In 60 seconds:
- “Mini Shai-Hulud” worm compromised 170+ npm/PyPI packages (TanStack, Mistral SDK, UiPath, OpenAI internal devices).
- Anthropic shipped Claude for Legal + Claude for Small Business in 48 hours — full vertical packs.
- OpenAI Deployment Company launched: $4B capital, $14B valuation, acquired Tomoro + 150 forward-deployed engineers.
- xAI Grok Build joined Claude Code + Codex CLI in the terminal.
- Cognition (Devin) raising at $25B — async AI engineering hitting Microsoft, Dell, Cisco.
A worm hit 170+ npm packages, including OpenAI itself. Anthropic shipped 3 products in 7 days. And OpenAI just put $4B into a deployment company because models alone don’t move the needle anymore. Catch up on last week’s drop if you missed it.
🐛 The supply chain attack you should care about
This week, a worm called “Mini Shai-Hulud” hit npm and PyPI. 170+ packages compromised. TanStack. Mistral AI’s SDK. UiPath. Even OpenAI confirmed two internal devices got infected. Stolen: GitHub tokens, cloud credentials, 1Password and Bitwarden data.
👊🏻 So what: You don’t run npm install. Your SaaS vendors do. Ask your IT lead Monday: are we exposed, and do our vendors actually know? If they don’t, that IS the answer.
🏛️ Anthropic went full vertical in 48 hours
Claude for Legal (Tuesday). Claude for Small Business (Wednesday). 12 legal plugins + 20 connectors. 15 SMB workflows wired into QuickBooks, PayPal, HubSpot, DocuSign, Google Workspace, M365.
Plot twist: Harvey ($11B) and Legora ($600M Series D) are both built on Claude. Anthropic just became their landlord AND newest competitor. Awkward.
👊🏻 So what: AI stopped being a horizontal tool. It’s industry-specific software now. Stop asking “should we use AI?” Start asking “is there a vertical pack for what we do?” Legal, finance, ops, marketing already have one. Your industry is next.
💸 The real bottleneck isn’t capability. It’s adoption.
Monday: OpenAI launched the OpenAI Deployment Company. $4B capital. $14B valuation. Backed by TPG, Bain, Brookfield, Goldman Sachs, McKinsey. Acquired Tomoro and its 150 forward-deployed engineers on day one.
Anthropic did the same days earlier: $1.5B venture with Goldman Sachs and Blackstone.
Two of the world’s top AI labs just told the market the same thing. The biggest problem in AI is no longer what the model can do. It’s whether it actually gets used.
👊🏻 So what: This is THE pain right now. Companies don’t need another tool. They need someone who sits inside the business, redesigns the workflow, and ships results. This is exactly where I’m placing my next bet. If your team has been “evaluating AI” for 6 months and shipped nothing, that’s not a tooling problem. It’s an adoption problem.
🛠️ Grok Build launches
Yesterday: xAI launched Grok Build. CLI coding agent, $300/month. Joins Claude Code and Codex CLI. 16 agents, 2M context, 8 in parallel.
👊🏻 So what: Every serious lab now has an agent in your terminal. Pick one. Pilot it. Ship faster.
🔦 Company of the Week: Cognition (Devin)
You probably haven’t heard of them. You should. They built Devin in March 2024. The first fully autonomous AI engineer. Claude Code and Grok Build pair-program with you. Devin works async. Assign a ticket, it opens a PR. No supervision. Customers: Microsoft, Dell, Cisco.
Now raising at $25B. Up from $4B 14 months ago. 6x.
👊🏻 So what: Synchronous AI engineers pair with humans. Asynchronous ones replace the ticket queue. Most teams need both. The ones that figure out the WORKFLOW win the decade.
🏃🏼♂️💨 The race isn’t about which model wins. It’s about who gets it INSIDE your business fastest. Same as a triathlon. Not won in the swim or bike. Won in T1 and T2. Adoption is your transition.
Bottom line for leaders: OpenAI and Anthropic just spent billions saying the same thing: the bottleneck is no longer the model — it’s deployment inside your business. That’s exactly the gap an AI Operator Sprint is built to close — 4–6 weeks embedded, your highest-leverage workflows shipped and owned by your team. If you want to start lighter, the AI Boot Camp gets you personally fluent in one day.
What’s stopping YOUR team from shipping AI this quarter? 👇