The most expensive code nobody meant to ship

The AI industry asked investors for its biggest vote of confidence this week. The same week, it demonstrated exactly why that confidence is premature.

CNBC reported that OpenAI closed a $122 billion funding round at an $852 billion valuation, the largest private financing in history. Amazon put in $50 billion, Nvidia $30 billion, SoftBank $30 billion, with $3 billion from retail investors who got access to the cap table for the first time. The market is pricing OpenAI as though AI's operational risks have been solved. They haven't.

On the same day, VentureBeat reported that a misconfigured npm package exposed 512,000 lines of Anthropic's TypeScript source code. Claude Code v2.1.88 shipped with a 59.8MB source map file that nobody meant to include, revealing unreleased features including KAIROS, an always-on proactive agent mode with a 15-second blocking budget, and 44 internal feature flags. This was Anthropic's second accidental disclosure in five days. The company called it 'a release packaging issue caused by human error, not a security breach'. That distinction matters less when your competitors can read your roadmap.

The operational gaps run deeper than packaging mistakes. TechCrunch reported that Mercor, a $10 billion AI recruiting startup, was breached through a supply chain attack on LiteLLM, one of the most widely used open-source AI libraries. Attackers compromised Trivy's GitHub Actions to steal PyPI publishing tokens, then poisoned LiteLLM packages to harvest SSH keys, cloud credentials, and AI API keys from thousands of companies. Lapsus$ claims it accessed 4TB of Mercor's data. A $10 billion valuation and all it took was a compromised vulnerability scanner one dependency layer down.

The gap between price and discipline

Here's the pattern nobody in the funding cycle wants to acknowledge: the companies building AI cannot yet secure the code that ships it. Anthropic leaks its own source. A widely-used proxy library gets weaponised because its CI pipeline trusted a third-party scanner. These aren't sophisticated attacks or exotic failure modes. They're the boring, preventable kind: a missing .npmignore, a poisoned dependency, a default setting left unchecked.

And the industry's response? Spend more. CNBC reported that Oracle is cutting up to 30,000 employees, roughly 18% of its workforce, to free $8-10 billion annually for a $156 billion AI data centre buildout. Workers across the US, India, and Canada received termination emails at 6 AM with no warning from their managers. Oracle posted a 95% jump in net income last quarter. The layoffs aren't about survival. They're about redirecting human capital into compute capital, betting that infrastructure matters more than the people who maintain it.

I think this is the most honest snapshot of where AI sits right now. The market values a single company at nearly a trillion dollars. That same sector can't keep source maps out of npm packages, can't secure the open-source libraries its products depend on, and is shedding the engineers who might catch these problems so it can buy more GPUs.

The money isn't wrong about AI's potential. But valuations price in execution, and execution requires the kind of operational maturity that a missing .npmignore file says you haven't built yet. For anyone building on this stack: the risk isn't that AI doesn't work. It's that the infrastructure around it is growing faster than the organisations can secure it. The next supply chain attack won't be stopped by a bigger funding round.

---