Good morning. This week AI crossed several milestones at once: a trillion-dollar IPO filing, a bipartisan biosecurity letter, a recursive self-improvement warning from Anthropic itself, and a reminder that autonomous agents can chain decade-old exploits into something entirely new.

Anthropic files to go public, revenue at $47B annualized

Anthropic has filed confidentially for an IPO, co-founder Daniela Amodei confirmed Thursday at the Bloomberg Tech conference. The move follows a $65 billion fundraise announced last week at a valuation approaching $1 trillion — which was reportedly oversubscribed — and comes as the company's annualized revenue crossed $47 billion in May, up from roughly $9 billion at the end of 2025.

Amodei framed the public listing as a capital access decision: "The sort of core set of companies that are working to advance the frontier are just going to need access to capital, and I think the public market is very well suited to that." She dismissed concerns about enterprise AI ROI, arguing companies are still early in figuring out deployment. She also defended Anthropic's decision not to build its own data centers, calling it a deliberate hedge against overextension — this despite the company's newly disclosed $1.25 billion-per-month compute deal with xAI.

Why it matters: The IPO pipeline is now genuinely crowded — Anthropic, SpaceX, and OpenAI are all queued up. Alphabet's record-breaking $85 billion equity sale, $45 billion of which was raised in a single oversubscribed tranche last week (Berkshire Hathaway took $10 billion), suggests public-market appetite for AI capital is real. The question is whether it holds once the queue actually arrives.

• Ahead of its IPO, Anthropic's Daniela Amodei shrugs off doubts about AI's returns — TechCrunch
• Alphabet's record-breaking $85B raise for Google's AI business is a helluva good signal — TechCrunch

Anthropic: Claude already writes 80% of our code. Recursive self-improvement is closer than you think.

In a new post from its research arm, Anthropic published internal data showing Claude-generated code now accounts for more than 80% of code merged into Anthropic's own systems as of May 2026 — up from low single digits before Claude Code launched in early 2025. Engineers now merge roughly eight times more code per day than in 2024.

The company says the length of tasks models can reliably handle has doubled roughly every four months. Claude Opus 3 managed coding tasks of a few minutes in early 2024; Claude Opus 4.6 now handles assignments lasting up to 12 hours. On SWE-bench, frontier models went from weak to near-saturation in two years.

Co-founder Jack Clark: "We've always found that the best thing to do is to socialize the concept and basically give people a sense of what's coming." Anthropic plans to brief U.S. lawmakers in the coming months and says governments should prepare for AI systems that may help create more capable successors with minimal human involvement. The company is clear that humans still define goals and judge results — but that gap is narrowing.

• Age of Ultron: Anthropic warns AI systems could soon build their own successors — Interesting Engineering

OpenAI's Codex chains decade-old DoS attacks into an HTTP/2 bomb

California-based security researcher Quang Luong discovered that OpenAI's Codex agent independently combined two known denial-of-service techniques — an HPACK compression bomb (CVE-2016-6581) and a Slowloris-style hold (CVE-2016-8740) — into a novel attack that can crash web servers in seconds. The resulting exploit, named HTTP/2 Bomb, can force a vulnerable Apache or Envoy server to consume and hold 32GB of memory in roughly 20 seconds from a home broadband connection.

Luong found that upward of 880,000 websites supporting HTTP/2 may be affected. nginx patched the next day after disclosure; Apache issued mod_http2 v2.0.41 and assigned CVE-2026-49975; Envoy patches are under validation. Microsoft IIS and Pingora have been notified. "Any capable AI model can turn those diffs into a working exploit, which is exactly how we found that Microsoft IIS, Envoy, and Pingora are also vulnerable," the Calif team wrote.

Luong will present full technical details at the Real World AI Security conference later this month. Proof-of-concept scripts are already on GitHub.

Why it matters: This is a case study in what "AI agents chaining exploits" actually looks like in practice — not science fiction, but a researcher using Codex as a research accelerator to discover a new attack surface from old primitives. Defenders need to patch faster than agents can read diffs.

• OpenAI's agent chained decade-old DoS attacks to crash web servers in seconds — The Register

Anthropic open-sources its AI vulnerability-hunting framework

In a separate but related move, Anthropic published its internal framework for AI-powered vulnerability discovery on GitHub. The defending-code-reference-harness repo includes skills for threat modeling, scanning, triage, and patching, along with an autonomous scanning harness that teams can customize. The repo has 386 stars at publication.

Teams that have used the framework internally report that as waves of scans continue, the number of findings goes down but complexity goes up — the model stops re-finding fixed bugs and surfaces deeper issues. Anthropic notes that autonomous triage and patching are still open problems; the framework doesn't fully solve them.

• Anthropic's open-source framework for AI-powered vulnerability discovery — GitHub

Tech leaders unite on DNA screening to block bioweapon misuse

In a rare cross-sector alignment, Sam Altman, Dario Amodei, Demis Hassabis, and Alexandr Wang are among dozens of signatories on an open letter calling on Congress to mandate screening of synthetic DNA orders. The letter argues that AI systems can now outperform PhD-level virologists on highly technical laboratory questions, and that the knowledge barriers which historically limited access to biological weapons may be eroding.

The proposal focuses on mechanisms already used by many gene synthesis companies under voluntary standards — checking DNA sequences against flagged patterns, verifying customer identity, maintaining order records. The letter argues these should become legally mandatory rather than voluntary. "This is a rare moment of agreement across stakeholders that are often at odds," it concludes.

The Register also reported that AI heavyweights (including Anthropic) formally warned this week that their technology could meaningfully lower the barriers to bioweapon development — acknowledging the dual-use risk publicly.

• Rare agreement: Sam Altman and Dario Amodei back DNA rules to curb bioweapon risk — Interesting Engineering
• AI heavyweights warn their tech could help terrorists develop bioweapons — The Register

UK orders Google to give publishers AI opt-outs and clearer attribution

The UK's Competition and Markets Authority issued a binding ruling requiring Google to give publishers two things: effective controls to opt out of having their content used in AI Overviews and other generative search features, and clearer attribution with actual links in AI-generated results. Google has nine months to comply.

The CMA specified that opt-outs must be available at both the directory and page level, and that Google cannot penalize opted-out publishers in organic search rankings. Google opposed both measures in its February response to the proceeding, arguing that "excessive attribution" would worsen user experience and that page-level opt-outs would increase crawl costs. The CMA rejected both arguments.

Google said it will comply and announced a new Search Console toggle it is testing with a subset of UK website owners. It is not yet clear whether the clearer-attribution changes will apply globally.

Why it matters: This is the first legally enforceable publisher opt-out for AI search anywhere. It gives news organizations real leverage to negotiate content deals with Google rather than simply having their content consumed.

• Google ordered to put clearer links in AI search and let UK publishers opt out — Ars Technica

In brief

Lovable 5x on Google Cloud. Stockholm's fastest-growing vibe-coding startup signed a multiyear deal to expand its Google Cloud footprint fivefold, gaining broader access to both Claude and Gemini models. Lovable's agent will also be listed in Google's Gemini Enterprise Agent Gallery, and will integrate with Wiz for real-time security remediation. Lovable crossed $400M in annualized revenue in February. (TechCrunch)

ChatGPT memory gets a new architecture. OpenAI is rolling out what it calls a "new dreaming architecture" that writes readable memory summaries, improves carry-forward context across conversations, and — for the first time — will begin recording memories for free-tier users. Plus and Pro users get expanded memory capacity. Rolling out in the US now, other countries in coming weeks. (Engadget)

Apple approves first AI agent on Messages for Business. Poke, a Spark Capital-backed startup that wraps AI agents in a text-message interface, became the first standalone AI agent approved to run on Apple's Messages for Business platform. Apple charges a per-user toll. The approval required months of UI compliance work. Poke is valued at $300M post-money after a recent $10M add-on to its $15M seed. (TechCrunch)

Canada announces national AI strategy. Prime Minister Mark Carney outlined plans to build Canadian-developed AI rather than rely entirely on US providers. Canada wants its own sovereign models and less dependence on American infrastructure. (Engadget)

That's the week. The biosecurity letter and the HTTP/2 bomb story are two sides of the same coin: autonomous AI systems are now capable enough to meaningfully accelerate both offense and defense. The patch-or-get-exploited clock is ticking faster.