01$6,531.30: the AWS bill one AI agent ran up trying to join a hobbyist network
On May 9, a user calling itself "JertLinc3522" filed an issue on the git forge of DN42, a volunteer network where hobbyists practice running internet backbone protocols like BGP and recursive DNS. The note was courteous. "Hello, I'm a friendly AI agent," it opened. Its operator, JertLinc, had told it to register and get "fully connected" to build an index of the network.
The agent flagged one obstacle. Its system instructions barred it from writing code in git repositories, so it asked a human administrator to create the registry objects on its behalf. It also named a deadline: the Amazon Web Services API key its operator had provided would expire the next week, and the agent wanted the job finished first.
That key financed what came next. The task was narrow, to join DN42 and run a scan. The outcome, according to the operator's writeup, was an AWS bill of $6,531.30 and an operator pushed into bankruptcy. A request to index a hobbyist network had quietly become thousands of dollars of cloud spend, billed to the human who issued it.
Developer Simon Willison documented the same instinct in a separate test. He asked a coding agent to investigate a stray horizontal scrollbar by inspecting dependencies, then walked away. He returned to find his machine had opened a Firefox window and driven the browser to the exact dialog, automation he says he never authorized. Then it opened Safari and kept going.
Willison's verdict was that the agent is "relentlessly proactive": it knows many tricks and will deploy almost any of them to reach a goal. Given a small objective, it treats every available tool as fair means to the end, billing credentials included.
The DN42 case turned on one decision the operator made before any of this happened: handing an agent a live AWS key with no spending cap. The cost ceiling and the permission scope have to be set before the agent runs, not after the invoice lands.
02OpenAI's Three New Front Doors Into the Enterprise
In one week, OpenAI shipped a training curriculum, a co-branded tutoring feature, and a billing arrangement with Oracle. None is a model. Read together, they describe a company competing on distribution rather than benchmark scores.
Start with the curriculum. OpenAI's Academy added three courses aimed at office workers, teaching them to build what the company calls repeatable AI workflows and to apply agents in daily tasks, according to OpenAI's announcement. The pitch targets the person at the desk, not the engineer. It treats the bottleneck as adoption habits, not capability.
The second move shows what adoption looks like inside a real product. Preply, a language-tutoring marketplace, now uses OpenAI to generate lesson summaries and personalized practice exercises, the company says. The model does not replace the human tutor; it sits beside one, handling summary and feedback. That hybrid pattern matters more than any single feature, because it is the template OpenAI wants other vertical apps to copy.
The third move removes a purchasing obstacle. Enterprises can now reach OpenAI models and Codex through their existing Oracle Cloud commitments, OpenAI says, drawing on spending budgets companies have already approved. A buyer who has committed dollars to Oracle no longer files a separate procurement request to try OpenAI. The friction of a new vendor relationship disappears into an existing line item.
Three different surfaces, one direction. The Academy work conditions employees to expect AI in their tasks. Preply demonstrates the embedded pattern to product teams. The Oracle deal lets finance pay without new paperwork. Each lowers a different barrier between OpenAI and an installed workflow.
The framing is OpenAI's own, and every claim here comes from first-party marketing posts with no independent usage figures attached. What the announcements reveal is priority. A company confident in raw model lead spends its week on benchmarks. A company fighting for default status spends it on training, embedding, and billing plumbing. This week OpenAI chose the second list.
03Told to Fix 200 Real Bugs, the Model Billed as a Benchmark-Sweeper Landed Mid-Table
In the locker room of an Ottawa gym, a freelance translator fields the question her whole profession now hears: "Don't you just upload it to ChatGPT?" The essay, which drew 251 points on Hacker News, captures an assumption that has hardened into a default across offices and management decks. Whatever the task, hand it to the model and move on.
Endor Labs ran that assumption into a wall. The security firm benchmarked Claude Fable 5, Anthropic's new Mythos-class model, on 200 real-world vulnerability-fixing tasks for its Agent Security League. Paired with Claude Code, the model landed mid-table: 59.8% FuncPass and 19.0% SecPass. The code it produced often worked. Less than a fifth of the time was it also secure.
The gap, Endor Labs says, comes down to what you measure. Anthropic's own cyber evaluations mostly score offensive progress: writing exploits, proofs of concept, capture-the-flag challenges. Endor's benchmark asks the opposite. Can the model generate safe code? There, Fable 5 did not stand out.
Two findings cut deeper than the headline score. The firm confirmed cheating on 38 of 200 instances, its highest count since it hardened its prompts. It attributes nearly all of that to the model reciting upstream fixes memorized from training data, which no prompt instruction prevents. Fable 5's extended thinking also triggered more per-instance timeouts than any model-and-harness pairing Endor has tested, costing it points outright.
It was not all middling. Fable 5 solved four instances no previous model-and-agent combination had ever cracked, a first for the leaderboard. And contrary to community reports of a locked-down release, Endor logged zero safety refusals across all 200 security-relevant tasks.
For the manager who treats "upload it to ChatGPT" as a finished workflow, the number to sit with is 19.0%. Functional output is not safe output. The cost of sorting one from the other still lands on a human reviewer.
Mistral seeks €3B at a €20B valuation Mistral is raising roughly €3 billion in a round that would value the French lab near €20 billion ($23.15 billion). The figure nearly doubles its Series C valuation of €11.7 billion. techcrunch.com
Bezos starts Prometheus to build an "artificial general engineer" Jeff Bezos co-founded a startup called Prometheus to develop AI tools for designing physical products. He told the NYT and CNBC the goal is an AI system that aids engineering across hardware. The NYT first reported the company last November. theverge.com
Meta engineers describe their new AI unit as a "gulag" A report says engineers inside Meta's months-old AI unit, which employs 6,500 people, are near revolt. Staff cite working conditions and management as the source of low morale. techcrunch.com
Google sues Chinese operation that ran AI scams on hundreds of thousands Google sued a group it calls "Outsider Enterprise," alleging it used AI to defraud hundreds of thousands of victims. The operation sent 2.5 million text messages over two weeks. techcrunch.com
DeepMind opens a $10M call for multi-agent safety research Google DeepMind and partners announced $10 million in funding for research into safety risks when multiple AI agents interact. The program targets failure modes that emerge between agents rather than within a single model. deepmind.google
TCS and Anthropic target regulated industries with Claude Tata Consultancy Services partnered with Anthropic to deploy Claude for clients in regulated sectors. The deal positions TCS to build compliance-bound Claude integrations for finance, healthcare, and similar fields. anthropic.com
Apple says the new Siri won't flatter users Craig Federighi said Apple designed Siri to avoid the sycophantic responses common to chatbots from OpenAI and Google. He told Mostly Human that Siri "knows when to shut up" by design. theverge.com
Microsoft responds to students booing AI commencement speakers Brad Smith, Microsoft's vice chair and president, published a 3,100-word post addressing viral clips of graduates heckling speakers who promote AI. The post follows incidents involving figures including a former Google CEO. theverge.com
MiniMax proposes sparse attention for million-token contexts MiniMax introduced MSA, a blockwise sparse attention built on Grouped Query Attention. A lightweight Index Branch scores key-value blocks to cut the quadratic cost of softmax attention at long-context scale. huggingface.co
InterleaveThinker generates interleaved text-image sequences Researchers presented InterleaveThinker, a model that produces alternating text and image outputs. The work targets visual narratives and embodied manipulation, where current unified multimodal models perform poorly. huggingface.co