The Deployment Fork

May 3, 2026 — Daily report

Summary

The industry forked on deployment terms. The Pentagon awarded classified-network AI contracts to seven companies — AWS, Google, Microsoft, Nvidia, OpenAI, SpaceX, and Reflection AI — and formally excluded Anthropic under a “supply chain risk” designation. The same week, Counterpoint Research published Q1 2026 data showing Anthropic at 31.4% global LLM revenue share, ahead of OpenAI at 29%, with 7x fewer users and 7x higher average revenue per user. The company that refused unrestricted military access is winning commercially. That’s the fork: values-constrained deployment versus unrestricted deployment, and the market is currently rewarding the constraint.

Quiet dependency day otherwise. One new release — aube v1.7.0, the 13th release in 11 days from the jdx ecosystem. Two security signals relevant to tracked deps. Two new Nate pieces connecting the orchestration and local-first threads.

Pentagon AI contracts — the institutional fork

On May 1, the Pentagon announced agreements with seven companies to deploy AI on classified networks (Impact Level 6 and 7). The vendors:

Oracle was later added as the eighth vendor.

Anthropic was excluded because it refused to permit Pentagon use of Claude for “all lawful purposes” — language the company argued could enable domestic mass surveillance or fully autonomous weapons. Defense Secretary Pete Hegseth formalized a supply chain risk designation in March. Anthropic sued; a federal judge blocked enforcement. Pentagon CTO Emil Michael told CNBC that Anthropic is still blacklisted, but that Mythos is a “separate national security moment.”

What this means: The U.S. defense establishment now has a formal, institutional split. The White House negotiating branch and the Pentagon blocking branch are pursuing opposite strategies toward the same company. Anthropic has three power centers working in its favor (White House, courts, CISA/intel community) and one against (Pentagon CTO). The contracts don’t ban Claude from all government use — they ban it from classified military networks specifically.

Reflection AI is the notable new entrant. NVIDIA-backed, positioning on open-source models. Their spokesperson framed the contract as “a precedent for how AI labs could work across the U.S. government.” If open-source/open-weight models become the preferred government stack (inspection, auditability, no vendor lock-in), Reflection’s position strengthens relative to the proprietary model providers who also got contracts.

Anthropic revenue — the demand-side evidence

Counterpoint Research Q1 2026 data, reported by The Register on April 30:

Anthropic captured the high-end professional market. The ARPU gap is 7.4x versus OpenAI. With fewer than one-sixth the users, Anthropic generates more total revenue. This is the first hard quantitative confirmation of the bifurcation thesis: consumer AI economics are collapsing (OpenAI 80% Plus subscriber decline projected) while professional AI economics are viable.

The revenue data also contextualizes the Pentagon exclusion. Anthropic’s commercial position isn’t threatened by losing military contracts — the company is already winning on revenue without government work. The values position is commercially sustainable, at least at current trajectory.

aube v1.7.0 — the 13th release in 11 days

Released May 3, 01:23 UTC. From v1.0.0 (April 23) through v1.7.0 — thirteen releases in eleven days.

Highlights:

• aube add learns git specs — GitHub shorthand, git+ssh/git+https, gitlab:/bitbucket: prefixes, aliases
• Local-path specs — file:./pkg, link:../sibling, .tgz archives
• Yaml-only workspace roots — Turborepo-style coordinator monorepos with no root package.json
• aube update rewrites manifest ranges — caret/tilde ranges rewritten to track resolved max (pnpm behavior)
• aube rebuild <pkg>... — targeted lifecycle script execution
• 1.9x faster cold installs — @imjustprism’s deep performance pass (PR #469): streaming SHA-512, parallel CAS imports, speculative TLS prewarm, fetch reordering, native DNS cache, mmap+rayon BLAKE3, concurrency 64→128

@imjustprism continues to be the week’s most interesting voice discovery — security audit (v1.2.0, ten CVE-class fixes) and performance engineering (v1.7.0, 1.9x cold installs) from the same contributor within two weeks of a project going stable. Second appearance in the discovery queue.

Nate — two pieces connecting threads

“Issue trackers as agent infrastructure” (May 2): Linear’s CEO declared issue tracking dead in March. Then OpenAI open-sourced Symphony, which turns Linear into an agent control plane — the tool that was “dead” became essential infrastructure. Nate’s argument: Saarinen was “right about the user experience and wrong about the infrastructure.” The state machine, assignee fields, audit history, and dependency graphs are exactly what agents need. Internal teams using Symphony with Linear saw a 500% increase in landed PRs.

Five structural tests for whether a tool becomes agent infrastructure (detailed analysis behind paywall, but the thesis is clear): durable state, ownership, permissions, audit history, dependency tracking.

“Personal AI computer stack” (May 1): The six-layer framework now has a buying guide — three concrete builds (knowledge worker, privacy maximalist, local-first developer). Maps directly onto tracked signals: Apple Silicon + NVIDIA (hardware), Ollama + MLX (runtime), Gemma 4 + Qwen3.6 (models), TurboQuant + agent context (memory), CLI agents (apps), Symphony + /goal (workflows). The argument: “a fuzzy window through May or June 2026” where infrastructure arrives faster than awareness.

These two pieces connect. The orchestration layer (Symphony) needs the infrastructure layer (issue trackers). The personal AI computer stack needs both. Nate is building toward a synthesis where the six layers, the five structural tests, and the execution gap (GPT-5.5 scored 87 where next best scored 67) form a coherent picture of what “owning your AI stack” means.

Security advisories

Bitwarden CLI npm compromise (April 22 — directly relevant)

@bitwarden/cli@2026.4.0 was briefly compromised (93 minutes, ~334 downloads). A malicious preinstall hook downloads the Bun runtime, then launches an obfuscated credential stealer targeting:

• npm tokens, GitHub auth tokens, SSH keys
• Cloud credentials (AWS, Azure, GCP)
• ~/.claude.json and MCP server configs
• GitHub Actions environments

Data encrypted with AES-256-GCM, exfiltrated by creating public repos under the victim’s account. Attributed to TeamPCP (previously: Trivy, LiteLLM supply chain attacks).

Why this matters for tracked deps: Bun is used as the payload runtime. ~/.claude.json and MCP configs are explicit targets. The attack surface now includes the AI agent configuration layer — not just traditional credentials.

CVE-2026-41686 — Anthropic TypeScript SDK (Medium)

BetaLocalFilesystemMemoryTool creates memory files with Node.js default modes (0o666 files, 0o777 directories). On shared hosts: world-readable persisted agent state. In permissive Docker environments: world-writable, enabling memory poisoning to influence model behavior. Affects versions 0.79.0–0.91.0. Fixed in 0.92.0.

Dependency status

All 41 tracked dependencies checked. Zero new releases beyond aube v1.7.0. Expected warnings on Ghostty (tip tag) and atproto (scoped package naming).

Frame check

Dominant frame entering this report: “The stack outran the field” — supply-side growth, no demand-side evidence.

What would falsify it? Hard demand-side data showing adoption is tracking supply.

Did today’s data lean toward falsification? Partially. The Counterpoint revenue data ($16.20 ARPU, 31.4% share) is the first hard demand-side evidence. But it’s concentrated in the professional/enterprise tier. Consumer adoption may indeed be collapsing (OpenAI’s projected 80% Plus subscriber decline). The stack outran consumer demand but may be matching professional demand.

Revised frame: The bifurcation thesis gets its first quantitative confirmation. Professional AI economics are viable (Anthropic revenue). Consumer AI economics are collapsing (OpenAI subscription projections). The deployment fork (Pentagon contracts vs. commercial revenue) maps onto this same split: the professional market doesn’t need military contracts, and the military can’t ignore the commercially dominant model provider. Both sides are uncomfortable.

Landscape read

The competitive axis added a new dimension this week: not just “who has the best agent” or “who orchestrates the portfolio” but “who deploys under what terms.” The Pentagon contracts formalize a governance divergence that was implicit since Mythos launched. Anthropic’s refusal to accept “all lawful purposes” language is now a concrete institutional fact, not just a policy position.

The market response to this fork is unambiguous in the short term: Anthropic leads on revenue. But short-term revenue doesn’t determine long-term positioning. The seven vendors with military contracts get classified-network deployment experience. Anthropic doesn’t. If national security AI becomes the primary enterprise vertical (and it might — the Pentagon’s AI budget dwarfs most enterprise verticals), the exclusion costs more over time.

Against that: Anthropic has the White House, the courts, and CISA. The blocking branch is one CTO. The negotiating branch is broader. And the $65B capital commitment ($10B Google + $5-25B Amazon) gives Anthropic more runway than any government contract would.

The aube velocity is worth noting at the ecosystem level. Thirteen releases in eleven days, from a one-person studio (jdx) with sponsor-funded contributors (@imjustprism). If this pace holds, aube reaches pnpm parity within weeks. The jdx ecosystem now has five layers: versions (mise) → packages (aube) → hooks (hk) → functions (fnox) → daemons (pitchfork). That’s a complete developer environment stack from one studio.