Welcome back! This week, we have several insights to discuss, from Mythos’ cybersecurity concerns being fully disproven, OpenAI’s problems with goblins, the “new” technique Labs are using to charge more, Hyperscalers earnings results, and the proof that price hikes are coming in a pretty strong way, among other news.

Enjoy!

I’m starting an enterprise AI-focused free blog on Medium and Substack called The Imperative, where you can read my first blog, Diary of a Scared Executive.

It’s an advisory firm, meaning you can hire me for enterprise advisory through there, but it will also serve as a free blog where I share insights from actual field data, after talking with executives and practitioners alike, to show you the true state of enterprise AI. This means non-enterprise content will be found here and in my Medium blog, and enterprise AI content will focus mostly on The Imperative.

Don’t hesitate to follow me on your platform of choice!

The UK’s AI Security Institute (AISI) announced that OpenAI’s GPT-5.5 is the second frontier model (after Anthropic’s Mythos Preview) to fully complete a complex 32-step corporate network attack simulation.

In the “The Last Ones” cyber range, a realistic enterprise network with multiple subnets, GPT-5.5 succeeded in 2 out of 10 attempts with a 100 million-token budget.

It also scored the highest on advanced CTF challenges, achieving ~71% success rate on expert-level tasks involving memory exploits, cryptography, and reverse engineering.

As a notable result, GPT-5.5 solved a difficult Rust virtual machine reverse-engineering challenge in under 11 minutes and for just $1.73, a task that took a human expert roughly 12 hours.

It’s important to note the caveats, though; these tests were run in controlled environments with no active defenders or real security tools. That is, real-world performance against defended networks remains unproven.

It’s been several days since the release of GPT-5.5, and to my knowledge, the world hasn’t ended yet despite having similar cybersecurity capabilities as the model that was “too powerful to be released.”

Remember that a few years ago, OpenAI believed GPT-2 was too dangerous to release. Please stop taking seriously companies that are incentivized to scare you and investors in order to raise more money.

One of the most viral moments of the week has been the weird obsession OpenAI models have with creature-like words like ‘gremlin’ or ‘goblin’. The models simply can’t get enough of talking about these entities, especially when users chose the ‘Nerdy’ personality option OpenAI offers in its products, as shown in the thumbnail.

OpenAI eventually realized and has even completely retired the ‘Nerdy’ personality.

But how does this happen? How does a model become obsessed with a word? Let me explain why this apparently harmless event shows us how incredibly feeble AI training techniques are and how this can manifest in much more harmful behaviors.

At a very high level, every model released to users follows a three-step training process:

The first part teaches knowledge. The second one teaches behavior, and the third one teaches skills (because the model has to find ways to solve problems on its own).

This is the process that gives us models such as GPT, Claude, or Gemini. The problem is that, except for phase 2, the amount of entropy is enormous. Simply put, the researchers have very little idea of what the model is learning.

In the first phase, as we feed models as much data as we can, bad data is getting in there, too.

But the third phase is even more dangerous and uncontrollable.

The reason is that the model is “free to learn whatever works,” because in RL, we mostly don’t focus on how the model got there as long as it reaches the right place. In other words, we fixate on the final outcome (e.g., checking whether the model reached the correct solution to a math problem).

For that reason, there’s a risk that we score highly on tries where the model had a poor reasoning process but still reached the correct response, and vice versa.

To somehow guide this process, we instead provide “rewards”. These are incentives to perform certain behaviors and prevent the ones we want, ideally guiding the model toward good behaviors and skills and away from the undesirable ones.

For instance, a simple reward is to penalize length; if we want them to get to the point faster, if the model gets to the correct response but took forever, it doesn’t get full scores.

But again, this is a very lossy procedure with infinite gaps that models can exploit. For example, with the same length penalty, the model might learn to shorten responses all the time, even if that results in worse overall scores (the longer the responses, the more likely the model is to reach the correct answer because models verbalize their thinking), just to avoid the penalty.

Think of this as having a student judged solely on right-or-wrong responses, with us completely ignoring the thought process, except for some broad guidance.

For instance, we might have a reward that incentivizes the student to use Pythagoras’ theorem whenever the problem involves a right triangle, but we don’t check whether the student did 1+1=7, which was somehow the final correct response despite the arithmetic being totally wrong.

Now, apply this analogy to AI, and you'll perfectly understand why models learn behaviors or skills we didn’t expect.

And why am I telling you all this? Well, because this is exactly what went wrong here. As mentioned, OpenAI offers different personalities for users to choose from. Each of these personalities is obtained by applying the rewards I was describing.

For example, they had a ‘nerdy reward’ that “pulled” the model toward nerdy behaviors. OpenAI described this as making the model act more playful, intellectually enthusiastic, a little strange, wise, anti-pretentious, and comfortable using quirky language.

But at some point, this nerdy reward mechanism started rewarding the model whenever it mentioned goblins or gremlins. The reason was that, as we’ve discussed, the reward system can give high rewards to suboptimal solutions in unpredictable ways.

Maybe for a simple stroke of bad luck, ‘gremlin’ and ‘goblin’ were present in sequences with very high scores, which means every single word in that sequence was incentivized to be repeated.

Over time, the model mistakenly associates those words with good responses and just becomes, for lack of a better term, “obsessed” with them.

This harmless, almost playful story hides a huge connotation. Just like models can learn to say ‘goblin’ obsessively to hack the nerdy reward, they can also learn to blackmail, cheat, lie, and other much more serious behaviors for what’s really the exact same mechanism; the model randomly finds things that work, and doesn’t have the moral compass to decide is those solutions are good for the user or not; they just learn to maximize the reward and will do whatever it takes to score highly.

One day it’s by talking about ‘goblins’ all the time, another it’s lying to you to prevent you from closing it down.

Let me explain a trick Anthropic is using to charge you more.

And let me tell you, it’s quite dirty because it uses what, without a doubt, is the most misunderstood component of modern AI models: the tokenizer, an external piece of software that ‘tokenizes’ the model's input.

In plain English, this component takes the input and chunks it into known groupings (letters in the case of text), which are then converted to numbers for the AI to process.

These chunks are what we call tokens, which can be letters in text or pixel patches in images… You get the point.

As you can see in the thumbnail, the tokenizer takes in the text we want to give to the model and chunks it. Each chunk is assigned a number, and these numbers are row entries in a big table that the model looks up to retrieve the ‘embedding’, a numerical representation of the chunk.

Say we have the word ‘red’, which happens to be a single chunk in most tokenizers. This means the word ‘red’ has a row in that table that automatically converts it into a list of numbers.

It’s this string of numbers that the model understands as ‘red.’

The key is that the cost grows proportionally to the number of tokens the tokenizer chunks your input into.

This isn’t quite linear, but to drive the point home, for a single text sequence, if the tokenizer chunks the input into twice as many tokens, it costs double. Roughly speaking, ten tokens cost twice as much to process as five tokens.

Why? For two reasons. Recall from our recent DeepSeek piece that LLMs do two types of operations internally:

And that’s precisely the point: both are per-token computations.

For most people, “a model’s price” is simply measured by per-token pricing, completely ignoring the elephant in the room: that a model’s price also depends on how many tokens it processes and generates.

And here’s where the nasty surprise emerges: Opus 4.7 has an up to 35% increase in token count simply because they changed the tokenizer compared to Opus 4.6 (which is most likely because Opus 4.7 is a distillation of Mythos, an entirely new model).

And while Anthropic did mention this, they “failed” to mention that this could imply a cost increase, for obvious reasons.

And for other obvious reasons, people have started putting this to the test and, to the surprise of nobody, the model is much more expensive, up to 27% more, relative to Opus 4.6, despite having the same token pricing ($5/$25 per million input and output tokens).

Ramp made a similar analysis and drew the same conclusions; Opus 4.7 is just overall more expensive, despite GPT-5.5 having a higher output token price of $30 vs $25.

The reason, as we have explained, is that the model needs more tokens to process the same input and generate the same response.

And just like that, your bill has increased by 12-27% with a single model change for mostly marginal improvements that do not, in God’s green Earth, justify the price hike.

The more I read about this stuff, the more convinced I become that enterprises are going to have none of this and will start migrating massively to open-source once they become sophisticated enough (in reality, the barrier to open-source is much lower than people think).

You can just appear to announce an almost 30% price hike, while companies nowadays can say “thanks, but no” and move toward open source.

For me, private models will only make sense in iterative workflows like coding or agent-based systems, where even marginal improvements in intelligence matter.

But for automation? Using private models to read emails is like “killing flies with cannonballs”, as my grandfather used to say.

Two weeks ago, I explained that Opus 4.7 was something totally different from anything we had seen over the past two years, because it was much more “intelligent” at the per-forward-pass level than previous-generation models.

In other words, if LLMs had been improving intelligence over the past two years by increasing thinking budgets (generating much longer responses, which helps them think for longer), the new generation of frontier AIs, mainly Opus 4.7, achieved similar scores with a considerably smaller thinking budget, meaning they require several times fewer response tokens to reach the same performance.

And GPT-5.5 only seems to be confirming this trend.

As seen above in the WeirdML benchmark (which has models solve weird ML tasks, one of the most trustworthy benchmarks for truly testing model progress), the new family of models offers frontier-ish performance while requiring 5 to several dozen times fewer tokens.

At first, the results might seem underwhelming, seeing that they don’t meaningfully improve what we had earlier in terms of nominal performance, but they absolutely do if you measure by performance-per-dollar.

Thus, if we push these models to the same thinking budgets we gave previous generations, they would break all records.

Sadly, AI Labs have deep pockets but not infinite ones, so they are going to be more pressured than ever to stop looking for that extra 0.5% performance that requires ten times the investment and instead settle for great performance at a great price.

In one of the most aggressive pivots I’ve seen in SaaS, probably ever, Salesforce is going headless.

Salesforce has introduced Headless 360, a new architecture that exposes Salesforce capabilities as APIs, MCP tools, and CLI commands so AI agents can use the platform without relying on the browser interface.

The company says the release covers Salesforce data, workflows, business logic, and permissions across Customer 360, Data 360, Agentforce, and Slack.

The launch includes more than 60 new MCP tools and more than 30 preconfigured coding skills, giving coding agents access to Salesforce environments via tools such as Claude Code, Cursor, Codex, and Windsurf.

One of my boldest predictions in the past has been that software will transition from human-centered to agent tooling.

The reason was none other than the irresistible future of declarative software, a future where humans take a full hands-off approach and let the agents “do the doing” while humans “do the asking”.

I firmly believe any SaaS company that’s minimally committed to survival needs to make this pivot.

Of course, there will remain value in having a part of your app being human-centered (mainly the dashboard that helps humans control the agents), but if you don’t commit hard to agents (even though they are not yet quite fully ready for prime time), you’re going to have a nasty time in the future.

In the meantime, other SaaS companies are doing the same, with examples like Mercury, which has just released the Mercury CLI, a way to interact with your products and account using CLI commands, something no human would ever do… except it’s clearly meant for agents.

Anthropic has published a new Claude Security feature for enterprise customers. Claude scans your codebase for vulnerabilities, validates each finding to cut false positives, and suggests patches you can review and approve.

I believe this is the type of feature that actually sticks because I wholeheartedly believe these tools can be absolutely great at cybersecurity stuff (as showcased by the top news in this piece.

I’m surprised by the ‘enterprise-only’ release, though. It seems Anthropic is no longer even pretending to care about individual consumers, due to the enormous compute hole they’ve created over the last three months, which has forced them to secure commitments for 13.5 GW of new compute just this month alone.

Yesterday, all four main Hyperscalers, the companies serving compute, both AI and non-AI, to the world, and the primary financiers of the AI race, presented their quarterly earnings results, and the results were incredible, but a mixed bag in terms of how investors received them.

Starting off with Meta, they reported Q1 2026 revenue of $56.31 billion, up 33% year over year, above the consensus of $55.45 billion.

The company’s AI story is still mainly advertising-driven rather than a separate AI revenue line: reported coverage points to AI-powered ad targeting and automation supporting higher ad performance, with ad revenue around $55 billion and growth driven by both impressions and pricing. Sadly, however, Meta does not disclose “AI direct sales” as a separate category.

For CapEx guidance, Meta raised its 2026 capex guidance to $125 billion to $145 billion, up from $115 billion to $135 billion.

Moving on, Alphabet reported Q1 2026 revenue of $109.9 billion, up 22% year over year, above the $107.2 billion estimate. Its Google Cloud growth was absolutely incredible: revenue rose 63% to $20 billion, with operating income tripling to $6.6 billion from $2.2 billion, driven by enterprise AI products and infrastructure.

The cloud backlog nearly doubled quarter over quarter to more than $460 billion, almost half a trillion in agreed commitments. Again, Alphabet does not break out AI-only revenue, but says AI demand leads Cloud growth and that Gemini drives its strongest consumer AI quarter.

Capex more than doubled to $35.67 billion in Q1, and Alphabet keeps its 2026 capex guidance at $175 billion to $185 billion to expand AI compute capacity.

Next, Microsoft reported fiscal Q3 2026 revenue of $82.9 billion, up 18%, with operating income of $38.4 billion and EPS of $4.27.

Worth praising was that Microsoft provided the cleanest direct AI revenue figure among the group: its AI business has surpassed a $37 billion annual revenue run rate, up 123% year over year.

Microsoft Cloud revenue reached $54.5 billion, up 29%, while Azure and other cloud services grow 40%, or 39% in constant currency, but they didn’t offer full-year CapEx guidance and instead just showed they met spending objectives.

Amazon reported Q1 2026 net sales of $181.5 billion. AWS revenue rises 28% to $37.6 billion, above the estimate of $36.6 billion, with growth driven by enterprise AI spending.

Unlike Meta or Google, Amazon did give a direct AI sales signal: AWS AI services are generating more than $15 billion in annualized revenue.

Capex reached $44.2 billion in Q1, up more than 76% year over year and above analyst expectations, while Amazon has guided to about $200 billion of capex for 2026 (what they had already guided a few months back, so no increase there).

Blowout earnings across the board, but what should we take away from all this?

I don’t think the world has ever seen four companies generate so much money, with only the memory companies, which might break all records this year and the next (at least), and NVIDIA can follow such a level of consistent growth everywhere you look.

With that said, I’m fairly annoyed with the obvious obfuscation with which these companies treat their “AI businesses”.

How can we blame investors punishing companies like Meta (down 10% today) for increasing an already abnormally high capital expenditures when they are literally incapable of telling us in full detail how AI is making them money?

The fact that they consistently refuse to give clear AI numbers is a terrible sign, full stop, because we all know that if they could, they would be promoting the living daylights of them.

And for those that did present direct AI revenues, like Microsoft or Amazon, congrats, but that doesn’t mean my bullshitometer isn’t off the charts either way. The reason is the circularity of those revenues.

Yes, AI revenues are growing, but most of those revenues are self-generated; they “give” money to {insert pricy AI Lab} in exchange for equity. However, no money is exchanged here; the Hyperscaler offers compute rights, and when the AI Lab uses them, the Hyperscaler recognizes that as revenue.

You see what’s happening here, right? Hyperscalers are making revenue out of what’s literally thin air. Of course, not all AI revenues are that way, but a considerable portion are.

Furthermore, these guys are masters at bundling these features to other products, forcing them down customers’ throats (e.g., Microsoft Copilot). So even if that counts as revenue, bundled revenue is as impressive as me saying I’m selling a lot of cookies just because I give them away as part of the burger menu.

On a final note, we must praise Google’s outstanding performance, with 63% year-over-year growth in its cloud segment, which explains why Google is up 7% today. Yes, percentages are tricky because they are based on what the original base was (GCP is the smallest cloud by far), but it’s an incredible demonstration of doing things right.

One of my 2026 predictions was that Google would be the world's largest company by market cap. I think it’s a matter of time, but it might come even sooner than I expected.

A security engineer has reverse-engineered how ChatGPT ads work, and the results are quite revealing.

Ads are inserted into conversations and tracked after a user clicks. ChatGPT’s backend can inject structured ad units into the same server-sent event stream that carries model responses, while a merchant-side tracking SDK reports post-click activity back to OpenAI.

In plain English, the user sends a request to ChatGPT, which is immediately analyzed to identify candidate ads to be shown. This selection is most likely done using hybrid search, a combination of keyword search (e.g., user mentions ‘books’ search ads with the same keyword) and vector search (e.g., the user describes a novel about dragons, search for books with descriptions about dragons). This way, they can “guarantee” relevance.

After OpenAI’s client in the browser sets different cookies that will track your buying behavior over the next 30 days, basically trying to track attribution (whether the ad actually led to you buying).

Ever since the idea of adding ads to chatbots became a real possibility, my question has always been the same: margins.

You see, this is all well and good, showing ads that match the conversations the user has with ChatGPT. Sounds super promising on paper, because AIs can capture intent way better than Google Search or Instagram can.

The problem is that doing this for profit is much harder when AI is involved. For Meta, showing you another ad on Instagram is, computationally speaking, “free.” For Google, rendering the next set of 10 blue links is also “free” (AI Overviews aren’t free, though).

But for OpenAI, conversations with users are all but free; there’s a non-negligible cost associated with that interaction; even if it’s cents, across almost a billion active users those marginal costs scale fast. GPUs have to be launched, and a sequence, with its pertinent working memory cache, which can be huge, appears too.

Conversation length can be arbitrarily long, so associated costs vary widely across ads: some render on a simple, short conversation, while others require a two-hour back-and-forth between a user with an issue and ChatGPT.

Put another way, for Instagram, the marginal cost of showing an ad is negligible and constant; for OpenAI, it can be huge and heterogeneous, with some ads super profitable if the user isn’t too token-intensive, but impossible to make money on when users are more talkative.

The reason digital ads are considered such a great business is not only that they can target us very effectively with OpenAI, but also that they're extremely profitable and have predictable cost structures.

I don’t know about you, but I have zero idea how to build a cost structure for this business.

Ads on traditional software platforms were (and are) a great business because they were built on unbeatable margins. I’m not convinced chatbot-based ads offer such great incentives.

I’ve been screaming at you that price hikes were coming and that the subsidized era was ending. Boy, was I not only right, but even I didn’t expect them to come so fast.

GitHub (Microsoft) has detailed how Copilot’s model multipliers will change for existing annual Copilot Pro and Copilot Pro+ subscribers when the service moves to usage-based billing on June 1, 2026.

While some lower-cost models keep small multipliers: Claude Haiku 4.5 remains at 0.33, Gemini 3 Flash remains at 0.33, and Grok Code Fast 1 moves from 0.25 to 0.33, several higher-end models will become much more expensive in allowance terms.

These aren’t 20% price hikes; we’re talking about 3-6 times more expensive one day to the next. Even GPT-5.4 mini, a small model, allegedly, goes from 0.33x per credit to 6x, an 18-fold increase!

We’re seeing two big trends in enterprise AI that I predicted would eventually come: usage-based pricing and increased prices.

Drill this into your brain: AI’s marginal acquisition costs are not negligible, a sharp turn relative to software in the pre-AI era. In layman’s terms, onboarding a new customer or a new employee to an AI feature adds a cost that can’t be ignored.

This means that AI features are extremely hard to price well on fixed prices; either you’re scamming your customers, or you’re serving them at cost or even losing money (as most AI Labs are doing).

Historically, for non-AI software, this was not the case, as marginal increases in install base did not imply higher hardware allocations.

However, AI requires a larger pool of accelerators (e.g., GPUs) as users grow, and each user can imply an unpredictable amount of cost; some will be almost zero (no usage or very little), while others can spend several times what you were predicting.

Therefore, the only viable path to sustainable revenues for AI companies is usage-based pricing.

Importantly, the end of the subsidized era will not come with sudden, large per-token prices, but rather a progressive transition to everything being billed by use.

However, the losses in AI companies are so massive that price hikes are still coming, as we’ve seen with GitHub.

Either way, either you get smart about your AI spending, or you’re going to get burned.