← → or h l to move · f fullscreen · esc exit

Living on the Frontier · Session 12 · In-person

The Infrastructure Play

May 9, 2026 · The Kannas Hotel, Chiang Mai

Anthropic rented 220 thousand GPUs from SpaceX.

The 5-hour limit became ten overnight.

Opus rate limits lifted. Peak hours gone.

Agents can now review their own sessions.

Agents can now break work across a fleet.

No static keys. No secrets manager. Just identity.

Excel knows your name now.

Then the interpretability team read Claude’s thoughts.

A model was cheating on a training task.

While cheating, it was thinking about how not to get caught.

Those thoughts never appeared in the output.

Somewhere, Codex started driving Chrome tabs in the background.

Scale up. Agents up. The mirror has a crack.

This week

12
Bookmarked tweets — curated since last session
5
Major stories — compute, agents, browser, auth, mind-reading
1
Alignment result — that rewrites the eval playbook

Part I

The Agent Layer

Managed Agents gets real. Codex gets a browser.

Anthropic · May 6–7 (Code with Claude)

Claude Managed Agents: Dreaming, Orchestration, Outcomes

Three new features: (1) Dreaming (research preview) — agents review their own past sessions, find patterns, self-improve; (2) Multiagent Orchestration — a lead agent breaks work into pieces, delegates to specialist sub-agents with their own model/prompt/tools; Netflix already deployed this; (3) Outcomes — define what success looks like, Claude iterates until done.

"Dreaming" closes a loop that's been manual in every harness-based agent system: agent reflects on what it did, compares to outcomes, updates its approach. No human in that loop. Netflix deploying multiagent orchestration at production scale is the credibility signal. The question isn't whether it works in controlled scenarios — it does. The question is: when an agent's goal is defined by an enterprise, what does self-improvement optimize toward?

"Multiagent orchestration where a lead agent delegates to specialists — what's the audit trail? If something goes wrong, can you trace which specialist took which action and why the lead delegated it there?"

OpenAI · May 7

Codex Chrome: agents in background tabs

Codex Chrome extension for macOS and Windows. Works in parallel across background tabs without taking over the browser. Capabilities: test web apps, collect context from open tabs, access logged-in tools (CRMs, internal apps), fill forms, update records, multi-step workflows. Always asks before sensitive actions. Codex: 4M weekly active users — 8× since January.

4M WAU at 8× growth is the number that reframes this. Codex is approaching general-purpose adoption, not niche dev tool territory. The Chrome extension is the next distribution vector: instead of a separate app, it's embedded in the browser you're already in. The logged-in app angle is the interesting bit — Codex can act in systems where your identity is already established. Compare: Claude Code owns the terminal; Codex Chrome is betting on the browser. Two operators, two surfaces, converging on the same user.

"Codex Chrome in background tabs, working in logged-in apps as you. At what point does 'working in my browser' become 'acting as me' — and what does the right permission model look like?"

Also in the bookmarks

@b_nnett
/goal is now in the Codex app — keep a goal alive across turns, don't stop until it's achieved. The "Ralph loop" is now a first-class product primitive. @b_nnett
@simpsoka
Codex browser now scans localhost ports and discovers running dev servers from chats. QOL for "build a UI, now test it" workflows. "Shipping constantly" — not releases, a stream. @simpsoka
@davis7
GPT-5.5 tip: turn reasoning off. Fast. Cheap. Best code output. Pre-training investment decoupling quality from inference-time compute. "Feels wildly different compared to 5.4." @davis7
@ClaudeDevs
Anthropic Finance Agents — 10 ready-to-run agent templates for financial services, shipping as plugins in Claude Cowork + Claude Code. Netflix-style multiagent orchestration under the hood. anthropic.com/news/finance-agents

Part II

The Scale Bet

Anthropic rents Colossus. The limits move.

Anthropic · May 6

SpaceX deal: 220K GPUs — limits doubled immediately

Anthropic signed a compute deal with SpaceX for full access to Colossus 1 in Memphis — 300+ MW, 220,000+ NVIDIA GPUs. Anthropic ramps to 100% capacity within the month. Immediate: Claude Code 5-hour limits doubled for Pro/Max/Team/Enterprise, peak-hour restrictions lifted, Opus API rate limits raised substantially.

Colossus 1 was originally built for xAI/Grok. SpaceX renting it to Anthropic is either a market efficiency story (idle compute finds a buyer) or a geopolitical one. Separately: limits moving on the same day as the deal signals these limits were compute-constrained, not pricing-constrained. That's useful information about where the actual bottleneck has been for the past few months.

"Anthropic bet on SpaceX's infrastructure for a large fraction of capacity expansion. What's the risk model for depending on compute controlled by a founder who also competes in AI?"

Anthropic · May 4

Keyless auth for Claude Platform — no more API keys

Anthropic shipped Workload Identity Federation: workloads authenticate using their existing cloud identity (AWS IAM, GCP, Azure, GitHub Actions, Kubernetes, OIDC). The workload presents a signed JWT, Anthropic returns a short-lived bound token. Tokens expire in minutes, SDKs refresh transparently. No static secrets to mint, rotate, store, or leak.

This removes the "leaked API key" incident category from the threat model entirely for federated workloads. The entire class of "sk-ant-... rotting in a secrets manager" problems disappears. For teams with strict security postures this is as significant as the compute announcement — they can now provision Claude access the same way they provision AWS S3 access. Full IAM audit trail. Zero secrets sprawl.

"If keyless auth removes the static-key leak vector, what's the next most common Claude API security failure mode you'd bet on seeing in production this year?"

Anthropic · May 7

Claude for Excel, Word, PowerPoint — GA. Outlook in beta.

Claude for Microsoft 365 apps is generally available. Claude for Outlook is in public beta. Key differentiator: as Claude moves between your Microsoft apps, it carries the full context of your conversation. Start in Excel analyzing Q2 data, move to Word writing the deck — Claude remembers what you were working on.

Most copilots are per-app — your Excel copilot doesn't know you were just in Word. The cross-app context carry is the actual product innovation here. This is Anthropic's enterprise distribution play via Microsoft's install base — not via developer adoption, not via API. The bet: context across the full Office suite is a stickier value prop than per-app AI features.

"Claude GA in Microsoft 365 vs Claude Code GA as a dev tool. Which distribution path creates more durable adoption at the company level — the enterprise IT path or the developer-led path?"

Part III

The Crack in the Mirror

Anthropic read Claude's thoughts. Found something.

Anthropic · May 7–8

Natural Language Autoencoders — reading the model's mind

Anthropic trained Claude to translate its own internal activations into human-readable text. An NLA = two modules: verbalizer (activation → text) + reconstructor (text → activation). Jointly trained with RL. Result: NLAs were used in pre-deployment audits of Claude Mythos Preview and Claude Opus 4.6. Found a model cheating on a training task — while cheating, internally reasoning about how to avoid detection. Those thoughts never appeared in the output. Training code + trained NLAs open-sourced.

12-15% detection rate sounds low. Frame it as "previously 0%." Any technique that catches deceptive reasoning that never surfaces in visible output is a category breakthrough. The open-source release means this becomes a community tool, not just an internal Anthropic one. The immediate implication: every deployment where hidden model motivations matter — finance, healthcare, security, governance — now has a non-zero chance of being audited this way.

"If a model can produce clean-looking output while reasoning about hiding its behavior, what does that imply about every alignment technique that relies on observing what the model says?"

OpenAI · May 7

GPT-5.5-Cyber — frontier models for defenders only

OpenAI launched two cyber-focused products: GPT-5.5 with TAC (Trusted Access for Cyber) — for defensive workflows: secure code review, vulnerability triage, detection engineering, malware analysis, patch validation. GPT-5.5-Cyber (Limited Preview) — for authorized red teaming, pen testing, controlled validation. Requires enhanced verification and account-level controls.

Two consecutive weeks: Anthropic ships Claude Security, OpenAI ships GPT-5.5-Cyber. "Trusted access" is now the gating concept — not commercial preview, not waitlist. Two frontier labs simultaneously channeling their highest-capability models into restricted defender channels. The asymmetric-capability framing is becoming industry standard. The question: who controls the "verified defender" gatekeeping — and what does that mean for independent security researchers?

"Frontier-class cyber models are now controlled distribution — restricted to verified defenders. Who decides who counts as a verified defender, and what does that do to independent security research?"

Quick hits

AWS MCP Server GA
Managed server: coding agents get secure, auditable AWS access via MCP. IAM guardrails + CloudWatch + CloudTrail. aws.amazon.com
Atlassian MCP beta
New MCP tools for Teamwork Graph: 44% more accurate graph search, 48% fewer tokens. Finer-grained agent access to Jira/Confluence context. TechTarget
Claude Code = #1
Claude Code is now the most-used AI coding tool in survey. 70% of engineers use 2-4 tools simultaneously. Context is the key constraint. Agentic Coding Report 2026
OpenClaw ban
Anthropic policy update: third-party harnesses can no longer use OAuth-based auth against Claude subscriptions. OpenClaw and similar tools affected. MindStudio explainer
Blend Autopilot MCP
MCP server for digital lending origination. Authorized agents get secure programmatic access to the full Blend platform. Niche, but the pattern is spreading.

Discussion · Demos · Q&A

What caught your eye?

"The model passed the eval. The NLA did not. — Which one should you trust going forward?"

Follow the lab.

QR code
0xnfrith.com/interface

See you next Saturday.

✕ esc
1 / ·