Over the weekend: Musk, Zuckerberg, and Sacks killed Trump's draft AI safety executive order in three Wednesday-night phone calls. CISA logged 15,000 attacks on a Drupal SQL flaw patched 48 hours earlier. The first cross-registry supply chain attack — TrapDoor — hit npm, PyPI, and Crates.io at once, using .cursorrules and CLAUDE.md config files as the carrier. Anthropic closed a $30B+ round the same Saturday. And the White House personally overrode the Pentagon to keep Claude inside the NSA.
Get more from AI Weekly
More signal, less noise — pick your channels.
You're reading the weekly brief. Below are the other ways to follow the story — every channel free, easy to leave.
-
→ Explore 16 deep divesWeekly topic-specific newsletters: Generative AI, Machine Learning, AI in Business, Robotics, Frontier Research, Geopolitics, Healthcare, and more.Browse all 16 deep dives →
-
→ Breaking AI alertsWhen something major breaks (a $60B acquisition, a regulator's emergency meeting, a frontier model leak), alert subscribers know within hours. Typically 0-2 emails per day.Get breaking alerts →
-
→ AI News Today (live)Live dashboard updated as the scanner finds news: scored stories from the last 48 hours, weekly entity movers, and quarterly trend lines across 113 AI companies, people, and topics.Open AI News Today →
Quick Hits
- TrapDoor supply chain attack hits npm, PyPI, and Crates.io at once. First cross-registry campaign — AI config files used as the carrier. The Hacker News
- 34 packages compromised across all three registries — invisible to standard code review and most scanners
- Hidden Unicode in
.cursorrulesandCLAUDE.mdredirects Cursor and Claude Code to run credential-harvesting commands while developers see normal output - Pull requests also seeded against LangChain, LlamaIndex, MetaGPT — the blast radius extends beyond direct package installs
- Musk, Zuckerberg, and Sacks killed Trump's AI safety order in three phone calls. Order never reached public comment. Semafor
- Three calls Wednesday night through Thursday morning buried a draft requiring 90-day voluntary pre-release review of frontier models
- All three framed it as "doomer regulation"; accelerationist allies in the NEC and VP's office helped kill it before public comment
- No equivalent coalition of safety researchers or civil society groups had comparable West Wing access
- Anthropic closing a $30B+ round as it approaches first operating profit. Claude Code alone now at $1B ARR. Bloomberg
- $10.9B annualized revenue, on track for first operating profit in Q2 2026
- Round is separate from the $30B revenue run rate also reported this month — two different $30B numbers
- Claude Code at $1B ARR is the clearest sign developer tooling is now a real revenue center, not a feature
- CISA flags Drupal SQL injection as actively exploited within 48 hours of patch. 15,000 attempts against 6,000 sites across 65 countries. The Hacker News
- CVE-2026-9082 — unauthenticated SQLi in Drupal's database abstraction layer
- Affects every PostgreSQL-backed deployment regardless of version; MySQL-backed sites are clean
- Federal agencies have a hard patch deadline of May 27 under CISA's BOD 22-01
- White House clears $9B for NSA Blackwell chips and personally overrides Pentagon objection to keep Anthropic in classified networks. Procurement authority just migrated from Defense to the West Wing. The Next Web
- Chief of Staff Susie Wiles signed off on both the $9B chip request and continued NSA use of Claude
- Pentagon had previously designated Anthropic a supply chain risk — the override sets a precedent
- Revised contract drops "any lawful use" language and adds an explicit "no Americans' data" carve-out — new template for federal AI contracts
- Cornell study in Science: 9% of US university students cross into outright AI cheating. Daily AI users cheat at nearly 4× the monthly rate. Science
- 95,000 students across 20 public research universities, surveyed using list randomization (which makes 9% a floor, not a ceiling)
- One third use generative AI regularly on assignments — current assessments can't distinguish AI-assisted from independent work at scale
- Lead author Rene Kizilcec calls assessment reform "necessary and urgent"
- Anthropic's Project Glasswing surfaces 10,000+ critical code vulnerabilities in one month, claims zero false positives. Real production codebases, not sandboxes. Interesting Engineering
- 10,000+ findings verified in 30 days — scale dwarfs anything previously reported in the industry
- Zero-FP claim is the headline that will face the most scrutiny from the security research community
- If the precision holds, the argument shifts from "AI assists pentesting" to "AI replaces traditional pentest pipelines"
- Claude Code autonomously discovers a reasoning algorithm cutting inference compute 70%. 160 minutes, $40 of compute, no human in the loop. arXiv paper
- University of Maryland, Google, and Meta researchers set up a structured search environment and let Claude Code run unattended
- Result is AutoTTS, a control algorithm researchers describe as "nearly impossible to design by hand"
- Their framing: the search environment is the intellectual work now, not the algorithm
What it means: federal AI governance moved into the West Wing this weekend
Three things happened in 72 hours that all point in the same direction. Musk, Zuckerberg, and Sacks killed a White House AI safety order before it was ever public — without congressional input, without agency review, with no equivalent counter-coalition. The White House Chief of Staff personally overrode a Pentagon supply chain risk designation to keep Anthropic supplying Claude to the NSA. And the same office signed off on a $9B Blackwell procurement explicitly framed as closing a classified compute gap — with a "no Americans' data" carve-out written into the contract itself, not a policy memo.
Last week, federal AI governance still looked like a distributed system: agencies wrote rules, Defense vetted suppliers, Congress debated frameworks. As of Sunday night, the operational picture is simpler: a small number of people with direct West Wing access decide what gets reviewed, what gets procured, and what gets supplied to classified environments. The agencies are still there. They're just no longer the chokepoint.
For anyone building compliance roadmaps, vetting AI vendors, or trying to predict where the next regulatory line gets drawn: the institutional map you've been using is now stale. The decisions are happening in a different room.
Key Takeaways
- If you're auditing AI tools your team uses, your scan surface just expanded. TrapDoor proves that
.cursorrules,CLAUDE.md, and equivalent AI agent config files are now an attack vector. Add them to your code-review and SCA pipelines this week, not next quarter. - If your compliance roadmap assumed a federal AI executive order, stop planning around it. The draft order is dead. There is no announced replacement. Build against case law, state attorneys general, and EU AI Act timelines — those are the live tracks.
- If you're an AI buyer, federal procurement just consolidated. Anthropic is now the only frontier lab with a White House-cleared classified deployment, a $30B+ fresh round, and a "no Americans' data" template the rest of the industry will be measured against. Re-run your shortlist.
- If you hire from US universities, assume one-third of recent graduates have AI-assisted their credentialed coursework. The Cornell number is a floor. Interview design, not transcripts, is now the sorting mechanism.
→ Want this faster — not two days later?
Four of the stories above went out as AI Alerts over the weekend.
Alert subscribers got the Musk/Zuckerberg phone-call scoop Saturday morning, the Anthropic $30B round Saturday night, and the TrapDoor supply-chain attack Sunday night — within hours of each one breaking, not days later in this Monday recap. Typically 0–2 emails per day. Zero noise. Free.
Subscribe to AI Alerts (free) →Or reply to this email and I'll add you. — Alexis
Worth Reading
- Politico: how Anthropic and OpenAI's Mythos widens the Washington AI oversight gap — Useful companion to the EO-killing story. Walks through the specific oversight gaps that the now-shelved order would have addressed, and what's left holding the line.
- Bloomberg: Pentagon tests rival AI models in race to replace Anthropic — Published Wednesday, three days before the White House overrode the Pentagon's objection. Reads differently now: Defense was already shopping for a replacement when the West Wing closed the door on the swap.
- CNBC: IPO rush — SpaceX, OpenAI, Anthropic risk overloading the market — Analysts arguing the simultaneous pre-IPO setup across the three biggest private AI/space names is a top signal. If they're right, Anthropic's weekend $30B round is the late-cycle move.
- BBC: South Korea charges YouTuber after AI-fabricated audio ends Kim Soo-hyun's career — Criminal case, not a regulatory one. Police confirmed both audio and message screenshots were synthetic. This is the first documented criminal precedent for AI-enabled reputational destruction reaching arrest-warrant stage.
- Fortune: what just happened with Anthropic and the Pentagon should terrify you — Longer-form analysis from a week before the override. Argues the Anthropic-Pentagon fight is the proxy for whether federal AI procurement becomes regulated competition or a single-vendor lock-in. Reads with new weight after this weekend.
This week's poll
Three phone calls killed an AI safety executive order before it was public. What does that mean for the next 12 months of AI governance?
Last week, 167 of you voted:
Two trillion-dollar AI companies are about to test the public markets within weeks of each other. What happens?
Three phone calls killed an AI safety executive order before it was public. What does that mean for the next 12 months of AI governance?
Thanks for reading AI Weekly. Forward this to one person whose AI compliance roadmap just got rewritten.