The Lyceum: AI Daily — May 05, 2026

Three signals point in the same uncomfortable direction. The Trump White House — the same administration that killed Biden's AI executive order and lectured Europe on overregulation — is now drafting its own pre-release vetting regime. An Anthropic co-founder put 60% odds on AI building its own successors by end of 2028, with internal benchmarks to back the math. And someone drained $175,000 from an AI agent's wallet using Morse code. The throughline: capability is outrunning control, and the people closest to the machinery are the ones flinching first.

The grounded prefetch confirms no significant model or tool releases from major labs in the past 24 hours. On a quiet shipping day, the gravity moved to policy, security, and deployment economics — which is what the rest of this issue covers.

Six months ago, Vice President JD Vance stood in Paris and warned the world that "excessive regulation of the AI sector could kill a transformative industry." On Monday, the New York Times reported — citing U.S. officials briefed on the deliberations — that President Trump is now considering an executive order to create an AI working group that would examine pre-release oversight procedures for new models. Senior officials briefed Anthropic, Google, and OpenAI executives on some of the plans last week.

What changed is a single model. The rethink began amid Anthropic's announcement of Mythos — a system so capable at finding security vulnerabilities that Anthropic itself warned of a coming cybersecurity "reckoning" and declined to release it publicly. Some officials are pushing for a review system that would give the government first access to frontier models without blocking their release. Axios adds that the discussions grew out of meetings led by the Office of the National Cyber Director — meaning this is being treated as a national-security testing problem, not lab politics.

The personnel context matters. David Sacks, the deregulation-friendly White House AI czar, departed in March. Chief of Staff Susie Wiles and Treasury Secretary Scott Bessent have stepped in and told associates they intend to take a more active hand. If a formal executive order lands, the U.S. has effectively adopted a softer version of the EU framework Vance attacked — and the labs that lobbied hardest for deregulation are now drafting the rules. Watch the verb: "first access" is harmless. "Approval required" is not. The White House officially calls the reports "speculation," so this remains pre-decisional — but the lab briefings are the tell.

Jack Clark, Anthropic co-founder and head of the Anthropic Institute, published Import AI 455 on Monday with a thesis he says he "reluctantly" reached: 60% or better odds of no-human-involved AI R&D by end of 2028 — meaning a system capable of autonomously designing its own successor.

He's not vibing. Anthropic tracks its models on a benchmark that requires optimizing a small language model's training code for speed. Claude Opus 4 hit a 2.9× speedup in May 2025. Opus 4.5 reached 16.5× in November. Opus 4.6 hit 30× in February. Claude Mythos Preview hit 52× in April 2026. A skilled human researcher needs four to eight hours to achieve a 4× speedup on the same task. Separately, as of March, AI systems can post-train other models to roughly half the uplift achieved by human researchers, scoring 25–28% on a weighted suite where humans hit 51%. OpenAI has stated publicly it wants an "automated AI research intern" by September 2026.

What changes if Clark is right: every capability forecast for 2027 and beyond gets compressed, and the alignment problem stops being a research agenda and starts being a deployment timeline. What failure looks like: the speedup curve flattens between Mythos and the next generation as the easy optimizations run out. The signal to watch is whether OpenAI ships its September intern on schedule. If they do, Clark's number isn't a forecast — it's a roadmap.

On May 4, an attacker drained roughly $175,000 in DRB tokens from a wallet linked to xAI's Grok agent. The attacker first sent a Bankr Club Membership NFT to unlock transfer capabilities, then embedded malicious instructions in Morse code inside an X post. Grok dutifully decoded the dots and dashes into a clean public instruction tagging @bankrbot and asking it to send 3 billion DRB. Bankrbot — the autonomous finance agent on the receiving end — treated Grok's text as an executable command and shipped the tokens.

The diagnosis is the lesson. Grok wasn't hacked. xAI wasn't breached. The exposed surface was the handoff between two agents — the moment one model's public output became another agent's authority. CryptoSlate reports that an earlier version of Bankr's agent had a hardcoded block on Grok replies specifically to prevent LLM-on-LLM injection chains. That protection was not carried into the latest rewrite. Bankr says about 80% of funds had been recovered as of May 4; 20% remained disputed as of May 4.

The financial stakes are small. The architectural stakes are not. Any multi-agent system where one model's output is another agent's command is vulnerable to exactly this class of attack — and that architecture is increasingly the default. The signal to watch isn't more crypto heists. It's whether enterprise agent platforms start treating inter-agent messages as untrusted input by default. Until they do, every "agent A talks to agent B" demo is a future incident report.

Anthropic announced on May 4 that it is forming a new enterprise AI services company with Blackstone, Hellman & Friedman, and Goldman Sachs, designed to embed Claude into the operations of Fortune 500 companies. Reuters pegs the venture at roughly $1.5 billion.

Read this alongside Bloomberg's reporting that OpenAI closed a $10 billion vehicle anchored by TPG, Brookfield, Advent, and Bain Capital — internally branded The Deployment Company — and a pattern emerges. Both leading frontier labs are betting the fastest path to enterprise revenue is not direct sales but the portfolio companies of the world's largest buyout shops. Private equity becomes the distribution layer; the lab keeps the high-margin work above the API.

What changes if it works: Accenture and Deloitte lose the deployment-and-integration premium that has been their moat for two decades. What failure looks like: PE firms discover that "drop Claude into 200 portfolio companies" is harder than a deck makes it sound, and the venture quietly becomes a fund-of-pilots. The signal to watch is whether either firm publishes a named, in-production customer with measurable workflow change before year-end.

Microsoft's May partner announcements highlight that Agent 365 is now generally available through Microsoft 365 E7, positioned as a control plane to observe, secure, and govern both Microsoft and third-party AI agents. Identity, permissions, monitoring, audit trails, policy — the boring layer that becomes load-bearing the moment you have 500 agents instead of five.

The framing matters because it converges with the White House story above: once agents touch real systems, governance stops being optional. Whoever owns the control plane owns the enterprise. What changes if Microsoft is right: the next big AI software battle isn't assistant apps, it's the operating system for agent fleets. What failure looks like: customers prefer best-of-breed agent platforms with their own governance, and Agent 365 becomes Microsoft's Teams-for-bots — bundled, used, never loved.

Reporting this week describes OpenAI extending Codex with integrations for Gmail, Slack, in-app browsing, plus plugins for computer control and scheduled automations. The pitch: move Codex from coding assistant to a general productivity intern that triages your inbox and runs browser tasks while still doing the developer work.

This is the same pattern as the harness story below — the model isn't the product anymore, the integration surface is. Treat as reported product expansion rather than a model release. The signal to watch: whether OpenAI publishes adoption numbers for non-developer Codex usage by Q3.

Three days after the Department of Defense announced it was bringing commercial frontier models onto classified networks, security firm Strix AI published a postmortem detailing a multi-tenant authorization vulnerability in a DoD-backed AI platform. Strix researchers say they bypassed authentication entirely and reached the administrative layer of a platform built for sensitive government inference workloads. The write-up includes reproducible attack paths.

This casts an immediate shadow on the Pentagon's commercial-integration timeline. Pushing startup-grade security into Impact Level 6 environments is brittle without serious hardening — and the Strix disclosure is a credible public data point that the hardening hasn't happened yet. Watch whether the Pentagon publishes new procurement-stage security requirements before the next vendor onboards.

A White House aide drafting safety regulations under a desk that still has a "deregulation" sticker on it; an Anthropic co-founder writing 60% on a napkin and admitting he can't quite hold the number in his head; a verified AI wallet bleeding three billion tokens because someone tagged it with dots and dashes. The labs are running toward governance, the policy people are running toward the labs, and somewhere on Base, a Morse-code enthusiast is up $35,000 and a piece of NFT clout. Onward.

If you know someone still telling themselves AI policy is a 2027 problem, forward this.