The capital concentration around Anthropic is now difficult to ignore: Google has committed $40 billion and Amazon $5 billion, making Anthropic one of the most heavily capitalised AI labs in history without a single public share. What that buys in practice is visible in the deployment layer — Claude is now natively integrated into Spotify, Uber, and TurbotTax, and Shopify has moved to an unlimited Claude access model for its workforce. These are not pilot agreements; they represent enterprises restructuring workflows around a single model provider at scale.

The more operationally significant story this week is Mythos. Anthropic's internal red-team system — partially decoded by Discord researchers — identified 271 vulnerabilities in Firefox, a number that would represent months of work for a conventional security team. That capability sitting inside a commercial AI lab, with enterprise customers already on unlimited-access tiers, changes the calculus for CISOs: the question is no longer whether AI will be used in vulnerability research, but whether your suppliers' AI systems are already running against your dependencies.