Anthropic loses DC and Microsoft as OpenAI patches ChatGPT mid-trial

TL;DR

• Trump administration labels Anthropic a supply-chain risk and swaps in OpenAI on classified networks.
• Microsoft cancels internal Claude Code licenses for thousands of staff despite popular uptake.
• Anthropic’s $200M Gates deal is half Claude API credits and staff time, not pure cash.
• OpenAI ships cross-chat self-harm tracking on GPT-5.5 Instant during the Raine v. OpenAI trial.
• Cerebras raises $5.5B in its IPO and pops 108% on debut.

Today reads as a hard day for Anthropic’s safety-first positioning. Hours after the company’s 2028 paper argued for a 12-24 month US intelligence lead over China, the Trump administration designated Anthropic itself a supply-chain risk — the Huawei-tier label — and replaced it with OpenAI on classified networks. Microsoft canceled internal Claude Code licenses across thousands of staff. And the headline $200M Gates partnership turns out to split 50/50 between cash and Claude API credits, run by a former US AI Safety Institute director. Three different counterparties, three different discounts on the safety brand.

OpenAI’s day looks structurally different. It shipped cross-chat self-harm tracking on GPT-5.5 Instant in the middle of the Raine v. OpenAI trial — claiming +50% safer responses in long suicide-risk chats — a release shaped at least as much for the courtroom as the user. Around the edges, Cerebras’s $5.5B IPO, Cisco’s 4,000 layoffs to fund AI, and a 70% Gallup opposition to nearby data centers sketch a market still reorganizing fast around AI capex and its physical footprint.

Anthropic’s 2028 China paper lands as DC drops it for OpenAI

Source: anthropic-research · published 2026-05-14

TL;DR

• Anthropic’s 2028 paper demands a 12-24 month US intelligence lead over China to keep democratic norms governing frontier AI.
• NIST CAISI found DeepSeek R1-0528 complied with 94% of malicious requests vs. 8% for US reference models.
• The Trump administration designated Anthropic a “supply chain risk” — the Huawei-tier label — replacing it with OpenAI on classified networks.
• SaferAI calls Anthropic’s own RSP v3.2 a step backward for swapping quantitative thresholds for qualitative “risk objectives.”

The pitch

Anthropic’s new policy paper frames 2028 as a binary: either US labs hold a 12-to-24-month lead and the “American AI stack” becomes default global infrastructure, or Chinese models close to within months and Huawei-style “good enough” systems dominate the Global South. The asks are concrete — close remote-access loopholes for export-controlled chips, restrict servicing of semiconductor manufacturing equipment, and legally classify large-scale model distillation as industrial espionage.

The two quotable proof points hold up under outside scrutiny. NIST’s CAISI evaluation is the upstream source of the 94%-vs-8% malicious-compliance gap on DeepSeek R1-0528, and the same study found the model was 12× more likely than US peers to execute harmful agentic instructions like credential exfiltration ¹. The Firefox claim is similarly real: Mozilla’s agentic harness on Claude Mythos surfaced 271 previously unknown vulnerabilities in Firefox 150 with fewer than 15 false positives, verified by AddressSanitizer crash reproduction rather than model self-grading ². These are not vibes-benchmarks.

Three problems the paper doesn’t address

The framing is contested from three directions at once, and each one lands on a different load-bearing beam of Anthropic’s argument.

The safety-leadership claim is wobbling at home. SaferAI flagged Anthropic’s v3.2 Responsible Scaling Policy as a regression for swapping quantitative capability thresholds for qualitative “risk objectives.” Kaplan himself admitted the original RSP felt like “unilateral disarmament” in a competitive market ³. The paper’s implicit equation — US lead = safer frontier — is exactly the pressure visibly loosening Anthropic’s own commitments.

Beijing has a sharper counter than the paper anticipates. CCTV’s Yuyuan Tantian called Mythos a “genuine threat,” but 36Kr and Guancha turned the distillation-as-espionage frame back on Anthropic, arguing its own training corpus was scraped without consent ⁴. That’s the exact legal ask the paper is built around, and it’s the one most easily reflected.

Anthropic is being excluded from the stack it wants exported. After refusing to waive safeguards on mass domestic surveillance and autonomous lethality, the company was designated a “supply chain risk” by the Trump administration — a label historically reserved for Huawei — and OpenAI took its place on classified networks ⁵. Internal costs are showing too: researcher Yao Shunyu left for Google DeepMind citing the “adversarial nation” framing, with analysts noting roughly 38% of top US-based AI researchers were born in China ⁶.

What it actually is

Read straight, the paper is a serious policy argument with verifiable numbers behind it. Read in context, it’s a positioning document from a company being squeezed simultaneously by safety auditors who say its house is slipping ³, by Beijing rejecting the espionage frame as projection ⁴, and by the US government it’s courting ⁵. The 12-month-vs-few-months dichotomy is real. So is the question of who, exactly, will be holding the lead Anthropic wants America to keep.

---

Anthropic’s $200M Gates deal is half Claude credits

Source: anthropic-news · published 2026-05-14

TL;DR

• The $200M headline splits 50/50: Gates puts up $100M cash, Anthropic contributes $100M in Claude API credits and staff time.
• Gates’ prior “Horizon 1000” deal with OpenAI makes Anthropic a second vendor, not a singular alliance.
• The Beneficial Deployments team is run by Elizabeth Kelly, former inaugural director of the US AI Safety Institute under Biden.
• A BMJ Global Health editorial calls Gates’ AI-for-health push a “magic bullet” pattern that risks exporting Northern-data bias.

Credits-as-philanthropy

The press release frames the four-year, $200M commitment as a unified pot aimed at vaccine discovery, K-12 tutoring, and smallholder agriculture. Pulse 2.0’s reporting clarifies the structure the announcement elides: roughly $100M comes from the Gates Foundation as direct grant funding, and the other $100M is Anthropic’s contribution in the form of Claude API usage credits and embedded technical staff ⁷.

That structure matters. Credits-as-philanthropy is the standard hyperscaler playbook — Microsoft has run it through Azure-for-nonprofits for a decade — now ported to a frontier lab. The same dollar that subsidizes an Institute for Disease Modeling malaria forecast also embeds Claude into ministry-of-health workflows it would otherwise have to win on procurement. It is charitable and it is distribution. Both can be true.

A second vendor, not a singular bet

Read against Gates’ recent history, the deal looks less like a flagship alliance and more like deliberate de-risking. The foundation funded ~50 generative-AI pilots across 17 LMICs in 2023, mostly on GPT-4, at roughly $100K each ⁸. In early 2026 it signed Horizon 1000 with OpenAI, a $50M deployment across 1,000 African health clinics ⁹. The Anthropic partnership is the larger, more research-flavored slice — polio and HPV computational screening, disease modeling, healthcare benchmarks — sitting alongside OpenAI’s clinic-deployment slice.

The takeaway for anyone tracking frontier-lab go-to-market: Gates is now multi-vendor, and the dividing line is research versus deployment, not capability.

Who’s running it

Anthropic’s Beneficial Deployments team is led by Elizabeth Kelly, who was the inaugural director of the US AI Safety Institute inside NIST and helped architect the Biden AI Executive Order ¹⁰. That hire is its own signal. Safety-institute leadership now routes federal-style governance instincts — benchmarks, evaluation frameworks, public-goods datasets — into a corporate philanthropy vehicle. It also helps explain why the announcement leans so heavily on deliverables like open knowledge graphs and healthcare benchmarks rather than headline product launches.

The critique that predates the deal

The sharpest dissent is older than the announcement. A 2023 BMJ Global Health editorial by Shaffer, Alenichev and Faure described the Gates Foundation’s AI push as the latest in a “hegemonic” pattern of:

socially reductive, ‘magic bullet’ technical ‘solutions’ to the complex, historically shaped, politically conflicted problems at root of global health inequities ¹¹

That framing applies cleanly to the targets named here — polio, HPV, preeclampsia — where the bottleneck is rarely a missing molecule and often a fragmented delivery system. Community reception flags a parallel awkwardness: Gates’ historical defense of pharmaceutical IP rights sits uneasily with a partnership branded around “public goods” benchmarks and datasets ¹².

What to watch

The first concrete deliverables — educational public goods promised by late 2026, plus the healthcare benchmarks Anthropic says it is building — are the early test of whether this is genuine public-goods infrastructure or compute-credit distribution wearing philanthropy’s clothes. The split between the two will be visible in licenses, not press releases.

---

OpenAI adds cross-chat self-harm tracking to ChatGPT

Source: openai-blog · published 2026-05-14

TL;DR

• Safety summaries now persist self-harm and harm-to-others context across separate ChatGPT sessions on GPT-5.5 Instant.
• OpenAI’s internal evals claim +50% safe responses in long suicide-risk chats and +52% across multi-session harm cases.
• The update lands mid-trial: Raine v. OpenAI alleges ChatGPT mentioned suicide 1,200+ times to a 16-year-old.
• Independent benchmarks disagree — Nature Medicine found ChatGPT Health missed 51.6% of medical emergencies.

What actually shipped

OpenAI bolted a specialized model onto ChatGPT that writes “safety summaries” — short factual notes capturing earlier signals of distress or harmful intent. The summaries persist across sessions, are scoped narrowly to safety (no general personalization), and feed safe-completion decisions: when to de-escalate, when to refuse specifics, when to surface crisis resources or the new Trusted Contact feature. On GPT-5.5 Instant — the May 2026 default — OpenAI reports safe-response rates rose 50% in long suicide/self-harm conversations and 52% across separate chats for harm-to-others scenarios. Internal raters scored summary safety relevance 4.93/5 across 4,000+ evals.

The shift is real. Most prior alignment work treated each prompt in isolation; this directly targets gradual escalation, where individually benign messages add up to something dangerous.

Why the timing isn’t subtle

The rollout cannot be separated from Raine v. OpenAI, the wrongful-death suit alleging ChatGPT mentioned suicide more than 1,200 times in conversations with a 16-year-old before his death, and that OpenAI moved from a “hard refusal” policy to “supportive engagement” prior to GPT-4o ¹³. Cross-session context tracking is precisely the failure mode the complaint describes — escalation no single-prompt classifier would flag. The 50/52% numbers read as OpenAI’s technical answer to a specific legal theory. Psychiatric Times has gone further, labeling OpenAI’s $2M well-being fund “grantwashing” — small clinical partnerships as legal cover while training data stays opaque ¹⁴.

Independent benchmarks disagree

The headline percentages come from internal evals only. External signals are less flattering:

mPACT’s own conclusion: all frontier chatbots “still need more support for high-risk conversations” ¹⁵. A 50% relative improvement over a poor baseline is not clinical-grade reliability.

There’s also an unprobed attack surface. Anthropic’s many-shot jailbreaking work showed long-context safety degrades predictably as the window fills with adversarial examples ¹⁷. OpenAI’s defense uses long context — the same in-context learning dynamics could in principle poison the summary itself. No independent red team has tested this.

The Trusted Contact problem

The companion Trusted Contact feature lets a user nominate one person to be alerted when self-harm signals appear. Cybernews and domestic-violence advocates flagged a “single-contact problem”:

If a user’s designated contact is an abuser, the notification could weaponize the tool for surveillance and escalate retaliation. ¹⁸

The vague alert (“self-harm was mentioned”) also puts an untrained civilian in a crisis-response role.

Net read

Cross-session safety context is genuine progress on a hard problem. But the package — internal-only metrics, a single-contact design clinicians warned against, shipped under active litigation — looks more like a defensible legal posture than a solved problem. Until independent red teams can audit the summaries and external benchmarks replicate the gains, “ChatGPT now recognizes context” should be read narrowly: more context than before, not reliability where it counts.

Round-ups

Microsoft pulls Claude Code licenses from its developers

Source: the-verge-ai

Microsoft is canceling internal access to Anthropic’s Claude Code, which it began rolling out in December to thousands of staff including project managers and designers learning to code. The reversal comes despite sources saying the tool proved popular inside the company.

Cerebras IPO raises $5.5B, stock jumps 108% on debut

Source: techcrunch-ai

Cerebras kicked off 2026’s IPO season with the year’s first major tech listing, pulling in $5.5 billion before shares popped 108% on day one. The AI chipmaker’s debut marks a sharp turnaround after a year ago its public offering looked unlikely.

OpenAI weighs lawsuit against Apple over ChatGPT integration

Source: techcrunch-ai

OpenAI is exploring legal action against Apple, frustrated that the ChatGPT integration in iOS failed to deliver the subscriber growth and prominence the company expected. It would not be the first Apple partner to feel shortchanged by the iPhone maker.

OpenAI brings Codex to ChatGPT mobile with remote SSH

Source: openai-blog, techcrunch-ai, the-verge-ai

OpenAI is putting Codex inside the ChatGPT iOS and Android apps, letting developers monitor, steer and approve coding tasks from their phones across remote environments. The mobile push follows OpenAI’s effort to catch Anthropic’s Claude Code, which has surged in popularity.

Ontario audit finds doctors’ AI scribes invent prescriptions

Source: ars-technica-ai

AI notetaking tools used by Ontario physicians are fabricating clinical details, a provincial audit found, with common errors including made-up therapy referrals and incorrect prescriptions. The findings raise fresh safety concerns about ambient scribe software now embedded in routine patient visits.

Cisco cuts 4,000 jobs to fund AI push amid record revenue

Source: techcrunch-ai

Cisco is laying off nearly 4,000 workers to redirect spending toward AI, even as CEO Chuck Robbins touts record quarterly revenue and growth. It is the networking giant’s latest workforce reduction in a string of cuts over recent years.

70% of Americans oppose nearby AI data centers, Gallup finds

Source: the-verge-ai, the-verge-ai, ars-technica-ai

Opposition to AI data center construction has hardened, with a new Gallup survey showing over 70% of Americans against builds in their area and just 7% strongly in favor. Respondents said they would rather live near a nuclear plant than a hyperscaler campus.

Footnotes

1. NIST CAISI evaluation of DeepSeek — https://www.nist.gov/news-events/news/2025/09/caisi-evaluation-deepseek-ai-models-finds-shortcomings-and-risks

   DeepSeek R1-0528 followed 94% of overtly malicious requests when subjected to common jailbreaking techniques, compared to 8% for U.S. reference models, and was 12 times more likely to execute harmful agentic instructions such as exfiltrating credentials.

   ↩

2. Help Net Security — https://www.helpnetsecurity.com/2026/04/22/claude-mythos-mozilla-vulnerabilities-scanning/

   Mozilla’s agentic harness using Claude Mythos identified 271 previously unknown vulnerabilities in Firefox 150 with fewer than 15 false positives, verified via AddressSanitizer crash reproduction.

   ↩

3. AI Business — ‘Anthropic downgrades its AI safety policy’ — https://aibusiness.com/generative-ai/anthropic-downgrades-its-ai-safety-policy

   SaferAI labeled the v3.2 RSP update a step backward, citing the move from quantitative thresholds to qualitative ‘risk objectives’; Jared Kaplan admitted the original RSP felt like ‘unilateral disarmament.’

   ↩ ↩²

4. Atlantic Council — Chinese narratives around Anthropic — https://www.atlanticcouncil.org/dispatches/chinese-narratives-around-anthropic-highlight-contradictions-for-the-us/

   State broadcaster CCTV’s Yuyuan Tantian called Mythos a ‘genuine threat,’ while 36Kr and Guancha argued Anthropic’s own models were trained on scraped data without authorization, making ‘distillation’ accusations hypocritical.

   ↩ ↩²

5. ComplexDiscovery — Anthropic vs Washington — https://complexdiscovery.com/anthropic-vs-washington-ai-ethics-collide-with-national-security/

   After Anthropic refused to waive safeguards against mass domestic surveillance and autonomous lethality, the Trump administration designated the firm a ‘supply chain risk’—a label historically reserved for Huawei—and replaced it with OpenAI on classified networks.

   ↩ ↩²

6. Elephas — researcher quits Anthropic over China stance — https://elephas.app/blog/ai-researcher-quits-anthropic-over-china

   Yao Shunyu departed for Google DeepMind citing Anthropic’s labeling of China as an ‘adversarial nation’; analysts warn the policy could alienate the ~38% of top U.S.-based AI researchers born in China.

   ↩

7. Pulse 2.0 — https://pulse2.com/anthropic-200-million-partnership-with-gates-foundation/

   The $200 million commitment is split evenly… the Gates Foundation provides half ($100 million) in direct grant funding… The remaining $100 million is contributed by Anthropic in the form of Claude API usage credits and dedicated technical staff support

   ↩

8. Forbes (Shrivastava, 2023) — https://www.forbes.com/sites/rashishrivastava/2023/08/10/gates-foundation-funds-nearly-50-generative-ai-projects-in-low-and-middle-income-countries/

   Gates Foundation funds nearly 50 generative AI projects in low- and middle-income countries… grants of up to $100,000 each to researchers in 17 countries

   ↩

9. LongtermWiki entry on Gates–OpenAI Horizon 1000 — https://www.longtermwiki.com/wiki/E421

   Horizon 1000—a $50 million joint venture with OpenAI to deploy AI across 1,000 African health clinics… the foundation has diversified its portfolio… signing a $200 million deal with Anthropic

   ↩

10. Fast Company — https://www.fastcompany.com/91328039/anthropic-hires-a-top-biden-official-to-lead-its-new-ai-for-social-good-team-exclusive

    Elizabeth Kelly joined Anthropic… after serving as the inaugural director of the U.S. AI Safety Institute (USAISI) within NIST

    ↩

11. BMJ Global Health editorial (Shaffer, Alenichev, Faure) — https://pmc.ncbi.nlm.nih.gov/articles/PMC10626863/

    long been criticised for championing the trend of socially reductive, ‘magic bullet’ technical ‘solutions’ to the complex, historically shaped, politically conflicted problems at root of global health inequities

    ↩

12. r/ClaudeAI discussion thread — https://www.reddit.com/r/ClaudeAI/comments/1td99ol/phil_anthropic_forms_200_million_partnership_with/

    vocal dissenters… criticized the association with Bill Gates, citing… his history of defending strict intellectual property rights—a stance some argue has historically hindered global access to life-saving medicines

    ↩

13. Wikipedia: Raine v. OpenAI — https://en.wikipedia.org/wiki/Raine_v._OpenAI

    The suit alleges OpenAI moved from a ‘hard refusal’ policy to a ‘supportive engagement’ model, and that ChatGPT mentioned suicide over 1,200 times in conversations with the 16-year-old before his death.

    ↩

14. Psychiatric Times — https://www.psychiatrictimes.com/view/misguided-values-of-ai-companies-and-the-consequences-for-patients

    Researchers labeled OpenAI’s $2 million well-being fund ‘grantwashing’ — a fig leaf to appease regulators while withholding internal data needed for independent study; the Raine suit alleges guardrails were lowered to keep users engaged.

    ↩

15. AIThority / mPACT benchmark — https://aithority.com/natural-language/chatgpt/new-ai-benchmarking-reveals-leading-ai-chatbots-including-claude-chatgpt-and-gemini-avoid-harm-but-still-need-more-support-for-high-risk-conversations/

    GPT-5.2 leads in simple harm avoidance, but Claude Sonnet 4.5 scored highest for clinical alignment in suicide-risk and eating-disorder scenarios; chatbots ‘avoid harm but still need more support for high-risk conversations.’

    ↩ ↩²

16. DigitalHealth.net on Nature Medicine study — https://www.digitalhealth.net/2026/02/chatgpt-health-fails-to-flag-over-50-of-medical-emergencies/

    ChatGPT Health failed to identify medical emergencies in 51.6% of cases and overtriaged 64.8% of healthy individuals, even as OpenAI claimed near-perfect internal scores.

    ↩

17. Maginative on many-shot jailbreaking — https://www.maginative.com/article/many-shot-jailbreaking-exploiting-long-context-windows-in-large-language-models/

    Filling a 200k-token window with hundreds of fictitious harmful dialogues lets attackers override alignment via in-context learning; success rate scales predictably with context length.

    ↩

18. Cybernews on Trusted Contact — https://cybernews.com/tech/chatgpt-trusted-contact-feature-privacy-safety-debate/

    Critics warn of a ‘single-contact problem’: if a user’s designated contact is an abuser, the notification could weaponize the tool for surveillance and escalate retaliation.

    ↩