Weekly AI Dev News Digest: May 9 - May 15, 2026

On Friday, The Information reported that Anysphere staff had begun visiting xAI offices to interview xAI staff about their ongoing projects (The Information). SpaceX has held an option since April 21 to either acquire Anysphere for $60B by year-end or pay $10B for joint work (SpaceX). Those interviews look like the ones that happen before an acquisition closes.

The fuller backdrop: xAI was folded into SpaceX after the February 2026 merger, only two of xAI's original eleven co-founders remain, two senior Cursor engineering leaders left for xAI in March, and xAI has been renting Colossus compute to Cursor to train Cursor's own model. xAI's internal coding tool Macrohard has reportedly been failing against Claude Code and Codex, so the integration runs in only one direction. Cursor hit ~$2B ARR by February, doubling in three months, and remained the most-used AI coding tool among individual developers (TechCrunch). Its inference backbone is still Claude and GPT, which means today's Cursor sells access to the models made by the two companies competing hardest against it. The SpaceX deal is partly the escape route, eventually onto Colossus and Grok.

OpenAI fired first on Wednesday. Sam Altman, 11:13 AM PT: "codex is the best AI coding product and we want to make it easy to try. for the next 30 days, we are giving companies that want to try switching over two months of free codex usage" (Sam Altman) (OpenAI). The Claude Code team landed its answer by end of day: weekly limits up 50% through July 13, auto-applied to all Pro, Max, Team, and seat-based Enterprise users.

That is Anthropic's third Claude Code limit raise in two weeks. April 28 removed peak-hour throttling. May 6 doubled per-window limits alongside the SpaceX news. May 13 raised weekly limits another 50%. The strategic split: Codex aims its incentive at companies migrating off competitors, Claude Code raises ceilings for individual Pro and Max accounts. Same battlefield, different segments. One caveat. A GitHub issue posted May 12 reports that the May 6 per-window doubling came with weekly-budget rebalancing that some Pro users experience as a net cut, with sessions consuming ~21% of weekly limit instead of ~12%. The May 13 raise may be partly damage control. (GitHub issue #58557)

Notion landed the third move on May 13 by becoming neutral ground. The Notion Developer Platform shipped five pieces at once: a CLI (ntn), Workers (hosted code sandboxes), database sync, an External Agent API, and webhook triggers. Launch partners on the External Agent API: Claude Code, Cursor, Codex, Decagon. Notion gets to be the orchestration layer where developers swap between any of the four agents otherwise fighting each other this week, without leaving the workspace. Workers free during beta, switching to a credit model on August 11. Users have built over a million Custom Agents since that feature shipped in February. (Notion)

The TanStack worm is the dev-relevant story of the week and probably of the year so far. On May 11 between 19:20 and 19:26 UTC, 84 malicious versions were published across 42 @tanstack/* packages, including @tanstack/react-router at roughly 12.7M weekly downloads. The compromise was detected within 20 minutes by StepSecurity's ashishkurmi. CVE-2026-45321, CVSS 9.6. (TanStack postmortem)

The attack chain stitched together three GitHub Actions vulnerabilities: a pull_request_target "Pwn Request," Actions cache poisoning across the fork/base trust boundary, and OIDC token extraction from runner process memory. No npm tokens were stolen. The attacker hijacked TanStack's legitimate OIDC trusted-publisher binding from inside a running CI job and shipped packages signed by TanStack itself. The first documented case of malicious npm packages carrying valid SLSA provenance.

And it propagates. The payload steals GitHub, npm, AWS (via IMDSv2), GCP, Azure, Kubernetes, and Vault tokens, then auto-publishes itself to any package the victim has publish access to. By end of day, 169 npm packages and 2 PyPI packages were affected (373 malicious package-version entries), including @mistralai/mistralai (Mistral's TypeScript client), the mistralai and guardrails-ai PyPI packages, @uipath/*, @squawk/*, and intercom-client (StepSecurity). A persistent daemon called gh-token-monitor polls every 60 seconds. Microsoft's analysis of the PyPI Mistral payload found country-aware logic with a "1-in-6 chance of rm -rf / when the system appears to be in Israel or Iran." Triple-channel exfiltration: typosquat git-tanstack[.]com, the Session messenger network, and GitHub API dead drops. StepSecurity attributes the campaign to TeamPCP, the same group behind the March Trivy and April Bitwarden CLI compromises.

Three smaller security stories landed the same week. On May 9, BleepingComputer published research from HiddenLayer on a fake OpenAI repository on Hugging Face (Open-OSS/privacy-filter) that typosquatted OpenAI's legitimate Privacy Filter and pushed a Rust-based infostealer via a PowerShell loader (BleepingComputer). On May 11, Google's Threat Intelligence Group reported the first AI-built zero-day caught in the wild, a 2FA bypass in an unnamed open-source web admin platform, with telltale LLM artifacts including educational docstrings and a hallucinated CVSS score (Google TIG). John Hultquist of GTIG put it cleanly: "There's a misconception that the AI vulnerability race is imminent. The reality is that it's already begun."

OpenAI launched Daybreak on May 11, a cybersecurity initiative built on GPT-5.5, GPT-5.5 with Trusted Access for Cyber, GPT-5.5-Cyber, and Codex's agentic harness. Partners: Cloudflare, Cisco, CrowdStrike, Palo Alto Networks, Akamai, Fortinet, Oracle, Zscaler (Engadget). Direct response to Anthropic's Mythos and Project Glasswing. Daniel Stenberg, cURL's maintainer, was less impressed by Mythos. His verdict on The Register the same day: "greatest marketing stunt ever," after Mythos found one low-severity flaw in cURL (The Register). Two more dev-facing footnotes: cookie thieves were caught wrapping fake Claude Code installers with payloads that bypass Chrome's app-bound encryption via a new IElevator2 COM interface (The Register), and on May 13 the EU Commission confirmed OpenAI has agreed to provide GPT-5.5-Cyber access to EU cyber defenders for regulator evaluation; Anthropic has not made a similar Mythos offer.

Three of this week's biggest infrastructure stories share one company.

The Wall Street Journal reported on May 12 that Google is in talks with SpaceX about launch services for Project Suncatcher, Google's orbital data center initiative announced in November 2025 (TechCrunch). Initial plan: two prototype satellites in 2027, scaling to 81 TPU-carrying satellites in a 1km cluster, built by Planet Labs. The physics gives roughly 8x more solar capture than terrestrial panels in sun-synchronous orbit. The economics do not yet. Suncatcher needs ~$200/kg launch costs to make sense, SpaceX rideshare is currently $7,000/kg. Falcon 9 reusability is closing the gap but slowly. Altman has previously called orbital data centers "ridiculous for now."

That story stacks on Anthropic's recently signed deal for full Colossus 1 capacity in Tennessee (~300MW per FT), the SpaceX filing for up to 1M satellites tied to orbital data center ambitions, and the ongoing Cursor-xAI integration. Anthropic runs on Colossus. Cursor is heading for Colossus and Grok. Google may need Falcon 9 to launch Suncatcher. The SpaceX IPO is expected at $1.5–1.75T later in 2026, and three of four frontier AI labs now have Musk somewhere on their compute critical path.

Claude Platform on AWS hit GA on May 12 (Anthropic). AWS becomes the first cloud provider with full native Claude API access (Claude Managed Agents, advisor tool, web search/fetch, MCP connector, Agent Skills, code execution, files API) routed through an AWS account with IAM, CloudTrail, and a single AWS bill. Anthropic still operates the platform and data is processed outside the AWS boundary, so it complements Bedrock rather than replacing it. 17 regions. Same pricing as the native Claude API. PrivateLink supported. Anyone with existing AWS commitments now has the procurement-friendly Claude story they were waiting for.

OpenAI Deployment Company (DeployCo) launched on May 11 with a $4B initial investment at a $10B valuation (OpenAI). Majority-owned OpenAI subsidiary, 19 backers including TPG (lead), Advent, Bain, Brookfield, SoftBank, McKinsey, Capgemini, Goldman Sachs, Warburg Pincus. The first acquisition: UK firm Tomoro, ~150 forward-deployed engineers with clients including Tesco, Virgin Atlantic, Supercell, Mattel, and Red Bull. It is the Palantir playbook: embed engineers, charge for outcomes. The PE backers reportedly secured a 17.5% guaranteed annual return over five years (per TNW), unusual in venture. Pairs with the Anthropic enterprise services company announced a few days earlier with Blackstone, Hellman & Friedman, and Goldman Sachs.

SAP doubled n8n's valuation to $5.2B on May 12 and embedded the workflow platform inside Joule Studio. SAP simultaneously announced new strategic partnerships with Anthropic, AWS, Google Cloud, Microsoft, Mistral, Cohere, NVIDIA, and Parloa. The honeymoon ends when SAP picks favorites. For now, every major AI vendor gets table service. Cursor announced a Microsoft Teams integration on May 12: mention @Cursor in any channel to delegate coding work, pull repo context, generate PRs. Same week the parent company is being interviewed by xAI. OpenAI hired Gimlet Labs to optimize models for Cerebras chips (Gimlet claims 10x inference at same cost/power), part of the diversify-from-Nvidia thread. Circle launched the Circle Agent Stack on May 11 (CLI, Agent Wallets, Agent Marketplace, gas-free USDC nanopayments down to $0.000001 through Circle Gateway) at agents.circle.com. CRCL up ~16% on the day. (Circle)

Hermes Agent overtook OpenClaw on OpenRouter daily token volume on May 10. Nous Research's open-source agent runtime hit 224B daily tokens against OpenClaw's 186B (OpenRouter rankings). First time OpenClaw has not held the top daily spot since its rise in late 2025. OpenClaw still leads cumulatively (9.17T all-time vs Hermes 6.35T) and on GitHub stars (370K+ vs 114K+), so this is a momentum flip rather than a coronation. Hermes v0.13.0 "Tenacity" shipped May 7 with 864 commits, 588 merged PRs, and a Kanban-style durable multi-agent task board with heartbeat monitoring and hallucination recovery. The design philosophies diverge: OpenClaw bets on platform reach (50+ messaging channels, 44K-skill ClawHub library); Hermes bets on agent depth (three-layer memory: persistent identity, SQLite FTS5 session history, procedural skill files the agent writes for itself). Hermes is winning daily token share with roughly 40% of OpenClaw's platform reach. MIT-licensed migration tool included.

Tool | Daily tokens (May 10) | Cumulative | GitHub stars | Design bet Hermes Agent | 224B | 6.35T | 114K+ | Agent depth (3-layer memory) OpenClaw | 186B | 9.17T | 370K+ | Platform reach (50+ channels)

Thinking Machines made its first major public product reveal on May 11. Mira Murati's lab released a research preview of interaction models, headlined by TML-Interaction-Small at 276B parameters. Full-duplex architecture: audio and video input streams in 200ms chunks, response generation runs in parallel rather than after the user finishes. Claimed 0.40 second response latency, faster than Gemini-3.1-flash-live on FD-bench. The model implicitly detects whether the speaker is thinking, yielding, self-correcting, or inviting a response, with no separate dialog manager. Reportedly in talks at ~$50B valuation. Meta tried to buy Thinking Machines in 2025, Murati declined, Meta hired seven founding members, Murati hired PyTorch creator Soumith Chintala as CTO in response.

Anthropic is reportedly in talks to acquire Stainless for over $300M (Digitimes). Stainless builds SDKs for AI companies including Google and OpenAI. If the deal closes, Anthropic ends up owning the canonical SDK toolchain its competitors use to ship their own client libraries. Anthropic also shipped Claude Code agent view on May 12 as a research preview, which manages multiple parallel Claude Code sessions from a single interface. No more separate terminal tabs per agent.

Google announced Magic Pointer and the Googlebook on May 12 at the Android Show: I/O Edition. Magic Pointer is a Gemini-powered cursor that captures visual and semantic context. Point at a date in an email to schedule a meeting, point at a recipe and ask to double it, select two images and ask to visualize them together. DeepMind's framing is to eliminate "AI detours" by bringing AI to where the user is. Two demos are live in Google AI Studio (image edit, map search), rolling out in Chrome (DeepMind). Googlebook is the Chromebook successor and the platform name for what looks very much like the long-rumored Aluminum OS: an OS combining the Android stack with ChromeOS. Hardware partners Acer, Asus, Dell, HP, Lenovo. Ships fall 2026 (Google). Premium positioning, no pricing yet, but Google's framing strongly suggests MacBook-class pricing rather than $179 Chromebook anchor.

GitLab announced an "open restructuring" on May 11 (The Register). Voluntary separation window opens May 11, deadline May 18, final org by June 1, specific cut numbers in Q1 FY2027 earnings on June 2. Estimated 7% cut. Structural moves: country footprint reduced up to 30%, up to three management layers removed, R&D reorganized into ~60 small autonomous teams. CEO Bill Staples insists "this is not an AI optimization or cost cutting exercise," but TNW and byteiota both note the playbook is identical to Atlassian's March 10% cut, with the same "self-fund AI" language. GitLab's Duo Agent Platform only hit GA in January 2026, late to a market where Cursor cleared $2B ARR by February. GTLB closed down 7–8% after hours, market cap now ~$4.1B, down from $15B at its 2021 peak. Meta employees protested mouse-tracking software at US offices on May 12 (Reuters), distributing flyers with the tagline "Don't want to work at the Employee Data Extraction Factory?" in meeting rooms, on vending machines, and on top of toilet paper dispensers. Andy Stone, Meta's spokesperson, gave Reuters the quote that says the quiet part: "If we're building agents to help people complete everyday tasks using computers, our models need real examples of how people actually use them, things like mouse movements, clicking buttons, and navigating dropdown menus." Roughly one week before Meta cuts 10% of its workforce. UK staff are unionizing through United Tech and Allied Workers.