistant into a broader desktop agent for software work. The release adds background Computer Use on macOS, an in-app browser for commenting directly on pages, image generation via gpt-image-1.5, memory that persists user preferences across sessions, and scheduled automations that can carry work over days or weeks.

The desktop app also picks up more than 90 plugins that combine skills, app integrations, and MCP servers. Notable ones include Atlassian Rovo for managing Jira, CircleCI, CodeRabbit, GitLab Issues, Microsoft Suite, Neon by Databricks, Remotion, Render, and Superpowers. OpenAI said more than 3 million developers use Codex weekly.

OpenAI Codex CLI 0.134.0 Lands -

On May 26, Codex CLI shipped 0.134.0 and made --profile the primary profile selector across CLI, TUI permissions, and sandbox flows. Legacy profile configs now get rejected with explicit migration guidance, and the release adds documentation for the curl and PowerShell installer paths plus profile migration links in relevant config errors.

Novee Launches Agentic Fix for Pentest-to-Patch Workflows -

On May 26, AI penetration testing startup Novee launched Agentic Fix, a capability that pushes validated exploit findings directly into developer coding agents. When Novee identifies an issue, the platform now writes a detailed GitHub issue with remediation guidance tied to the exact exploit path, then routes that to Claude, Codex, Copilot, Cursor, or Devin to produce a fix and open a pull request. Once the fix merges, Novee reassesses the asset to confirm the original vulnerability is resolved.

Microsoft Releases Lens 3.8B Text-to-Image Model -

On May 26, Microsoft released Lens on Hugging Face, a 3.8 billion parameter foundational text-to-image model trained on Lens-800M, an 800 million image-text corpus with GPT-4.1 captions. The model uses a 48-block MMDiT denoiser with FLUX.2 latents and supports generation up to 1440 by 1440 resolution across aspect ratios from 1:2 to 2:1. Microsoft published minimal inference code for running the Lens DiT checkpoints, though it did not disclose a training cutoff date, pricing, or benchmark comparisons against DALL-E 3, Midjourney, or Stable Diffusion.

Apple Seeds First iOS 26.6, macOS 26.6, and Companion Betas -

On May 26, Apple released the first developer betas of iOS 26.6, iPadOS 26.6, macOS 26.6, watchOS 26.6, tvOS 26.6, and visionOS 26.6. The iOS 26.6 beta carries build 23G5028e. Significant changes include a new Apple Maps Blastdoor framework for additional security isolation and a new alert that tells users when they hit the 20,000 blocked contacts maximum. The 26.6 line is the likely final feature release on the iOS 26 branch before Apple unveils iOS 27 at WWDC on June 8.

Snowflake Commits $6B to AWS for AI Infrastructure -

On May 27, Snowflake signed a multi-year strategic collaboration agreement with AWS that includes a 6 billion dollar infrastructure commitment over five years for Graviton processors and GPU accelerated EC2 instances. This is Snowflake’s largest cloud commitment to date, and the focus is enterprise agentic AI workloads on top of Snowflake’s data platform with tighter integration into Amazon Bedrock.

Snowflake stock jumped 36 percent on the news, its best single day on record. The deal also expands the joint go-to-market push through AWS Marketplace, where Snowflake has now passed 7 billion dollars in lifetime sales. Snowflake will also expand into 10 new AWS regions, including Auckland, Cape Town, Bangkok, and the AWS European Sovereign Cloud.

Salesforce Posts Record Q1 With Agentforce Crossing $1B ARR -

On May 27, Salesforce reported Q1 FY27 revenue of 11.1 billion dollars, up 13 percent year on year, beating Wall Street estimates on both top and bottom lines. The company raised full year FY27 guidance to between 45.9 billion and 46.2 billion dollars and initiated Q2 guidance of 11.27 billion to 11.35 billion dollars.

The most-watched number from the earnings call was Agentforce crossing 1 billion dollars in annualized recurring revenue, with revenue up 205 percent year on year. Combined with Data 360 and Informatica Cloud, Salesforce now reports 3.4 billion dollars in total AI and data ARR. The company processed 28.6 trillion tokens in Q1 (up 152 percent quarter on quarter) and 3.8 billion agentic work units. Despite the beat, shares slipped in after-hours trading as investors remained worried that agentic AI will erode the company’s per-seat subscription model.

Mistral Launches Industrial Engineering AI With Airbus and BMW -

On May 28, at its first annual conference in Paris, Mistral AI formally launched Mistral for Industrial Engineering, a physics-aware AI stack pitched directly at heavy industry customers. Launch customers include Airbus, BMW, EDF, and shipping group CMA CGM.

Airbus signed a five year partnership that gives it licenses for the full Mistral AI product suite, with deployment on-premises, in trusted clouds, or wherever it makes sense for Airbus and its customers. The work spans commercial aircraft, helicopter, defence, and space activities, and covers AI-driven engineering simulation, automatic object recognition for flight safety, and automated technical documentation. BMW signed a separate deal to build Large Industry Models trained on more than one petabyte of BMW’s historical crash simulation data, aiming to predict structural test outcomes in seconds rather than hours.

Docker Ships Sandbox Guidance and Copy Fail Mitigation -

On May 26, Docker published a long post on running untrusted autonomous AI coding agents inside microVM sandboxes, framed around real coding agent failure modes like database wipes and leaked secrets. The post argues that the laptop is now production for agents and walks through how Docker Sandboxes reduce blast radius.

On May 27, Docker published the official Copy Fail (CVE-2026-31431) mitigation guidance for Docker Engine. The kernel side fix is the real patch, but if you cannot ship a kernel update yet, upgrading to Docker Engine v29.4.3 or later picks up the seccomp, AppArmor, and SELinux defaults that block AF_ALG socket creation through both socket(2) and socketcall(2). Docker Agent also shipped v1.70.0 on May 29 with OAuth flow enhancements for MCP catalog servers and a new allow and block list for the mcp_catalog tool.

Amazon Alexa+ Lands in France -

On May 26, Amazon brought Alexa+ to France through an Early Access invite program. After Early Access ends, Alexa+ will be free for Prime members and 22.99 euros per month for non-Prime users, matching the price point already set in Germany, Austria, Spain, and Italy. France joins the US, Canada, Mexico, the UK, Italy, Spain, Germany, and Austria as part of a global Alexa+ relaunch built on Amazon’s generative AI stack.

Core Language and Framework Releases

Puppeteer v25.1.0: Released on May 26, rolling to Chrome 149.0.7827.2, replacing cosmiconfig with lilconfig, and bumping @puppeteer/browsers to 3.0.4.
Typer 0.26.0: Released on May 26 by Sebastián Ramírez (tiangolo) for Typer, the FastAPI-style CLI library.
Spring AI 2.0.0-M8: Released on May 27, shifting to dash-separated Spring Boot property names and shipping MistralAI Jackson improvements plus fixes for the pgvector and google-genai starters.
Docker Agent v1.70.0: Released on May 29 by Docker Engineering, adding text handling improvements, OAuth flow enhancements for MCP catalog servers, and allow and block list filtering for the mcp_catalog tool.

Security

npm Typosquat Wave Steals AWS and CI/CD Secrets -

On May 28, Microsoft Threat Intelligence flagged 14 malicious npm packages published in a four hour window by a single maintainer alias, vpmdhaj. The packages typosquat well known OpenSearch, ElasticSearch, DevOps, and environment configuration libraries, and several spoof the upstream OpenSearch project repo URL in package.json to look legitimate.

The cluster ships a Bun-compiled second stage payload of roughly 195 KB that runs silently during npm install. It targets AWS credentials through IMDSv2 and ECS task roles, enumerates AWS Secrets Manager across more than 16 regions, harvests HashiCorp Vault tokens, and steals GitHub Actions and npm publish tokens for follow-on supply chain attacks. The packages and accounts have since been taken down by the npm team.

Dependency Confusion Wave Targets Corporate Scopes -

On May 28 and May 29, Microsoft uncovered a second npm campaign using three maintainer aliases: mr.4nd3r50n, ce-rwb, and t-in-one. They published packages across nine organizational scopes that mirror real internal corporate namespaces, including direct impersonations of Sberbank’s @sber-ecom-core/sberpay-widget and a @capibar.chat/ui-kit against an internal UI kit. The packages download an obfuscated reconnaissance payload from an attacker controlled C2 server and harvest environment data on install. The May 29 stager added a three-layer obfuscated postinstall script and a kill switch via the T_IN_ONE_NO_TELEMETRY environment variable.

CISA KEV Additions for May 26, 27, and 29

On May 26, CISA added CVE-2026-48172 to the Known Exploited Vulnerabilities catalog. The LiteSpeed cPanel Plugin Privilege Escalation flaw carries a CVSS score of 10.0 and lets any unauthenticated cPanel user execute commands as root.
On May 27, CISA added three supply chain related vulnerabilities: CVE-2026-8398 for Daemon Tools Lite Embedded Malicious Code, CVE-2026-45321 for TanStack Unspecified Vulnerability, and CVE-2026-48027 for the Nx Console Embedded Malicious Code that ultimately led to the GitHub TeamPCP intrusion.
On May 29, CISA added CVE-2026-0257, a Palo Alto Networks PAN-OS Authentication Bypass vulnerability under active exploitation.

Gravity Bridge Drained of $5.4M -

Early on May 31, Gravity Bridge was drained of roughly 5.4 million dollars in what blockchain security researchers believe was a signing key compromise rather than a smart contract flaw. Onchain analyst Specter and security firm PeckShield flagged the unusual outflows, and the Gravity team confirmed the incident on X and asked validators and orchestrators to halt while the breach is reviewed. Gravity Bridge moves assets between Ethereum and the Cosmos ecosystem and is secured by its native Graviton token.

Funding & Industry Deals

Anthropic Series H of $65B at $965B Post-Money -

On May 28, Anthropic closed its Series H at 65 billion dollars and a 965 billion dollar post-money valuation. The deal is widely seen as the company’s last private round before an IPO that is currently rumoured for October 2026, with crossover investors like Fidelity, T. Rowe Price, and Baillie Gifford signalling IPO positioning.

Cognition Series D Raises More Than $1B at $26B -

On May 27, Cognition raised more than 1 billion dollars at a 26 billion dollar valuation, led by Lux Capital, General Catalyst, and 8VC, with Ribbit Capital, Atreides, Layer Global, and existing backers Founders Fund, Elad Gil, Alpha Wave, and Bain Capital Ventures. The company is now worth 16 billion dollars more than it was eight months ago.

Wix Confirms 1,000 Layoffs in Largest Cut Ever

On May 28, Wix CEO Avishai Abrahami confirmed mass layoffs affecting roughly 20 percent of the company. Wix had 5,277 employees at the end of March 2026. The cuts will reduce headcount to roughly 4,200, with affected employees receiving what Abrahami described as personally curated separation packages. The decision is part of a wave of AI-driven tech layoffs in 2026, with industry trackers counting more than 95,000 jobs cut across about 250 events so far this year.

Snowflake Commits $6B to AWS for Graviton and AI

On May 27, Snowflake announced a 6 billion dollar five year commitment to AWS for Graviton compute and AI infrastructure. This is the company’s largest cloud spend commitment to date and reads as a vote of confidence that enterprise demand for the AI Data Cloud will keep accelerating through the agentic shift.

The Numbers That Matter

$965 Billion Post-money valuation of Anthropic after its 65 billion dollar Series H announced
$47 Billion Anthropic’s annualized run-rate revenue as reported in its Series H announcement
$26 Billion Cognition’s post-money valuation after the more than 1 billion dollar Series D
89% Share of code at Cognition that is now written by Devin, disclosed alongside the Series D
$6 Billion Snowflake’s five year infrastructure commitment to AWS announced
3,800 Internal GitHub repositories confirmed exfiltrated by TeamPCP via a poisoned Nx Console extension, confirmed
300+ GitHub repositories poisoned by the Glassworm botnet that CrowdStrike and Google took down
1,000 Wix employees being laid off, around 20 percent of the company, announced
1,000 Parallel subagents that Claude Opus 4.8 Dynamic Workflows can orchestrate, shipped
$1.1 Billion Agentforce annualized recurring revenue as reported in Salesforce’s Q1 FY27 earnings

Quick Hits

OpenAI Codex Desktop Update - May 25. Adds background Computer Use, in-app browser, gpt-image-1.5 image generation, memory, automations, and 90+ plugins.
xAI Grok Build Beta - May 25. Terminal coding agent at 300 dollars per month for SuperGrok and X Premium Plus subscribers.
Wix Layoff Reporting - May 25. Globes and Calcalist reported preparations for around 1,000 layoffs, later confirmed by CEO Avishai Abrahami on May 28.
Apple Developer Betas - May 26. iOS 26.6, iPadOS 26.6, macOS 26.6, watchOS 26.6, tvOS 26.6, and visionOS 26.6 first developer betas land.
Anthropic Security-Guidance Plugin - May 26. Regex-based pattern matching for around 25 dangerous code patterns inside Claude Code.
Microsoft Lens Text-to-Image - May 26. 3.8 billion parameter foundational model released on Hugging Face.
Novee Agentic Fix - May 26. Routes validated pentest findings into Claude, Codex, Copilot, Cursor, and Devin for automatic remediation.
Amazon Alexa+ in France - May 26. Early Access invites with full pricing at 22.99 euros per month after launch.
Codex CLI 0.134.0 - May 26. --profile becomes the mandatory profile selector with migration guidance.
Puppeteer v25.1.0 - May 26. Rolls to Chrome 149.0.7827.2 and replaces cosmiconfig with lilconfig.
Typer 0.26.0 - May 26. Sebastián Ramírez ships a minor release of the FastAPI-style CLI library.
CISA KEV LiteSpeed cPanel - May 26. CVE-2026-48172 added to the catalog with active exploitation.
Cognition Series D - May 27. Raises 1 billion dollars at 26 billion dollar valuation for Devin.
Snowflake 6 billion dollar AWS Commitment - May 27. Largest cloud commitment in Snowflake’s history.
Salesforce Q1 FY27 - May 27. Record 11.1 billion dollar quarter with Agentforce passing 1 billion dollar ARR.
Glassworm Botnet Takedown Public Disclosure - May 27. CrowdStrike, Google, and Shadowserver confirm strike on four C2 channels.
GitHub Outage - May 27. Git operations, issues, PRs, and API requests degraded from 12:10 to 13:16 UTC.
GitHub TeamPCP Disclosure - May 27. 3,800 internal repositories confirmed exfiltrated, auctioned on dark web at 50,000 dollar floor.
CISA KEV Supply Chain Additions - May 27. Daemon Tools Lite, TanStack, and Nx Console added to the catalog.
Spring AI 2.0.0-M8 - May 27. Spring Boot dash-separated properties and MistralAI Jackson mapping improvements.
Anthropic Series H - May 28. 65 billion dollar raise at 965 billion dollar post-money valuation, top AI startup spot.
Claude Opus 4.8 - May 28. Dynamic Workflows up to 1,000 subagents, 2.5x faster Fast Mode, 1 million token context.
Claude Opus 4.8 in GitHub Copilot and Cursor - May 28. GA across Copilot Pro+, Business, Enterprise and live in Cursor.
Wix Layoffs Confirmed - May 28. CEO Avishai Abrahami posts message on X confirming 1,000 cuts driven by AI and the shekel.
Mistral Industrial Engineering AI - May 28. Physics-aware stack launched with Airbus, BMW, EDF, and CMA CGM as launch customers.
npm Typosquat Wave - May 28. 14 packages by vpmdhaj target AWS, HashiCorp Vault, and CI/CD secrets via Bun-compiled stealer.
npm Dependency Confusion Wave - May 28 to 29. Three aliases publish packages across nine corporate scopes including SberPay and Capibar Chat impersonations.
OpenAI Codex on Windows - May 29. Computer Use and ChatGPT mobile control come to Windows machines.
Cursor 3.6 - May 29. Auto-review Run Mode for Shell, MCP, and Fetch calls with allowlist, sandbox, and classifier checks.
CISA KEV PAN-OS - May 29. CVE-2026-0257 Palo Alto Networks authentication bypass added under active exploitation.
Gravity Bridge Hack - May 31. Roughly 5.4 million dollars drained in a suspected signing key compromise.

The race between Anthropic and OpenAI is no longer just about model quality. Anthropic moved into pole position on private valuations this week and used Opus 4.8 to push the agent loop further with Dynamic Workflows that can run a thousand subagents at once. Cognition raised a billion dollars on the back of Devin writing nearly nine out of every ten lines of its own production code. The Glassworm takedown is the first major coordinated bust of an open source supply chain actor in years, and the TeamPCP confirmation makes clear how thin the gap between a poisoned IDE extension and a full enterprise breach can be.

Layoffs are the other story. Wix joined Meta and Intuit from previous weeks in announcing AI-driven workforce cuts. The pattern across all three is the same: revenue holding or growing, headcount falling, savings redirected to AI tooling. The week ends with Microsoft Build 2026 set to open on June 2 in San Francisco and the rest of June already tilting toward Gemini 3.5 Pro, WWDC, and the start of GitHub Copilot’s usage-based billing era. See you next week.