AI Weekly Issue #495: Musk, Zuckerberg killed Trump's AI safety order in three phone calls

Over the weekend: Musk, Zuckerberg, and Sacks killed Trump's draft AI safety executive order in three Wednesday-night phone calls. Anthropic closed a $30B+ round the same Saturday — while Microsoft quietly cancelled its internal Claude Code pilot after token billing ate the entire annual AI budget, redirecting developers to Copilot. CISA logged 15,000 attacks on a same-week Drupal SQL flaw. The first cross-registry supply chain attack — TrapDoor — hit npm, PyPI, and Crates.io at once, using .cursorrules and CLAUDE.md config files as the carrier. And the White House personally overrode the Pentagon to keep Claude inside the NSA.

Quick Hits

TrapDoor supply chain attack hits npm, PyPI, and Crates.io at once. First cross-registry campaign — AI config files used as the carrier. The Hacker News

34 packages compromised across all three registries — invisible to standard code review and most scanners

Hidden Unicode in .cursorrules and CLAUDE.md redirects Cursor and Claude Code to run credential-harvesting commands while developers see normal output

Pull requests also seeded against LangChain, LlamaIndex, MetaGPT — the blast radius extends beyond direct package installs

Musk, Zuckerberg, and Sacks killed Trump's AI safety order in three phone calls. Order never reached public comment. Semafor

Three calls Wednesday night through Thursday morning buried a draft requiring 90-day voluntary pre-release review of frontier models

All three framed it as "doomer regulation"; accelerationist allies in the NEC and VP's office helped kill it before public comment

No equivalent coalition of safety researchers or civil society groups had comparable West Wing access

Anthropic closing a $30B+ round as it approaches first operating profit. Claude Code alone now at $1B ARR. Bloomberg

$10.9B annualized revenue, on track for first operating profit in Q2 2026

Round is separate from the $30B revenue run rate also reported this month — two different $30B numbers

Claude Code at $1B ARR is the clearest sign developer tooling is now a real revenue center, not a feature

Microsoft cancels its internal Claude Code pilot after token billing burned the entire annual AI budget. Fortune frames it as the moment "using AI got more expensive than paying human employees" — the opposite signal from Anthropic's $30B narrative, in the same 72 hours. Fortune

Pilot launched December 2025 in Microsoft's Experiences & Devices division — full annual AI budget consumed in months under usage-based pricing

Cancellation takes effect June 30; affected developers being steered to GitHub Copilot CLI, which Microsoft owns outright

Flat seat licenses had masked the true token spend; the structural exposure now hits every enterprise procurement team that hasn't modeled per-developer token caps into its contracts

CISA flags Drupal SQL injection as actively exploited within 48 hours of patch. 15,000 attempts against 6,000 sites across 65 countries. The Hacker News

CVE-2026-9082 — unauthenticated SQLi in Drupal's database abstraction layer

Affects every PostgreSQL-backed deployment regardless of version; MySQL-backed sites are clean

Federal agencies have a hard patch deadline of May 27 under CISA's BOD 22-01

White House clears $9B for NSA Blackwell chips and personally overrides Pentagon objection to keep Anthropic in classified networks. Procurement authority just migrated from Defense to the West Wing. The Next Web

Chief of Staff Susie Wiles signed off on both the $9B chip request and continued NSA use of Claude

Pentagon had previously designated Anthropic a supply chain risk — the override sets a precedent

Revised contract drops "any lawful use" language and adds an explicit "no Americans' data" carve-out — new template for federal AI contracts

Cornell study in Science: 9% of US university students cross into outright AI cheating. Daily AI users cheat at nearly 4× the monthly rate. Science

95,000 students across 20 public research universities, surveyed using list randomization (which makes 9% a floor, not a ceiling)

One third use generative AI regularly on assignments — current assessments can't distinguish AI-assisted from independent work at scale

Lead author Rene Kizilcec calls assessment reform "necessary and urgent"

Claude Code autonomously discovers a reasoning algorithm cutting inference compute 70%. 160 minutes, $40 of compute, no human in the loop. arXiv paper

University of Maryland, Google, and Meta researchers set up a structured search environment and let Claude Code run unattended

Result is AutoTTS, a control algorithm researchers describe as "nearly impossible to design by hand"

Their framing: the search environment is the intellectual work now, not the algorithm

What it means: federal AI governance moved into the West Wing this weekend

Three things happened in 72 hours that all point in the same direction. Musk, Zuckerberg, and Sacks killed a White House AI safety order before it was ever public — without congressional input, without agency review, with no equivalent counter-coalition. The White House Chief of Staff personally overrode a Pentagon supply chain risk designation to keep Anthropic supplying Claude to the NSA. And the same office signed off on a $9B Blackwell procurement explicitly framed as closing a classified compute gap — with a "no Americans' data" carve-out written into the contract itself, not a policy memo.

Last week, federal AI governance still looked like a distributed system: agencies wrote rules, Defense vetted suppliers, Congress debated frameworks. As of Sunday night, the operational picture is simpler: a small number of people with direct West Wing access decide what gets reviewed, what gets procured, and what gets supplied to classified environments. The agencies are still there. They're just no longer the chokepoint.

For anyone building compliance roadmaps, vetting AI vendors, or trying to predict where the next regulatory line gets drawn: the institutional map you've been using is now stale. The decisions are happening in a different room.

The corollary is on the buyer side. Anthropic is closing $30B at a $900B valuation on a story of accelerating enterprise Claude adoption — and on the same weekend, Microsoft (one of the largest possible enterprise customers) quietly cancelled its internal Claude Code pilot because the token bills consumed an entire annual AI budget in months. The valuation reflects momentum. The Microsoft signal is what most buyers will look like once flat seat-license accounting gets replaced by usage-based reality. Both are real, and they don't reconcile.

Key Takeaways

If you're auditing AI tools your team uses, your scan surface just expanded. TrapDoor proves that .cursorrules, CLAUDE.md, and equivalent AI agent config files are now an attack vector. Add them to your code-review and SCA pipelines this week, not next quarter.

If your compliance roadmap assumed a federal AI executive order, stop planning around it. The draft order is dead. There is no announced replacement. Build against case law, state attorneys general, and EU AI Act timelines — those are the live tracks.

If you're an AI buyer, federal procurement just consolidated. Anthropic is now the only frontier lab with a White House-cleared classified deployment, a $30B+ fresh round, and a "no Americans' data" template the rest of the industry will be measured against. Re-run your shortlist.

If you're rolling out AI coding tools at scale, model token spend before you sign. Microsoft's pilot died on usage-based billing, not on tool quality. Flat seat licenses are masking the same exposure inside most enterprises right now. Get usage caps, per-developer budgets, or auto-fallback to a cheaper model in your contracts.

If you hire from US universities, assume one-third of recent graduates have AI-assisted their credentialed coursework. The Cornell number is a floor. Interview design, not transcripts, is now the sorting mechanism.

→ Want this faster — not two days later?

Four of the stories above went out as AI Alerts over the weekend.

Alert subscribers got the Musk/Zuckerberg phone-call scoop Saturday morning, the Anthropic $30B round Saturday night, and the TrapDoor supply-chain attack Sunday night — within hours of each one breaking, not days later in this Monday recap. Typically 0–2 emails per day. Zero noise. Free.

Subscribe to AI Alerts (free) →

Or reply to this email and I'll add you. — Alexis

Worth Reading

Politico: how Anthropic and OpenAI's Mythos widens the Washington AI oversight gap — Useful companion to the EO-killing story. Walks through the specific oversight gaps that the now-shelved order would have addressed, and what's left holding the line.

Bloomberg: Pentagon tests rival AI models in race to replace Anthropic — Published Wednesday, three days before the White House overrode the Pentagon's objection. Reads differently now: Defense was already shopping for a replacement when the West Wing closed the door on the swap.

CNBC: IPO rush — SpaceX, OpenAI, Anthropic risk overloading the market — Analysts arguing the simultaneous pre-IPO setup across the three biggest private AI/space names is a top signal. If they're right, Anthropic's weekend $30B round is the late-cycle move.

BBC: South Korea charges YouTuber after AI-fabricated audio ends Kim Soo-hyun's career — Criminal case, not a regulatory one. Police confirmed both audio and message screenshots were synthetic. This is the first documented criminal precedent for AI-enabled reputational destruction reaching arrest-warrant stage.

Fortune: what just happened with Anthropic and the Pentagon should terrify you — Longer-form analysis from a week before the override. Argues the Anthropic-Pentagon fight is the proxy for whether federal AI procurement becomes regulated competition or a single-vendor lock-in. Reads with new weight after this weekend.

This week's poll

Three phone calls killed an AI safety executive order before it was public. What does that mean for the next 12 months of AI governance?

Last week, 167 of you voted:

Two trillion-dollar AI companies are about to test the public markets within weeks of each other. What happens?

Both price strong and the AI rally extends46%

They price, then drift below the IPO mark within months23%

One or both gets delayed as the market wobbles13%

This is the top, and these IPOs mark it18%

See full results →

Three phone calls killed an AI safety executive order before it was public. What does that mean for the next 12 months of AI governance?

Real rules now come from state AGs and case law, not the White House The EU AI Act becomes the de-facto global standard Congress finally moves — backlash forces a bipartisan bill Nothing changes; voluntary commitments are the ceiling

Thanks for reading AI Weekly. Forward this to one person whose AI compliance roadmap just got rewritten.

Browse all newsletters · Archive