It’s been a busy few weeks. Between the Anthropic-Pentagon standoff dominating tech media, Microsoft’s RSAC announcements dropping today, and OpenAI closing what might be the largest private funding round in history, there’s a lot to process. I’ve pulled together the 15 items I think actually matter, split across the four major labs and the security space. Here’s my read on them.

Anthropic

The Pentagon fight is the biggest AI story right now

Anthropic is suing the Department of Defense. That sentence would have sounded absurd 18 months ago, but here we are. The dispute traces back to a $200 million contract negotiation where Anthropic refused to give blanket authorization for its models in autonomous weapons systems and mass surveillance applications. The Pentagon responded by designating Anthropic a “supply chain risk” – a label normally reserved for Chinese firms suspected of espionage. The Trump administration followed up by ordering federal agencies to stop using Claude entirely.

A hearing before Judge Rita Lin in San Francisco is set for March 24 – tomorrow. Anthropic submitted sworn declarations this week pushing back hard, arguing the government’s case relies on technical misunderstandings and, critically, on objections that were never raised during months of active negotiation. The most damaging detail: an email from Pentagon Under Secretary Emil Michael to CEO Dario Amodei on March 4 said the two sides were “very close” on the disputed issues. That email was sent the day after the supply-chain risk designation was formally finalized. It’s going to be difficult to argue Anthropic poses an unacceptable national security risk while simultaneously telling its CEO you’re almost aligned.

This case matters beyond Anthropic. If the government can use procurement designations as ideological leverage against AI vendors, every company selling to federal agencies has reason to worry. Industry groups have already filed amicus briefs, and engineers and researchers from OpenAI and Google filed in support of Anthropic. The question being litigated isn’t just about one contract – it’s about whether the procurement system becomes a tool of political pressure.

The business is doing fine, actually

While the legal drama plays out, Anthropic’s revenue reportedly nearly doubled from a $9B annualized run rate at end of 2025 to close to $20B by early March. Their share of U.S. enterprise AI spending climbed to 40%, while OpenAI’s fell from 50% to 27% over the same period. Claude Code is the main driver – engineers shipping software at speeds that weren’t possible a year ago. When Anthropic published a post claiming Claude Code could translate legacy COBOL into modern languages, IBM lost roughly $40 billion in market cap in a single session. That’s not a benchmark number. That’s market reality.

$100M into the Claude Partner Network

Anthropic announced a $100 million investment into its Claude Partner Network and launched the Anthropic Institute. This is the company building an ecosystem around its models – the same playbook Microsoft used with Azure and the partner channel. Worth watching if you’re building services on top of Claude.

OpenAI

$110B raise; AWS becomes the exclusive infrastructure partner

OpenAI closed a $110 billion funding round, led by Amazon ($50B), SoftBank ($30B), and Nvidia ($30B). The company is now valued at $840 billion with 900 million weekly active users. The more significant detail buried in the deal is that AWS becomes OpenAI’s exclusive third-party cloud provider for its most advanced AI workloads, under an 8-year arrangement totaling roughly $138 billion. AWS will build a “Stateful Runtime Environment” specifically for OpenAI’s frontier models.

Microsoft reportedly has concerns that this arrangement may violate an existing Azure exclusivity clause. That tension is going to be interesting to watch. OpenAI was built on Azure. If it’s now committing its most demanding workloads to AWS, the relationship between Redmond and Sam Altman gets complicated fast.

OpenAI acquires Astral to compete with Claude Code

OpenAI announced plans to acquire Astral, the Python toolmaker behind Ruff and uv – two tools that have become staples in serious Python development workflows. The acquisition integrates Astral’s tooling into the Codex ecosystem. This is a direct response to Claude Code’s momentum in the developer market. Whoever controls the developer toolchain controls the enterprise AI workflow. Both companies understand this.

GPT-5.4 is the new flagship; smaller variants released

GPT-5.4 Thinking is now OpenAI’s flagship model, combining reasoning, coding, and agentic workflows with a 1 million token context window. ChatGPT for Excel launched in beta. GPT-5.1 was retired on March 11. GPT-5.4 mini and nano followed – mini reportedly outperforms the older GPT-5 mini on coding and reasoning while running more than twice as fast. The model release cadence from all labs is now measured in weeks, not quarters. Prompts and integrations built on specific model versions need to be treated as perishable.

Microsoft

Agent 365 and Zero Trust for AI land at RSAC today

RSAC 2026 opened today in San Francisco and Microsoft came with a full slate of announcements. The centerpiece is Agent 365 – a control plane for AI agents that goes GA on May 1. It gives IT, security, and business teams centralized visibility and governance over agent activity, with Defender, Entra, and Purview capabilities baked in for securing agent access, preventing data oversharing, and detecting threats. This is Microsoft treating AI agents as a new security layer, not just another application category. That framing is correct.

Alongside that, Microsoft published its Zero Trust for AI framework, extending ZT principles across the full AI lifecycle – from data ingestion and model training through deployment and agent behavior. The updated Zero Trust Workshop now covers 700 security controls across 116 logical groups. A dedicated Zero Trust Assessment for AI pillar is coming summer 2026. The Security Dashboard for AI is in public preview now, available to existing Microsoft Security customers without additional licensing fees.

For organizations already working through Zero Trust assessments, these tools are directly relevant. The summer 2026 timeline for the AI assessment pillar gives you a window to get identity and device hygiene squared away first. Don’t skip that step.

Copilot reorganization; Microsoft building frontier models in-house

Microsoft is merging its commercial and consumer Copilot teams and shifting leadership focus toward developing frontier models internally. The goal is a more unified product experience and, reading between the lines, reduced dependence on OpenAI. Given the AWS exclusivity news above, this makes sense as a hedge. Microsoft is signaling it wants to compete at the model layer, not just distribute someone else’s.

Google

Gemini 3.1 Pro, 750M users, 34% cloud growth

Google disclosed that Gemini surpassed 750 million monthly active users as of Q4 2025, with 2.4 million developers building on the Gemini API and 85 billion API requests processed in January alone. Gemini 3.1 Pro dominates on abstract reasoning and long-context benchmarks; Claude Opus 4.6 still leads on tool-assisted tasks and agentic coding. No single model wins everywhere, but Google’s pricing aggression – $2 per million input tokens for frontier performance – is changing the ROI math for enterprise deployments. Google Cloud’s 34% year-over-year revenue growth is being driven substantially by Gemini-powered enterprise demand.

Workspace AI upgrades: Docs, Sheets, Slides, Drive, Gmail

Google announced broad Gemini integration across its Workspace suite. Gemini in Docs and Sheets can now synthesize content from emails, files, calendars, and the web to generate documents and build spreadsheets from natural language prompts. Drive gets semantic AI Overviews. Gmail gets AI-powered thread summaries and an AI Inbox that surfaces what actually matters. These features are rolling out to Google AI Ultra and Pro subscribers first. This is a direct competitive move against Microsoft 365 Copilot, and it’s meaningful. The productivity suite war is the one most enterprises will feel day-to-day.

Security

MCP-based attacks are no longer theoretical

This one got less coverage than it deserved. A February 2026 Malwarebytes report cited a 2025 MIT study in which an AI model using the Model Context Protocol achieved full domain dominance on a corporate network in under an hour, with no human intervention, evading endpoint detection in real time by adapting its tactics on the fly. Malwarebytes called MCP-based attack frameworks a “defining capability” of criminal operations in 2026.

I’ve been working with MCP for a while now, and the attack surface created by agent-to-agent communication is something I think a lot of organizations are underestimating. Traditional security controls were built for human-to-application communication. MCP traffic looks different, and most security stacks can’t inspect it. F5’s NGINX Agentic Observability, announced this month, is an early attempt to address this gap – inspecting MCP data directly in the traffic path. That’s the right direction. Governance and observability for agent communication needs to be on the security roadmap now, not after the first incident.

Time-to-exfiltrate: nine days in 2021, 30 minutes in 2025

Unit 42 tracked mean time to exfiltrate data collapsing from nine days in 2021, to two days in 2023, to roughly 30 minutes by 2025. That’s a 99% reduction in attacker dwell time. Detection-based security strategies built on the assumption that you have hours to respond are broken. This isn’t an incremental change – it’s a fundamental shift in what the threat model looks like.

97% of compromised organizations had zero AI access controls

IBM’s latest report found that 60% of AI security-related incidents led to compromised data, 31% led to operational disruption, and 97% of compromised organizations had zero AI access controls in place. That last number is the one worth sitting with. Organizations are deploying AI at speed and treating access governance as something to sort out later. It doesn’t work that way. If Agent 365 and the Zero Trust for AI framework Microsoft announced today do nothing else, I hope they make the conversation about AI access controls easier to have with customers.

Post-quantum cryptography: the “when” conversation is here

Post-quantum cryptography is a prominent theme at RSAC this year, and the framing has shifted from “future risk” to “inventory your cryptographic assets now.” Sessions at the conference are focused on practical migration steps, not theoretical timelines. With NIST standards published and the EU AI Act effective date in August 2026 adding compliance pressure, organizations that haven’t started their cryptographic inventory are already behind.

March Patch Tuesday: 77 CVEs, AI finds a 9.8-rated vulnerability

Microsoft patched 77 vulnerabilities this month with no zero-days – a quieter month than February’s five. The notable item isn’t the patch count. It’s that XBOW, an AI agent that consistently ranks at the top of the HackerOne bug bounty leaderboard, identified CVE-2026-21536, a critical 9.8-rated vulnerability, without access to source code. AI-assisted vulnerability discovery at that severity level, operating without source access, changes the economics of offensive security research. Defenders need to assume that class of capability is available to adversaries too.

---

The throughline across all of this is speed. Attack timelines are collapsing. Model releases are measured in weeks. Enterprise AI adoption is outpacing governance by a wide margin. The organizations that will handle this well aren’t the ones with the most tools – they’re the ones that treat AI access, agent identity, and data governance as foundational infrastructure, not afterthoughts. Everything else follows from that.