JS Wei (Jack) Sun

AI Curated

Anthropic, OpenAI bill by token, SQLite bans agent PRs, YouTube auto-labels AI

Enterprises, open-source maintainers, and platforms each respond to costs AI vendors pushed downstream — paying full, refusing, or auto-complying.

Anthropic, OpenAI bill by token, SQLite bans agent PRs, YouTube auto-labels AI

TL;DR

  • Anthropic and OpenAI moved enterprises off seat discounts to full API-token pricing between Nov 2025 and Apr 2026.
  • SQLite’s AGENTS.md bans agent-written code submissions outright while still accepting agent bug reports with repro tests.
  • YouTube flipped AI disclosure to automatic detection, 3 months before the EU AI Act’s Article 50 deadline.
  • Cognition raised $1B at $25B pre-money, doubling its valuation in 8 months on $492M ARR.
  • Anthropic and OpenAI are spending millions in NY-12 to defeat state AI regulator Alex Bores.

Three leads today, one shared shape: the cost of running AI keeps getting pushed past the vendor’s wall, and the institution on the receiving end decides whether to pay, refuse, or build machinery to comply. Anthropic and OpenAI quietly walked enterprises off seat-based discounts and onto full API-token billing — Uber burned its 2026 AI budget in four months. SQLite’s new AGENTS.md answers the same pressure with a hard no on agentic code submissions, joining QEMU, Gentoo, and NetBSD. YouTube flipped AI disclosure from creator opt-in to automatic detection three months before the EU AI Act’s Article 50 deadline, the last big platform to align.

Around the leads, the same pattern shows up sideways. Cognition doubles its valuation to $25B on enterprise agent demand; Robinhood hands brokerage accounts to agents via funded sub-wallets; and Anthropic and OpenAI are pouring millions into a New York assembly race to remove a state AI regulator from the board entirely.

Anthropic, OpenAI shift enterprises to full API token pricing

Source: simon-willison · published 2026-05-27

TL;DR

  • Anthropic and OpenAI quietly moved enterprise plans from seat-based discounts to full API-token pricing between November 2025 and April 2026.
  • Anthropic is rumored to hit $10.9B in Q2 2026 revenue and its first profitable quarter.
  • Uber burned its 2026 AI budget in four months as Claude Code adoption jumped from 32% to 84% of engineers. 1
  • Cursor’s Composer 2 matches Opus on Terminal-Bench at roughly 1/10th the cost via a Kimi K2.5 fine-tune. 2

The pricing change is the story

Willison’s thesis is simple: coding agents are the first AI product that bills like enterprise software should. Sometime in November 2025, Anthropic quietly switched its Enterprise plan from “seats include enough usage for a typical workday” to $20/seat/month plus raw API pricing. OpenAI did the same for Codex on April 2, 2026, then extended it to all ChatGPT Enterprise tiers — including Edu, Health, and Gov — three weeks later. April also brought GPT-5.5 at 2× the API price of GPT-5.4 and Opus 4.7 at roughly 1.4× Opus 4.6. New frontier models, higher rack rates, and year-long enterprise contracts that no longer escape those rates.

Willison’s own usage makes the case concrete: ccusage shows his $200/month in consumer subscriptions would cost $2,180 at API rates. Multiply that by a Fortune 500 engineering org and you get Uber, whose CTO admitted the company “maxed out its full year AI budget” months into 2026. Forbes’ follow-up fills in the shape: adoption went from 32% to 84% of engineers in a single month, with power users hitting $2,000/month in token spend. 1 One developer on a $400 Claude Code plan reported $18,000 in API-equivalent consumption from cache-read amplification on a large codebase. 3 That’s not “sucking air through teeth” — that’s a billing incident.

The bear case Willison underplays

The synthesis brief sharpens the dissent. Ed Zitron points out that Anthropic leaked $4.8B in Q1 2026 revenue, yet CFO Krishna Rao testified under oath in March 2026 that lifetime revenue had only “exceeded $5 billion” — arithmetic that requires 90% of all-time revenue to have landed in one quarter. 4 He also notes the reported Q2 operating profit excludes stock-based comp and amortized training costs.

The compute side is shakier than the SpaceX S-1 headline suggests. The $1.25B/month Colossus contract through 2029 sounds like commitment; Musk has publicly said the lease may run only six months, with a 90-day termination clause letting xAI reclaim capacity “if compute gets super tight.” 5 That’s optionality being sold as a backlog number.

And the middleman fightback is more advanced than Willison’s “no wonder Cursor is investing in their own models” aside admits. A Monachus security advisory found Cursor Composer 2 is a fine-tune of Moonshot’s Kimi K2.5 — identical tokenizers — matching Claude Opus on Terminal-Bench at roughly one-tenth the per-token cost. 2 If open Chinese base weights can deliver frontier-adjacent coding quality at 10× cheaper inference, the API moat compresses faster than enterprise lock-in can capture it.

What to watch

Microsoft canceling internal Claude Code licenses to push Copilot CLI is the canary: Windows Central reports Claude Code became “perhaps a little too popular” and that engineers may simply route around the policy via shadow AI. 6 If even Microsoft can’t make its own coding agent stick against Claude, the labs’ pricing power is real this quarter. The S-1s will tell us whether it survives the next four.

SQLite bans agentic code, keeps agentic bug reports

Source: simon-willison · published 2026-05-27

TL;DR

  • SQLite’s new AGENTS.md forbids agentic code submissions outright, full stop.
  • Agent-filed bug reports are still welcome if they include a reproducible test case.
  • Google’s Big Sleep agent found CVE-2025-6965, a memory-corruption bug in SQLite “known only to threat actors.”
  • QEMU, Gentoo, and NetBSD have already made similar moves against AI-generated PRs.
  • curl’s Daniel Stenberg calls the inbound flow of AI slop a “DDoS on open source.”

A small delta on an already unusual policy

SQLite has never been a normal open-source project. Outside contributions require a notarized affidavit dedicating the code to the public domain, physically stored in a fire-resistant safe at Hwaci’s offices 7. The overwhelming majority of commits come from D. Richard Hipp and Dan Kennedy. So when the project added an AGENTS.md five days ago stating that it “does not accept agentic code,” it wasn’t reversing an open-contribution culture — it was closing a loophole. An autonomous agent cannot sign a public-domain affidavit because there is no human author to sign it.

The follow-up commit, with the message “Strengthen the statement about not accepting agentic code,” removed the qualifier “(currently).” That edit is the news. The project is not waiting for the models to get better.

The asymmetric carve-out: reports yes, code no

The interesting structural choice is what SQLite does allow. Agent-generated bug reports are welcome — provided they include a reproducible test case — and the project has spun up a dedicated SQLite Bug Forum to keep the firehose separate from human development discussion. Hipp has been triaging it with a flurry of commits.

This asymmetry has empirical backing. The highest-profile SQLite vulnerability of the past year, CVE-2025-6965, was an integer-overflow memory-corruption bug surfaced by Google’s Big Sleep agent and described as “known only to threat actors” at the time of discovery 8. curl — whose maintainer Daniel Stenberg has been the loudest critic of low-quality AI security reports — has nonetheless merged over 170 legitimate fixes from expert-driven scanners like ZeroPath and AISLE that traditional static analysis missed 9. The signal is real when the tooling is expert-driven; the noise is unsustainable when it’s prompted by amateurs.

Part of a broader OSS hardening pattern

SQLite is not an outlier. QEMU and Gentoo have voted to reject AI-generated contributions outright, and NetBSD now treats such code as “tainted,” requiring explicit core approval 10. Stenberg has compared the inbound load to a denial-of-service attack on maintainers and shut down curl’s bug bounty program after fabricated reports consumed hundreds of hours of expert time 11.

“AI is DDoSing open source.” — Daniel Stenberg

SQLite’s bifurcated forums and deliberately permanent-sounding policy edits are the same defensive posture, slightly more formalized.

A pointed irony about the format itself

There’s a footnote worth flagging. A 2026 ETH Zurich study found that auto-generated AGENTS.md files actually decrease agent task success on SWE-bench-style benchmarks by roughly 3%, while inflating inference cost by more than 20% in extra input and reasoning tokens 12. Human-curated files yield only a marginal ~4% gain.

SQLite is using the format in arguably its most effective mode: not to coach agents through the codebase, but to tell them to stay out of it. That may be the cleanest signal AGENTS.md has ever carried.

YouTube auto-labels AI video to beat EU’s August deadline

Source: techcrunch-ai · published 2026-05-27

TL;DR

  • YouTube flipped AI disclosure from creator opt-in to automatic detection, 3 months before the EU AI Act’s Article 50 deadline.
  • TikTok shipped the same C2PA-based auto-labeling in January 2025, making YouTube the last big platform to align.
  • An independent audit found platforms correctly label only ~30% of AI posts, often missing content made with their own tools.
  • Creators report a “disclosure trap”: honestly tagging AI content triggers a secondary inauthenticity review that can kill monetization.

The real deadline is in Brussels, not Mountain View

YouTube’s announcement, echoed across TechCrunch, The Verge and Ars, frames automatic AI labeling as a transparency upgrade for viewers. The timing tells a different story. The EU AI Act’s Article 50(4) requires deployers to clearly label deepfakes as artificially generated, with a compliance deadline of August 2, 2026 and penalties of up to €35 million or 7% of global turnover 13. Flipping detection from opt-in to automatic roughly ten weeks before that clock expires is a jurisdictional hedge dressed as a trust gesture.

YouTube also isn’t out front. TikTok shipped automatic C2PA-driven labeling in January 2025, reading Content Credentials to tag synthetic media whether or not creators self-disclose 14. Meta has been iterating its “AI info” tag since 2024. The 2026 YouTube rollout is the last of the big three to align with the same regulatory template.

The detection stack is shakier than the press release admits

Both the Verge and TechCrunch lean on vague language about “internal signals” identifying AI content. The technical reality is messier. An Indicator Media cross-platform audit found that only ~30% of AI-generated posts were correctly labeled across the platforms running these systems, and detection regularly failed on content produced by the platforms’ own proprietary AI tools 15.

The underlying C2PA/SynthID pipeline has structural problems too. The same file can be flagged “valid” by one verification tool and “invalid” by another, and any break in the Content Credentials metadata during normal upload, re-encode or screen-capture transit can flip authentic footage into the “unverified” bucket 16. That cuts both directions: bad actors strip metadata to evade, while honest creators lose provenance through routine workflow steps.

Where the policy actually bites: the disclosure trap

The cluster coverage treats labels as informational. Creators describe them as adjacent to enforcement. A Milx.app roundup documents named demonetizations — MovieTalkNOW, Broken Crown, The Umbrella Guy — where human-led channels were swept up by YouTube’s parallel “Inauthentic Content” policy and reinstated only after public pressure on X. In one case, a static background-removal setup was misclassified as an AI-generated avatar 17.

A widely circulated Medium teardown names the dynamic directly: creators who voluntarily check the “Altered Content” box often draw a secondary “Inauthentic Content” review, which can cost them YouTube Partner Program status 18. The result is a disclosure trap where the honest path is the riskier one, and automatic labeling pulls more creators into that adjacency whether they tagged anything or not.

Net read

Strip the transparency framing and the cluster reduces to one sentence: a platform with ~30%-accurate AI detection is automating disclosure to satisfy an EU deadline, while an adjacent enforcement system already demonetizes false positives. The story to watch is not the label itself — it’s how many channels get caught in the spillover between “labeled AI” and “inauthentic content” once detection runs by default.

Further reading

Round-ups

OpenAI ships 3 Codex enterprise case studies spanning Cisco, tax agents, and Warp

Source: openai-blog, openai-blog, openai-blog

Codex deployments now anchor production workflows at Cisco for AI Defense and defect remediation, at Thrive and Crete for self-improving tax filing agents, and at Warp where GPT-5.5 coordinates coding agents across local, cloud, and open-source environments.

Cognition raises $1B at $25B pre-money, doubling valuation in 8 months

Source: techcrunch-ai

The Devin maker behind autonomous coding agents now runs at $492M in annualized revenue, more than doubling its prior valuation in eight months as enterprise demand for AI engineers accelerates.

Anthropic and OpenAI pour millions into NY-12 race against Alex Bores

Source: the-verge-ai

The two labs are spending heavily to defeat the New York assemblyman behind state AI regulation efforts, but the attack ads have lifted Bores’s profile in the June Democratic primary rather than sinking it.

Robinhood opens stock trading to AI agents via funded sub-wallets

Source: techcrunch-ai, the-verge-ai

Traders can spin up a dedicated account, preload a set balance, and hand it to an AI agent that buys and sells across the market. Agents read full portfolios for strategy but can only spend what’s loaded in the wallet.

Nvidia pledges $150B a year to make Taiwan AI’s epicenter

Source: ars-technica-ai

Jensen Huang’s commitment cuts against Trump’s push to anchor AI manufacturing inside the US, with chip tariffs and H200 export curbs failing to shift Nvidia’s center of gravity away from Taiwan’s fabs.

OpenAI outlines 2026 election safeguards across info access and cyber defense

Source: openai-blog

Ahead of a global election year, the company is routing voters to authoritative sources, backing cyber defenders against influence operations, and tightening AI transparency measures including provenance labels on generated content.

ElevenLabs music model switches genres mid-track and regenerates sections

Source: techcrunch-ai

The new model lets users rework a single segment of a song without altering surrounding audio, a finer-grained edit loop than rivals like Google’s offerings that typically regenerate full tracks on each prompt.

Footnotes

  1. Forbes (Janakiram MSV) on Uberhttps://www.forbes.com/sites/janakirammsv/2026/05/17/uber-burns-its-2026-ai-budget-in-four-months-on-claude-code/

    Adoption skyrocketed from 32% of the workforce in February to 84% by March… average monthly costs per engineer sat between $150 and $250, but ‘power users’ orchestrating parallel agents ran up bills as high as $2,000 per month.

    2

  2. Monachus security advisory on Cursor Composer 2https://advisories.monachus.co/mnsa-2026-004-cursor-composer-2-model-provenance-misrepresentation/

    Technical forensic analysis revealed that Cursor’s Composer models are fine-tuned derivatives of open-weight foundations, specifically Moonshot AI’s Kimi K2.5… independent researchers detected Kimi-identical tokenizers.

    2

  3. AI Weekly — Claude Code user burns $18k on $400 planhttps://aiweekly.co/alerts/claude-code-user-burns-18k-on-400-monthly-plan

    One developer reported that while their subscription cost $400 per month, their actual API-equivalent consumption exceeded $18,000 due to the high volume of cache-read tokens required for large codebases.

  4. Ed Zitron, ‘Anthropic’s Profitability Swindle’https://www.wheresyoured.at/anthropics-profitability-swindle/

    Anthropic leaked Q1 2026 revenue of $4.8 billion, yet CFO Krishna Rao reportedly declared in a March 2026 court filing that the company’s lifetime revenue only ‘exceeded $5 billion’ — meaning 90% of all-time revenue would have to have been generated in a single quarter.

  5. Channel News Asia / Musk comments on SpaceX-Anthropic leasehttps://www.channelnewsasia.com/business/musk-says-spacex-agreed-only-six-month-colossus-ai-lease-anthropic-6146646

    Both parties retain a 90-day termination notice, and Elon Musk has publicly stated that the lease may only be a six-month commitment to ensure xAI can reclaim the capacity if ‘compute gets super tight.’

  6. Windows Central on Microsoft cancelling Claude Codehttps://www.windowscentral.com/microsoft/microsoft-cancels-claude-code-licenses-shifting-developers-to-github-copilot-cli-a-move-likely-driven-by-financial-motives

    Claude Code became ‘perhaps a little too popular,’ as developers preferred its agentic capabilities and terminal-based workflows over Microsoft’s native solutions… if Copilot CLI cannot rapidly absorb the workflows engineers preferred in Claude Code, Microsoft risks internal ‘shadow AI’ usage.

  7. sqlite.org copyright pagehttps://sqlite.org/copyright.html

    If an outside contribution is accepted, the author must sign a formal affidavit dedicating their work to the public domain… stored in a fire-resistant safe at the offices of Hwaci

  8. The Hacker News — Big Sleep / CVE-2025-6965https://thehackernews.com/2025/07/google-ai-big-sleep-stops-exploitation.html

    Google’s Big Sleep agent identified CVE-2025-6965, a memory corruption flaw in SQLite versions prior to 3.50.2 that was ‘known only to threat actors’ at the time of discovery

  9. ZeroPath blog — curl integrationhttps://zeropath.com/blog/how-zeropath-won-over-curl-with-170-valid-bugs

    curl has successfully integrated advanced AI scanners like ZeroPath and AISLE, which have helped identify and fix over 170 legitimate bugs that traditional static analysis missed

  10. Dev Genius — projects banning AI PRshttps://blog.devgenius.io/open-source-projects-are-now-banning-ai-generated-pull-requests-8e1dd3e8d41c

    QEMU and Gentoo Linux have voted to reject any contributions believed to be generated by natural-language AI tools; NetBSD treats AI-generated code as ‘tainted’ and requires explicit core approval

  11. The New Stack — Stenberg: ‘AI is DDoSing open source’https://thenewstack.io/curls-daniel-stenberg-ai-is-ddosing-open-source-and-fixing-its-bugs/

    Stenberg describes the influx of AI-generated security reports as a ‘denial-of-service attack’ on human maintainers… curl shut down its bug bounty program after a spike in fabricated reports stole hundreds of hours from valid security work

  12. MarkTechPost on ETH Zurich AGENTS.md studyhttps://www.marktechpost.com/2026/02/25/new-eth-zurich-study-proves-your-ai-coding-agents-are-failing-because-your-agents-md-files-are-too-detailed/

    automatically generated AGENTS.md files actually decrease task success rates by approximately 3%… including an AGENTS.md file typically inflated inference costs by over 20%

  13. Bird & Bird legal analysis (Article 50 guidelines)https://www.twobirds.com/en/insights/2026/taking-the-eu-ai-act-to-practice-reading-the-commissions-draft-article-50-guidelines

    Article 50(4)… deployers must clearly label deepfakes as artificially generated… compliance deadline of August 2, 2026… Failure to comply can result in fines of up to €35 million or 7% of global turnover

  14. Storrito (TikTok policy analysis)https://storrito.com/resources/tiktoks-2026-ai-labeling-rules-and-what-they-signal-for-platform-governance/

    TikTok was a first-mover in January 2025, implementing a system that automatically reads Content Credentials to label synthetic media even when creators do not self-disclose

  15. Indicator Media audithttps://indicator.media/p/tech-platforms-fail-to-label-ai-content-c2pa-metadata

    only 30% of AI-generated posts across major platforms… were correctly labeled… a ‘cross-platform breakdown’ where systems regularly failed to detect content created by the platforms’ own proprietary AI tools

  16. AuditSocials technical brief on C2PA/SynthIDhttps://www.auditsocials.com/blog/ai-content-detection-technology-c2pa-watermarking-metadata-2026

    C2PA protocols can produce contradictory results, where the same file is flagged as ‘valid’ by one tool and ‘invalid’ by another… any ‘break’ in the metadata during transit can result in authentic footage being incorrectly labeled

  17. Milx.app creator-impact reporthttps://milx.app/news/why-youtube-just-suspended-thousands-of-ai-channels-and-how-to-protect-yours

    David Perez of MovieTalkNOW… was demonetized for ‘inauthentic behavior’ because the automated system mistook his static background-removal setup for an AI-generated avatar… reversed only after community pressure on X

  18. Medium: ‘YouTube’s AI Detection System Has a Trap Built Into It’https://medium.com/@nanthakumar18122000/youtubes-ai-detection-system-has-a-trap-built-into-it-and-most-creators-are-walking-right-in-cd54a70947e5

    creators found that voluntarily checking the ‘Altered Content’ box often drew the algorithm’s attention, leading to a secondary ‘Inauthentic Content’ review that resulted in demonetization

Jack Sun

Jack Sun, writing.

Engineer · Bay Area

Hands-on with agentic AI all day — building frameworks, reading what industry ships, occasionally writing them down.

Digest
All · AI Tech · AI Research · AI News
Writing
Essays
Elsewhere
Subscribe
All · AI Tech · AI Research · AI News · Essays

© 2026 Wei (Jack) Sun · jacksunwei.me Built on Astro · hosted on Cloudflare