Episodes

  • The vertical stack meets the deadline: 42 days into EU AI Act enforcement

    The vertical stack meets the deadline: 42 days into EU AI Act enforcement
    May 21 2026
    Episode 19 of Agent Mode AI. Abby and Avery compose AM-159 (Anthropic Wall Street agents launch 5 May 2026, vertical-stack signal) with AM-158 (EU AI Act T-100 readiness gap, enforcement 2 August 2026). The episode airs 131 days after the Anthropic launch and 42 days into the EU AI Act enforcement window, so both claims have cleared first review and the predicted outcomes are testable on air. The composition: Anthropic accelerates enterprise AI procurement from the vertical-agent end (Wall Street agents, Moody's partnership, Microsoft 365 integration); the EU AI Act slows procurement from the regulatory-deadline end. Which force won inside Q3 2026, and what that means for the enterprises that hadn't completed AM-158 readiness by 2 August. The chapter cross-references EP006 (Article 50 walk) and EP017 (Karpathy and the pre-training end of the same vertical stack). Sources cited: - Fortune coverage of Anthropic Wall Street launch, 5 May 2026 - Moody's partnership announcement, May 2026 - Microsoft 365 and Anthropic integration documentation - EU AI Act consolidated text (Regulation 2024/1689) - EU AI Office implementing guidance, 2026 - Supervisory-authority enforcement actions published 2 Aug – 13 Sep 2026 (confirmed at draft time) Claims tracked: - AM-158 — EU AI Act T-100 readiness budget gap — agentmodeai.com/holding/?claim=AM-158 - AM-159 — Anthropic Wall Street agents, cross-industry read — agentmodeai.com/holding/?claim=AM-159 Newsletter and the full Holding-up ledger: agentmodeai.com
    Show More Show Less
    23 mins
  • Credentials, surface, execution: the May 17 risk surface, 100 days later

    Credentials, surface, execution: the May 17 risk surface, 100 days later
    May 20 2026
    Episode 18 of Agent Mode AI. Abby and Avery walk AM-155, AM-156 and AM-157 — the May 17 batch that the publication composed as a credentials-to-surface-to- execution chain. AM-155 reads the CSRB Storm-0558 findings forward into 2026 enterprise AI agent credential storage. AM-156 names shadow-AI detection lag as structural to the audit model, not procedural — Samsung 2023 as the recurring pattern, not a one-time incident. AM-157 walks the May 2026 Microsoft Semantic Kernel CVEs (CVE-2026-25592, CVE-2026-26030) and the MCP STDIO advisories that turn prompt injection from a model-output problem into a host-level RCE problem. The trilogy as one chain — credential exposure plus undetected surface plus framework-RCE — is what no single piece could carry alone. The episode airs 112 days after the May 17 batch, so each claim has cleared its first review cadence. The closing chapter names the three questions the trilogy added to the AI MSA red-team checklist. Sources cited: - CSRB report on Storm-0558 (2024, referenced) - Samsung internal memo coverage, 2023 - CVE-2026-25592 and CVE-2026-26030, NIST NVD - MCP STDIO advisories, Anthropic, May 2026 - Windsurf 1.9544.26 advisory - Vendor disclosures published May–September 2026 (confirmed at draft time) Claims tracked: - AM-155 — Non-human identity after the CSRB report — agentmodeai.com/holding/?claim=AM-155 - AM-156 — Shadow-AI detection lag is structural — agentmodeai.com/holding/?claim=AM-156 - AM-157 — Prompt injection crosses the RCE threshold — agentmodeai.com/holding/?claim=AM-157 Newsletter and the full Holding-up ledger: agentmodeai.com
    Show More Show Less
    25 mins
  • Karpathy at Anthropic: what the May 19 hire actually moved by August

    Karpathy at Anthropic: what the May 19 hire actually moved by August
    May 20 2026
    Episode 17 of Agent Mode AI. Abby and Avery walk AM-160 (the CIO vendor-trajectory read of Karpathy joining Anthropic's pre-training team on 19 May 2026) and OPS-070 (the operator-side 70% concentration rule). The episode airs 103 days after the announcement and 13 days after the AM-160 marker-check date — so the four observable markers (Claude-in-the-loop research paper, Claude release with credited methodology, leadership commentary, attributed benchmark gains) have been reviewed by airdate. The career arc threads through (OpenAI founding cohort 2015, Tesla Autopilot and AI 2017–2022, OpenAI second tour 2023–2024, Eureka Labs 2024, Anthropic May 2026) as context for why those four markers were chosen. The procurement implications stand: AI-vendor questionnaires should add a model-improvement-methodology disclosure field, and multi-year MSAs should add a research-roadmap-attestation clause with ≥30-day notice. The OPS-070 chapter revisits whether the secondary-lab subscription is still the resilience play for 1–50p operators 100 days into the mandate. Sources cited: - Anthropic announcement, 19 May 2026 - TechCrunch coverage, 19 May 2026 - Axios coverage, 19 May 2026 - CNBC coverage, 19 May 2026 - Reuters via TradingView, 19 May 2026 - Fortune coverage, 19 May 2026 - Stanford CS231n course materials (public) - Karpathy GitHub repositories (nanoGPT, micrograd) Claims tracked: - AM-160 — Karpathy at Anthropic, vendor-trajectory read — agentmodeai.com/holding/?claim=AM-160 - OPS-070 — Karpathy at Anthropic, operator 70% concentration check — agentmodeai.com/holding/?claim=OPS-070 Newsletter and the full Holding-up ledger: agentmodeai.com
    Show More Show Less
    20 mins
  • Why IT operations is the highest-exposure agentic-AI workforce population

    Why IT operations is the highest-exposure agentic-AI workforce population
    May 10 2026
    Episode 13 of Agent Mode AI. Abby and Avery walk AM-012, the claim that the enterprise IT operations workforce is structurally the highest-exposure population to autonomous-action AI. The task surface that defines the family — incident triage, configuration management, ticket processing, routine diagnostics, scripted remediation — maps onto the agent-class capability boundary more directly than any other large enterprise job-family. The US Bureau of Labor Statistics Occupational Outlook Handbook projects Computer and Information Technology occupations to grow faster than average through 2033 with substantial role-mix shifts inside the family. The World Economic Forum Future of Jobs Report 2025 reads the same job-family bimodally: routine-task sub-population in the displacement cohort, AI-adjacent sub-population in the creation cohort, 2030 horizon. Anthropic chief executive officer Dario Amodei's twenty-eighth of May 2025 Axios interview projected that AI could eliminate half of entry-level white-collar jobs over the next one to five years. The procurement-deck distinction is between the agent-orchestration posture (team scales toward managing fleets of agents) and the agent-replacement posture (team contracts through churn). Sources cited: - US Bureau of Labor Statistics Occupational Outlook Handbook, Computer and Information Technology occupations, 2023-2033 cycle - World Economic Forum Future of Jobs Report 2025 - Dario Amodei interview with Axios, 28 May 2025 - McKinsey "Seizing the agentic AI advantage" workforce findings - Atlanta Federal Reserve Workforce Currents data on AI-skill wage premium Claims tracked: - AM-012 — IT operations as highest-exposure workforce population — agentmodeai.com/holding/?claim=AM-012 - AM-006 — Atlanta Fed wage-premium and BCG frontline access gap — agentmodeai.com/holding/?claim=AM-006 - AM-010 — Chief information officer playbook five operational characteristics — agentmodeai.com/holding/?claim=AM-010 - AM-011 — Change-management variable in deployment success — agentmodeai.com/holding/?claim=AM-011 Newsletter and the full Holding-up ledger: agentmodeai.com
    Show More Show Less
    12 mins
  • What the Anthropic Claude for Chrome disclosure tells procurement

    What the Anthropic Claude for Chrome disclosure tells procurement
    May 10 2026
    Episode 12 of Agent Mode AI. Abby and Avery walk AM-009, the claim that Anthropic's Claude for Chrome launch is a procurement-decision data point about the maturity of the browser-resident agentic AI class rather than about Anthropic specifically. The published security disclosure on the launch reports a twenty-three point six percent prompt-injection success rate pre-mitigation, eleven point two percent post-mitigation, and zero percent on URL-injection variants after subsequent patches, against a defined attack corpus. The procurement-relevant signal is the published-disclosure posture itself, which places Anthropic in Cohort A under the AM-007 vendor-response-split framework. Brave Software's adjacent research on Comet confirms the prompt-injection class is structural to browser-resident agents rather than Anthropic-specific. The episode concludes with five questions a chief information officer and chief information security officer can require answered in writing before authorising browser-agent pilots. Sources cited: - Anthropic Claude for Chrome announcement, 26 August 2025 - Anthropic published security disclosure on Claude for Chrome - Brave Software research on Comet prompt injection - Simon Willison agentic-browser-security commentary, 25 August 2025 - Zenity Labs AgentFlayer research, Black Hat USA 2025 - EchoLeak CVE-2025-32711, disclosed August 2025 Claims tracked: - AM-009 — Claude for Chrome procurement-grade disclosure pattern — agentmodeai.com/holding/?claim=AM-009 - AM-007 — AgentFlayer cross-agent prompt-injection class vendor-response split — agentmodeai.com/holding/?claim=AM-007 - AM-146 — Three accuracy-disclosure questions for procurement — agentmodeai.com/holding/?claim=AM-146 Newsletter and the full Holding-up ledger: agentmodeai.com
    Show More Show Less
    10 mins
  • The seven AI vendor exit clauses that decide whether you can leave

    The seven AI vendor exit clauses that decide whether you can leave
    May 10 2026
    Episode 11 of Agent Mode AI. Abby and Avery walk AM-145, the claim that AI vendor switching in 2026 is bound primarily by contract terms — exit clauses, data-portability obligations, model-deprecation rights — not by technical migration cost. Three forces drive the 2026 procurement story: vendor consolidation (ServiceNow completing the Moveworks acquisition in December 2025, Automation Anywhere closing the Aisera acquisition on the eleventh of November 2025), model-deprecation cadence becoming a recurring contract event, and the first wave of multi-year enterprise agentic AI contracts approaching renewal. Seven clause families repeatedly create the lock-in most enterprises only discover at year two: data-portability scope, model-deprecation rights, sub-processor expansion, output-IP ambiguity, pricing-tier rebalancing, agent-uptime SLA definition gaps, and audit-evidence retention obligations. Article 16 of the EU AI Act applies to deployers from the second of August 2026 with a six-month log retention floor. Sources cited: - ServiceNow announcement on completion of Moveworks acquisition - Automation Anywhere announcement on completion of Aisera acquisition - OpenAI deprecation page - Anthropic model lifecycle policy - Google Vertex AI model versioning page - Microsoft Azure OpenAI model retirement policy - Microsoft Customer Copyright Commitment - Bloomberg report on Klarna, 8 May 2025 - EU AI Act Articles 12 and 16 Claims tracked: - AM-145 — Seven AI vendor exit clauses — agentmodeai.com/holding/?claim=AM-145 - AM-027 — Vendor contract gotchas — agentmodeai.com/holding/?claim=AM-027 - AM-046 — EU AI Act Article 12 audit-evidence template — agentmodeai.com/holding/?claim=AM-046 - RES-005 — AI MSA Red-Team Checklist Newsletter and the full Holding-up ledger: agentmodeai.com
    Show More Show Less
    11 mins
  • What vendor "successful pilot" references do not tell procurement

    What vendor "successful pilot" references do not tell procurement
    May 10 2026
    Episode 10 of Agent Mode AI. Abby and Avery walk AM-140, the claim that vendor "successful pilot" references transfer to scaled production at roughly the McKinsey twenty-three percent rate, and that the gap is operational rather than capability-driven. The McKinsey State of AI 2025 survey, published November 2025 with sample size one thousand four hundred ninety-one, is the anchor data point. The Klarna seven-hundred-agent reversal reported by Bloomberg on the eighth of May 2025, the Salesforce Agentforce two-hundred-customer reality through Q1 2026, and the GitHub Copilot token-counting bug acknowledged in April 2026 are the documented walk-backs that bound what reference language can credibly imply. CRMArena-Pro thirty-five percent multi-step reliability and the EchoLeak CVE cross-agent class are the structural failure-mode evidence. Six pre-pilot questions for the procurement committee close the gap. Sources cited: - McKinsey State of AI 2025, published November 2025, n=1,491 - Bloomberg report on Klarna, 8 May 2025 - The Information report on Salesforce Agentforce, April 2025 - GitHub Copilot changelog, 18 April 2026 - CRMArena-Pro paper, Salesforce AI Research, August 2025 - Carnegie Mellon TheAgentCompany academic benchmark - EchoLeak CVE-2025-32711, disclosed August 2025 Claims tracked: - AM-140 — Vendor pilot reference to procuring-enterprise scaled production transfer rate — agentmodeai.com/holding/?claim=AM-140 - AM-030 — McKinsey 23% from IT-leader perspective — agentmodeai.com/holding/?claim=AM-030 - AM-128 — MIT 95% pilot-failure claim — agentmodeai.com/holding/?claim=AM-128 Newsletter and the full Holding-up ledger: agentmodeai.com
    Show More Show Less
    10 mins
  • The three questions every CIO should ask about a vendor accuracy claim

    The three questions every CIO should ask about a vendor accuracy claim
    May 10 2026
    Episode 9 of Agent Mode AI. Abby and Avery walk AM-146, the claim that vendor "ready-to-run" positioning without named task, named baseline, and named methodology is procurement-deck noise rather than procurement evidence. The procurement-grade reference shapes in 2026 are the academic-benchmark layer (CRMArena-Pro 35% multi-step reliability, CMU TheAgentCompany 30-35% reproduction range, WebArena ~36% browser-agent ceiling, SWE-bench Verified for code generation) and the Anthropic Claude for Chrome disclosure pattern (23.6% pre-mitigation, 11.2% post, 0% on URL-injection variants after patches). A third class — the named-customer audited deployment, with McKinsey Lilli, JPMorgan, BT Now Assist, and UK Government Digital Service as the canonical references — sits alongside. Sources cited: - CRMArena-Pro paper, Salesforce AI Research, August 2025 - Carnegie Mellon TheAgentCompany academic benchmark - WebArena academic benchmark - SWE-bench Verified - Anthropic published security disclosure on Claude for Chrome, 26 August 2025 - McKinsey internal Lilli platform deployment data - JPMorgan Chase 2023 AI value disclosure - BT Now Assist deployment, Hena Jalil - UK Government Digital Service Q4 2024 Claims tracked: - AM-146 — Three accuracy-disclosure questions for procurement — agentmodeai.com/holding/?claim=AM-146 - AM-009 — Claude for Chrome procurement-grade disclosure pattern — agentmodeai.com/holding/?claim=AM-009 - AM-140 — Procurement-committee pre-pilot questions — agentmodeai.com/holding/?claim=AM-140 Newsletter and the full Holding-up ledger: agentmodeai.com
    Show More Show Less
    12 mins