The IPO filing was almost ceremonial. Anthropic submitted its confidential S-1 to the SEC on Monday — ahead of OpenAI, ahead of anyone’s expected timeline — targeting an October listing that analysts broadly project to open north of $1 trillion. The number is staggering but no longer surprising: Anthropic’s annualized revenue run rate has cleared $47 billion, its $65 billion Series H in late May valued the company at $965 billion privately, and Claude models are embedded across enterprise stacks from pharmaceuticals to finance. The IPO converts the most valuable private AI company in history into a public one. What follows — the scrutiny, the short-sellers, the quarterly earnings calls — is new territory for a lab that has spent four years arguing that safety and commercial success compound together.
But the more telling signal for how AI is landing in the real world showed up in a GitHub discussion thread.
GitHub Copilot’s usage-based billing took effect June 1. The change replaced a flat subscription with AI Credits billed per token, no upper bound for power users. Within hours, developers were posting burndown screenshots. One person on the $39-a-month Pro+ plan burned through 8% of their monthly credit allocation in two hours. Single agentic sessions were running $30 to $40. The community forum thread drew 400 comments and nearly 900 downvotes. The backlash is instructive: this is AI cost exposure. What felt like a software subscription was, underneath, a metered compute service. Developers running agentic workflows were being quietly subsidized. Now they’re not. The bill has arrived.
Also on Monday, Florida’s attorney general filed suit against OpenAI and CEO Sam Altman personally, alleging the company knowingly deployed ChatGPT while suppressing internal safety warnings. The complaint links the product in part to a shooting at Florida State University last year. The state is seeking billions in damages and wants Altman held personally liable. OpenAI disputes the characterization and will contest the suit. But the template is now established. Florida is the first state to sue. It will not be the last.
Microsoft opened Build 2026 at Fort Mason Center in San Francisco this morning. Satya Nadella’s keynote is streaming from 9:30 PT. Announcements are expected on a new reasoning-focused model, deeper agentic workflows inside VS Code, and Windows local AI. The audience is developers — the same ones who spent yesterday posting Copilot burn charts on the community forum.
The autonomous attacker
The week’s most technically significant story doesn’t have an IPO attached to it, but it may matter more in the long run. In late May, Sysdig’s threat research team documented the first confirmed live cyberattack driven by an autonomous LLM agent. An attacker exploited a remote code execution vulnerability in the Marimo notebook runtime (CVE-2026-39987), extracted cloud credentials from the compromised host, then handed control to an LLM agent that pivoted through AWS infrastructure and exfiltrated a full PostgreSQL database in under an hour. Four pivots. No human at the keyboard after the initial exploit.
The detail that sticks: the agent had no prior schema knowledge. It enumerated the database tables on its own, reasoned from first principles, identified and dumped a credentials table it had no specific intelligence about, and used Cloudflare Workers as a fan-out egress pool to break the source-IP correlation an AWS-side defender would have looked for.
The agent improvised. It adapted to what it found. That’s new, and it’s the part that should change how defenders think about response timelines.