When enterprises fine-tune LLMs for new tasks, they risk breaking everything the models already know. This forces companies to maintain separate models for every skill.
Researchers at MIT, the Improbable AI Lab and ETH Zurich have developed a new technique that enables large language models to learn new skills and knowledge without forgetting their past capabilities.
Their technique, called self-distillation fine-tuning (SDFT), allows models to learn directly from demonstrations and their own experiments by leveraging the inherent in-context learning abilities of modern LLMs. Experiments show that SDFT consistently outperforms traditional supervised fine-tuning (SFT) while addressing the limitations of reinforcement learning algorithms.
For enterprise applications, the method enables a single model to accumulate multiple skills over time without suffering from performance regression on earlier tasks. This offers a potential pathway for building AI agents that can adapt to dynamic business environments, gathering new proprietary knowledge and skills as needed without requiring expensive retraining cycles or losing their general reasoning abilities.
Once an LLM is trained and deployed, it remains static. It does not update its parameters to acquire new skills, internalize new knowledge, or improve from experience. To build truly adaptive AI, the industry needs to solve “continual learning,” allowing systems to accumulate knowledge much like humans do throughout their careers.
The most effective way for models to learn is through “on-policy learning.” In this approach, the model learns from data it generates itself allowing it to correct its own errors and reasoning processes. This stands in contrast to learning by simply mimicking static datasets. Without on-policy learning, models are prone to “catastrophic forgetting,” a phenomenon where learning a new task causes the model to lose its past knowledge and ability to perform previous tasks.
However, on-policy learning typically requires reinforcement learning (RL), which depends on an explicit reward function to score the model’s outputs. This works well for problems with clear outcomes, such as math and coding. But in many real-world enterprise scenarios (e.g., writing a legal brief or summarizing a meeting), defining a mathematical reward function is difficult or impossible.
RL methods also often fail when trying to teach a model entirely new information, such as a specific company protocol or a new product line. As Idan Shenfeld, a doctorate student at MIT and co-author of the paper, told VentureBeat, “No matter how many times the base model tries, it cannot generate correct answers for a topic it has zero knowledge about,” meaning it never gets a positive signal to learn from.
The standard alternative is supervised fine-tuning (SFT), where the model is trained on a fixed dataset of expert demonstrations. While SFT provides clear ground truth, it is inherently “off-policy.” Because the model is just mimicking data rather than learning from its own attempts, it often fails to generalize to out-of-distribution examples and suffers heavily from catastrophic forgetting.
SDFT seeks to bridge this gap: enabling the benefits of on-policy learning using only prerecorded demonstrations, without needing a reward function.
SDFT solves this problem by using “distillation,” a process where a student model learns to mimic a teacher. The researchers’ insight was to use the model’s own “in-context learning” (ICL) capabilities to create a feedback loop within a single model.
In-context learning is the phenomenon where you provide the LLM with a difficult task and one or more demonstrations of how similar problems are solved. Most advanced LLMs are designed to solve new problems with ICL examples, without any parameter updates.
During the training cycle, SDFT employs the model in two roles.
The teacher: A frozen version of the model is fed the query along with expert demonstrations. Using ICL, the teacher deduces the correct answer and the reasoning logic required to reach it.
The student: This version sees only the query, simulating a real-world deployment scenario where no answer key is available.
When the student generates an answer, the teacher, which has access to the expert demonstrations, provides feedback. The student then updates its parameters to align closer to the teacher’s distribution.
This process effectively creates an on-policy learning loop by combining elements of SFT and RL. The supervision comes not from a static dataset, but from the model’s own interaction and outputs. It allows the model to correct its own reasoning trajectories without requiring an external reward signal. This process works even for new knowledge that RL would miss.
To validate the approach, the researchers tested SDFT using the open-weight Qwen 2.5 model on three complex enterprise-grade skills: science Q&A, software tool use, and medical reasoning.
The results showed that SDFT learned new tasks more effectively than standard methods. On the Science Q&A benchmark, the SDFT model achieved 70.2% accuracy, compared to 66.2% for the standard SFT approach.
More important for enterprise adoption is the impact on catastrophic forgetting. When the standard SFT model learned the science task, its ability to answer general questions (such as logic or humanities) collapsed. In contrast, the SDFT model improved on the science task while holding its “Previous Tasks” score steady at 64.5%. This stability suggests companies could specialize models for specific departments (e.g., HR or Legal) without degrading the model’s basic common sense or reasoning capabilities.
The team also simulated a knowledge injection scenario, creating a dataset of fictional “2025 Natural Disasters” to teach the model new facts. They tested the model on indirect reasoning questions, such as “Given the floods in 2025, which countries likely needed humanitarian aid?”
Standard SFT resulted in a model that memorized facts but struggled to use them in reasoning scenarios. The SDFT model, having internalized the logic during training, scored 98% on the same questions.
Finally, the researchers conducted a sequential learning experiment, training the model on science, tool use, and medical tasks one after another. While the standard model’s performance oscillated, losing previous skills as it learned new ones, the SDFT model successfully accumulated all three skills without regression.
This capability addresses a major pain point for enterprises currently managing “model zoos” of separate adapters for different tasks.
“We offer the ability to maintain only a single model for all the company’s needs,” Shenfeld said. This consolidation “can lead to a substantial reduction in inference costs” because organizations don’t need to host multiple models simultaneously.
The code for SDFT is available on GitHub and ready to be integrated into existing model training workflows.
“The SDFT pipeline is more similar to the RL pipeline in that it requires online response generation during training,” Shenfeld said. They are working with Hugging Face to integrate SDFT into the latter’s Transformer Reinforcement Learning (TRL) library, he added, noting that a pull request is already open for developers who want to test the integration.
For teams considering SDFT, the practical tradeoffs come down to model size and compute. The technique requires models with strong enough in-context learning to act as their own teachers — currently around 4 billion parameters with newer architectures like Qwen 3, though Shenfeld expects 1 billion-parameter models to work soon. It demands roughly 2.5 times the compute of standard fine-tuning, but is best suited for organizations that need a single model to accumulate multiple skills over time, particularly in domains where defining a reward function for reinforcement learning is difficult or impossible.
While effective, the method does come with computational tradeoffs. SDFT is approximately four times slower and requires 2.5 times more computational power (FLOPs) than standard fine-tuning because the model must actively generate its own answers (“rollouts”) during training to compare against the teacher. However, the researchers note that because the model retains knowledge better, organizations may avoid the costly multi-stage retraining processes often required to repair models that suffer from catastrophic forgetting.
The technique also relies on the underlying model being large enough to benefit from in-context learning. The paper notes that smaller models (e.g., 3 billion parameters) initially struggled because they lacked the “intelligence” to act as their own teachers.
However, Shenfeld said that the rapid improvement of small models is changing this dynamic. “The Qwen 2.5 3B models were too weak, but in some experiments we currently do, we found that the Qwen 3 4B model is strong enough,” he said. “I see a future where even 1B models have good enough ICL capabilities to support SDFT.”
Ultimately, the goal is to move beyond static snapshots toward systems that improve through use.
“Lifelong learning, together with the ability to extract learning signal from unstructured user interactions… will bring models that just keep and keep improving with time,” Shenfeld said.
“Think about the fact that already the majority of compute around the world goes into inference instead of training. We have to find ways to harness this compute to improve our models.”
The rapid viral adoption of Austrian developer Peter Steinberger’s open source AI assistant OpenClaw in recent weeks has sent enterprises and indie developers into a tizzy.
It’s easy to easy why: OpenClaw is freely available now and offers a powerful means of autonomously completing work and performing tasks across a user’s entire computer, phone, or even business with natural language prompts that spin up swarms of agents. Since its release in November 2025, it’s captured the market with over 50 modules and broad integrations — but its “permissionless” architecture raised alarms among developers and security teams.
Enter NanoClaw, a lighter, more secure version which debuted under an open source MIT License on January 31, 2026, and achieved explosive growth—surpassing 7,000 stars on GitHub in just over a week.
Created by Gavriel Cohen—an experienced software engineer who spent seven years at website builder Wix.com—the project was built to address the “security nightmare” inherent in complex, non-sandboxed agent frameworks. Cohen and his brother Lazer are also co-founders of Qwibit, a new AI-first go-to-market agency, and vice president and CEO, respectively, of Concrete Media, a respected public relations firm that often works with tech businesses covered by VentureBeat.
NanoClaw’s immediate solution to this architectural anxiety is a hard pivot toward operating system-level isolation. The project places every agent inside isolated Linux containers—utilizing Apple Containers for high-performance execution on macOS or Docker for Linux environments.
This creates a strictly “sandboxed” environment where the AI only interacts with directories explicitly mounted by the user.
While other frameworks build internal “safeguards” or application-level allowlists to block certain commands, Gavriel maintains that such defenses are inherently fragile.
“I’m not running that on my machine and letting an agent run wild,” Cohen explained during a recent technical interview. “There’s always going to be a way out if you’re running directly on the host machine. In NanoClaw, the ‘blast radius’ of a potential prompt injection is strictly confined to the container and its specific communication channel.”
The technical critique at the heart of NanoClaw’s development is one of bloat and auditability. When Cohen first evaluated OpenClaw (formerly Clawbot), he discovered a codebase approaching 400,000 lines with hundreds of dependencies.
In the fast-moving AI landscape, such complexity is an engineering hurdle and a potential liability.
“As a developer, every open source dependency that we added to our codebase, you vet. You look at how many stars it has, who are the maintainers, and if it has a proper process in place,” Cohen notes. “When you have a codebase with half a million lines of code, nobody’s reviewing that. It breaks the concept of what people rely on with open source”.
NanoClaw counters this by reducing the core logic to roughly 500 lines of TypeScript. This minimalism ensures that the entire system—from the state management to the agent invocation—can be audited by a human or a secondary AI in roughly eight minutes.
The architecture employs a single-process Node.js orchestrator that manages a per-group message queue with concurrency control.
Instead of heavy distributed message brokers, it relies on SQLite for lightweight persistence and filesystem-based IPC. This design choice is intentional: by using simple primitives, the system remains transparent and reproducible.
Furthermore, the isolation extends beyond just the filesystem. NanoClaw natively supports Agent Swarms via the Anthropic Agent SDK, allowing specialized agents to collaborate in parallel. In this model, each sub-agent in a swarm can be isolated with its own specific memory context, preventing sensitive data from leaking between different chat groups or business functions.
One of the most radical departures in NanoClaw is its rejection of the traditional “feature-rich” software model. Cohen describes NanoClaw as “AI-native” software—a system designed to be managed and extended primarily through AI interaction rather than manual configuration.
The project explicitly discourages contributors from submitting PRs that add broad features like Slack or Discord support to the main branch. Instead, they are encouraged to contribute “Skills”—modular instructions housed in .claude/skills/ that teach a developer’s local AI assistant how to transform the code.
“If you want Telegram, rip out the WhatsApp and put in Telegram,” Cohen says. “Every person should have exactly the code they need to run their agent. It’s not a Swiss Army knife; it’s a secure harness that you customize by talking to Claude Code”.
This “Skills over Features” model means that a user can run a command like /add-telegram or /add-gmail, and the AI will rewrite the local installation to integrate the new capability while keeping the codebase lean. This methodology ensures that if a user only needs a WhatsApp-based assistant, they aren’t forced to inherit the security vulnerabilities of fifty other unused modules.
This isn’t merely a theoretical experiment for the Cohen brothers. Their new AI go-to-market agency Qwibit uses NanoClaw—specifically a personal instance named “Andy”—to run its internal operations.
“Andy manages our sales pipeline for us. I don’t interact with the sales pipeline directly,” Cohen explained.
The agent provides Sunday-through-Friday briefings at 9:00 AM, detailing lead statuses and assigning tasks to the team.
The utility lies in the friction-less capture of data. Throughout the day, Lazer and Gavriel forward messy WhatsApp notes or email threads into their admin group.
Andy parses these inputs, updates the relevant files in an Obsidian vault or SQLite database, and sets automated follow-up reminders.
Because the agent has access to the codebase, it can also be tasked with recurring technical jobs, such as reviewing git history for “documentation drift” or refactoring its own functions to improve ergonomics for future agents.
As the pace of change accelerates in early 2026, technical decision-makers are faced with a fundamental choice between convenience and control. For AI engineers focused on rapid deployment, NanoClaw offers a blueprint for what Cohen calls the “best harness” for the “best model”.
By building on top of the Claude Agent SDK, NanoClaw provides a pathway to leverage state-of-the-art models (like Opus 4.6) within a framework that a lean engineering team can actually maintain and optimize.
From the perspective of orchestration engineers, NanoClaw’s simplicity is its greatest asset for building scalable, reliable pipelines.
Traditional, bloated frameworks often introduce budget-draining overhead through complex microservices and message queues.
NanoClaw’s container-first approach allows for the implementation of advanced AI technologies—including autonomous swarms—without the resource constraints and “technical debt” associated with 400,000-line legacy systems.
Perhaps most critically, for security leaders, NanoClaw addresses the “multiple responsibilities” of incident response and organizational protection.
In an environment where prompt injection and data exfiltration are evolving daily, a 500-line auditable core is far safer than a generic system trying to support every use case.
“I recommend you send the repository link to your security team and ask them to audit it,” Cohen advises. “They can review it in an afternoon—not just read the code, but whiteboard the entire system, map out the attack vectors, and verify it’s safe”.
Ultimately, NanoClaw represents a shift in the AI developer mindset. It is an argument that as AI becomes more powerful, the software that hosts it should become simpler. In the race to automate the enterprise, the winners may not be those who adopt the most features, but those who build upon the most transparent and secure foundations.
Presented by Cisco
AI agents are breaking traditional IT operations models, adding complexity, data silos, and fragmented workflows. DJ Sampath, Cisco’s SVP of AI Software and Platform, believes that AgenticOps is the solution: a new operational paradigm where humans and AI collaborate in real time to create efficiency, boost security, and allow for innovative technological applications.
In a recent conversation with VentureBeat, Sampath outlined why current enterprise IT management is fundamentally breaking and what makes AgenticOps not just useful, but necessary for IT operations going forward.
The core problem plaguing enterprise IT today is fragmentation, Sampath said.
“A lot of times inside of these enterprises, data is sitting across multiple different silos,” he explained. “For an operator to come in and start troubleshooting something, they have to go through many different dashboards, many different products, and that results in an increasing amount of time spent trying to figure out what is where before they can actually get to the root cause of an issue.”
This challenge is about to intensify dramatically. As AI agents become ubiquitous within enterprises, the complexity will multiply exponentially.
“Every single person is going to have at least 10 or more agents that are working on their behalf doing different types of things,” Sampath said. “This problem is only going to be tenfold, if not a hundredfold worse when you start to think about what’s really happening with the inclusion of agents.”
To address these challenges, Cisco has developed its AgenticOps capabilities around three fundamental design principles that Sampath believes must be true for this new operational model to succeed.
First, unified data access across silos. The platform must bring together disparate data sources: network data, security data, application data, and infrastructure data.
“Bringing all of that stuff together is going to be incredibly important so that the agents that you are deploying to do work on your behalf can seamlessly connect the dots across the board,” Sampath said.
Second, multiplayer-first design. AgenticOps must be fundamentally collaborative from the ground up, enabling IT operations, security operations, network operations teams — and agents — to work together seamlessly.
“When you bring the IT ops person, the SecOps person, the NetOps person all together, you can troubleshoot and debug issues a whole lot faster than if you’re working in silos and copy pasting things back and forth,” he explained. “It’s humans and agents working together in a synchronous environment.”
Third, purpose-built AI models. While general-purpose AI models excel at broad tasks, specialized operations require models trained for specific domains.
“When you start to go into specializations, it becomes really important for these models to understand very specific things like network configuration or thread models that you care about and needs to be able to reason about that,” he said.
Cisco’s approach unites telemetry, intelligence, and collaboration into a single coherent platform. Cisco AI Canvas is an operations workspace that replaces multiple dashboards with a generative UI and a unified collaborative experience. Within AI Canvas, operators can use natural language to delegate actions to agents — pulling telemetry, correlating signals, testing hypotheses, and executing changes — while maintaining human-in-the-loop control.
The reasoning capabilities come from Cisco’s Deep Network Model, trained on over 40 years of operational data including CCIE expertise, production telemetry, Cisco’s Technical Assistance Center (TAC), and Customer Experience (CX) insights. This purpose-built model delivers domain-specific intelligence that general-purpose models cannot match.
Cisco’s platform spans campus, branch, cloud, and edge environments, allowing agents to consume telemetry across the entire ecosystem at machine speed, including Meraki, ThousandEyes, and Splunk. With MCP servers implemented across Cisco products, agents gain standardized access to tools and data without custom integration work.
The traditional approach to IT troubleshooting involves raising tickets and piecing together fragmenting information across multiple systems.
“People take screenshots. Sometimes it’s in Post-it notes,” Sampath said. “All of this information stays in completely different channels so it becomes really hard for somebody to start collecting them together.”
Cisco AI Canvas addresses this by giving teams one shared, real-time workspace for the work at hand — so context doesn’t get scattered across chats, tickets and screen shares. Teams can collaborate live, escalate instantly, and contribute context (such as screenshots and notes) alongside the agent’s generated charts and graphs. But the real power emerges when AI agents join these collaborative sessions.
“The machines are constantly learning from these human to machine interactions,” Sampath explained. “When you see that same problem happen again, you are that much faster in responding because the machines can assist you.”
This creates a virtuous cycle of continuous improvement, where the agent asks if you’d like to continue using the same approach as last time, for example, and you’re able to hand over more work to the agent. And the time spent debugging gets compressed as the system learns and accelerates future responses.
Historically security has been considered a roadblock to adoption and even innovation. But with the right guardrails, organizations can confidently deploy AI at scale, and even accelerate it.
Employees have already experienced the productivity gains of tools like ChatGPT and want similar capabilities within their enterprise environments. When organizations can detect personally identifiable information, prevent prompt injection attacks, and maintain proper data governance, they can unlock and unleash the AI adoption inside of the enterprise in a fundamentally different fashion.
Cross-domain data access presents one of the most complex challenges in AgenticOps implementation. Cisco’s strategic acquisitions, particularly Splunk, position the company to address this, unifying data across traditionally disconnected systems. But bringing data together is only half the battle, since who has access to what data becomes vitally important.
Cisco is evolving its Duo platform beyond multi-factor authentication to serve as a comprehensive identity provider, with robust identity and access management baked into the platform from the beginning, not bolted on as an afterthought.
“We’re investing in identity as a very core pillar of how these agents are going to be able to pull data from different data sources with the right authorization in mind,” explains Sampath. “Should this agent have access to this type of data? Should you be correlating these types of data together to be able to solve a problem?”
As AI agents become more autonomous, the role of humans will evolve rather than disappear.
“We’re always going to have humans in the loop,” Sampath said. “What you’re going to see is the complexity of the tasks that are being performed are going to be a lot more involved.”
Take coding as an example, which today can be entirely agentic. The human role has shifted from manual coding, or even tab completion, to asking an agent to create code wholesale, and then verifying that it meets requirements before merging it into the codebase. This pattern will repeat across IT operations, with humans focusing on higher-level decision-making while agents handle execution. Importantly, rollback capabilities ensure that even autonomous actions can be reversed if needed.
For CIOs and CTOs, the message is clear: don’t wait.
“A lot of folks are in this holding pattern of waiting and watching,” Sampath said. “They’re waiting for AI to settle down before they make some of their decisions. And I think that is the wrong way to think about this. A partnership with the right groups of people, with the right sets of vendors, is going to help you go a whole lot faster, as opposed to trying to just stay on the fence, trying to figure out what’s right and what’s wrong.”
Sponsored articles are content produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. For more information, contact sales@venturebeat.com.
Until recently, the practice of building AI agents has been a bit like training a long-distance runner with a thirty-second memory.
Yes, you could give your AI models tools and instructions, but after a few dozen interactions — several laps around the track, to extend our running analogy — it would inevitably lose context and start hallucinating.
With OpenAI’s latest updates to its Responses API — the application programming interface that allows developers on OpenAI’s platform to access multiple agentic tools like web search and file search with a single call — the company is signaling that the era of the limited agent is waning.
The updates announced today include Server-side Compaction, Hosted Shell Containers, and a new “Skills” standard for agents.
With these three major updates, OpenAI is effectively handing agents a permanent desk, a terminal, and a memory that doesn’t fade and should help agents evolve furhter into reliable, long-term digital workers.
The most significant technical hurdle for autonomous agents has always been the “clutter” of long-running tasks. Every time an agent calls a tool or runs a script, the conversation history grows.
Eventually, the model hits its token limit, and the developer is forced to truncate the history—often deleting the very “reasoning” the agent needs to finish the job.
OpenAI’s answer is Server-side Compaction. Unlike simple truncation, compaction allows agents to run for hours or even days.
Early data from e-commerce platform Triple Whale suggests this is a breakthrough in stability: their agent, Moby, successfully navigated a session involving 5 million tokens and 150 tool calls without a drop in accuracy.
In practical terms, this means the model can “summarize” its own past actions into a compressed state, keeping the essential context alive while clearing the noise. It transforms the model from a forgetful assistant into a persistent system process.
The introduction of the Shell Tool moves OpenAI into the realm of managed compute. Developers can now opt for container_auto, which provisions an OpenAI-hosted Debian 12 environment.
This isn’t just a code interpreter: it gives each agent its own full terminal environment pre-loaded with:
Native execution environments including Python 3.11, Node.js 22, Java 17, Go 1.23, and Ruby 3.1.
Persistent storage via /mnt/data, allowing agents to generate, save, and download artifacts.
Networking capabilities that allow agents to reach out to the internet to install libraries or interact with third-party APIs.
The Hosted Shell and its persistent /mnt/data storage provide a managed environment where agents can perform complex data transformations using Python or Java without requiring the team to build and maintain custom ETL (Extract, Transform, Load) middleware for every AI project.
By leveraging these hosted containers, data engineers can implement high-performance data processing tasks while minimizing the “multiple responsibilities” that come with managing bespoke infrastructure, removing the overhead of building and securing their own sandboxes. OpenAI is essentially saying: “Give us the instructions; we’ll provide the computer.”
While OpenAI is racing toward a unified agent orchestration stack, it faces a significant philosophical challenge from Anthropic’s Agent Skills.
Both companies have converged on a remarkably similar file structure — using a SKILL.md (markdown) manifest with YAML frontmatter — but their underlying strategies reveal divergent visions for the future of work.
OpenAI’s approach prioritizes a “programmable substrate” optimized for developer velocity. By bundling the shell, the memory, and the skills into the Responses API, they offer a “turnkey” experience for building complex agents rapidly.
Already, enterprise AI search startup Glean reported a jump in tool accuracy from 73% to 85% by using OpenAI’s Skills framework.
In contrast, Anthropic has launched Agent Skills as an independent open standard (agentskills.io).
While OpenAI’s system is tightly integrated into its own cloud infrastructure, Anthropic’s skills are designed for portability. A skill built for Claude can theoretically be moved to VS Code, Cursor, or any other platform that adopts the specification.
Indeed, the hit new open source AI agent OpenClaw adopted this exact SKILL.md manifest and folder-based packaging, allowing it to inherit a wealth of specialized procedural knowledge originally designed for Claude.
This architectural compatibility has fueled a community-driven “skills boom” on platforms like ClawHub, which now hosts over 3,000 community-built extensions ranging from smart home integrations to complex enterprise workflow automations.
This cross-pollination demonstrates that the “Skill” has become a portable, versioned asset rather than a vendor-locked feature. Because OpenClaw supports multiple models — including OpenAI’s GPT-5 series and local Llama instances — developers can now write a skill once and deploy it across a heterogeneous landscape of agents.
For technical decision-makers, this open standard is turning into the industry’s preferred way to externalize and share “agentic knowledge,” moving past proprietary prompts toward a shared, inspectable, and interoperable infrastructure.
But there is another important distinction between OpenAI’s and Anthropic’s “Skills.”
OpenAI uses Server-side Compaction to manage the active state of a long-running session. Anthropic utilizes Progressive Disclosure, a three-level system where the model is initially only aware of skill names and descriptions.
Full details and auxiliary scripts are only loaded when the task specifically requires them. This allows for massive skill libraries—brand guidelines, legal checklists, and code templates—to exist without overwhelming the model’s working memory.
For engineers focused on “rapid deployment and fine-tuning,” the combination of Server-side Compaction and Skills provides a massive productivity boost
Instead of building custom state management for every agent run, engineers can leverage built-in compaction to handle multi-hour tasks.
Skills allow for “packaged IP,” where specific fine-tuning or specialized procedural knowledge can be modularized and reused across different internal projects.
For those tasked with moving AI from a “chat box” into a production-grade workflow—OpenAI’s announcement marks the end of the “bespoke infrastructure” era.
Historically, orchestrating an agent required significant manual scaffolding: developers had to build custom state-management logic to handle long conversations and secure, ephemeral sandboxes to execute code.
The challenge is no longer “How do I give this agent a terminal?” but “Which skills are authorized for which users?” and “How do we audit the artifacts produced in the hosted filesystem?” OpenAI has provided the engine and the chassis; the orchestrator’s job is now to define the rules of the road.
For security operations (SecOps) managers, giving an AI model a shell and network access is a high-stakes evolution. OpenAI’s use of Domain Secrets and Org Allowlists provides a defense-in-depth strategy, ensuring that agents can call APIs without exposing raw credentials to the model’s context.
But as agents become easier to deploy via “Skills,” SecOps must be vigilant about “malicious skills” that could introduce prompt injection vulnerabilities or unauthorized data exfiltration paths.
OpenAI is no longer just selling a “brain” (the model); it is selling the “office” (the container), the “memory” (compaction), and the “training manual” (skills). For enterprise leaders, the choice is becoming clear:
Choose OpenAI if you need an integrated, high-velocity environment for long-running autonomous work.
Choose Anthropic if your organization requires model-agnostic portability and an open ecosystem standard.
Ultimately, the announcements signal that AI is moving out of the chat box and into the system architecture, turning “prompt spaghetti” into maintainable, versioned, and scalable business workflows.
Presented by EdgeVerveBefore addressing Global Business Services (GBS), let’s take a step back. Can agentic AI, the type of AI able to take goal-driven action, transform not just GBS but any kind of enterprise? And has it done so yet? As with many new …
Fraud protection is a race against scale.
For instance, Mastercard’s network processes roughly 160 billion transactions a year, and experiences surges of 70,000 transactions a second during peak periods (like the December holiday rush). Finding the fraudulent purchases among those — without chasing false alarms — is an incredible task, which is why fraudsters have been able to game the system.
But now, sophisticated AI models can probe down to individual transactions, pinpointing the ones that seem suspicious — in milliseconds’ time. This is the heart of Mastercard’s flagship fraud platform, Decision Intelligence Pro (DI Pro).
“DI Pro is specifically looking at each transaction and the risk associated with it,” Johan Gerber, Mastercard’s EVP of security solutions, said in a recent VB Beyond the Pilot podcast. “The fundamental problem we’re trying to solve here is assessing in real time.”
Mastercard’s DI Pro was built for latency and speed. From the moment a consumer taps a card or clicks “buy,” that transaction flows through Mastercard’s orchestration layer, back onto the network, and then on to the issuing bank. Typically, this occurs in less than 300 milliseconds.
Ultimately, the bank makes the approve-or-decline decision, but the quality of that decision depends on Mastercard’s ability to deliver a precise, contextualized risk score based on whether the transaction could be fraudulent. Complicating this whole process is the fact that they’re not looking for anomalies, per se; they’re looking for transactions that, by design, are similar to consumer behavior.
At the core of DI Pro is a recurrent neural network (RNN) that Mastercard refers to as an “inverse recommender” architecture. This treats fraud detection as a recommendation problem; the RNN performs a pattern completion exercise to identify how merchants relate to one another.
As Gerber explained: “Here’s where they’ve been before, here’s where they are right now. Does this make sense for them? Would we have recommended this merchant to them?”
Chris Merz, SVP of data science at MasterCard, explained that the fraud problem can be broken down into two sub components: A user’s pattern behavior and a fraudster’s pattern behavior. “And we’re trying to tease those two things out,” he said.
Another “neat technique,” he said, is how Mastercard approaches data sovereignty, or when data is subject to the laws and governance structures in the region where it is collected, processed, or stored. To keep data “on soil,” the company’s fraud team relies on aggregated, “completely anonymized” data that is not sensitive to any privacy concerns and thus can be shared with models globally.
“So you still can have the global patterns influencing every local decision,” said Gerber. “We take a year’s worth of knowledge and squeeze it into a single transaction in 50 milliseconds to say yes or no, this is good or this is bad.”
While AI is helping financial companies like Mastercard, it’s helping fraudsters, too; now, they’re able to rapidly develop new techniques and identify new avenues to exploit.
Mastercard is fighting back by engaging cyber criminals on their turf. One way they’re doing so is by using “honeypots,” or artificial environments meant to essentially “trap” cyber criminals. When threat actors think they’ve got a legitimate mark, AI agents engage with them in the hopes of accessing mule accounts used to funnel money. That becomes “extremely powerful,” Gerber said, because defenders can apply graph techniques to determine how and where mule accounts are connected to legitimate accounts.
Because in the end, to get their payout, scammers need a legitimate account somewhere, linked to mule accounts, even if it’s cloaked 10 layers down. When defenders can identify these, they can map global fraud networks.
“It’s a wonderful thing when we take the fight to them, because they cause us enough pain as it is,” Gerber said.
Listen to the podcast to learn more about:
How Mastercard created a “malware sandbox” with Recorded Future;
Why a data science engineering requirements document (DSERD) was essential to align four separate engineering teams;
The importance of “relentless prioritization” and tough decision-making to move beyond “a thousand flowers blooming” to projects that actually have a strong business impact;
Why successful AI deployment should incorporate three phases: ideation, activation, and implementation — but many enterprises skip the second step.
Listen and subscribe to Beyond the Pilot on Spotify, Apple or wherever you get your podcasts.
Today’s AI challenge is about agent coordination, context, and collaboration. How do you enable them to truly think together, with all the contextual understanding, negotiation, and shared purpose that entails? It’s a critical next step toward a new kind of distributed intelligence that keeps humans firmly in the loop.
At the latest stop on VentureBeat’s AI Impact Series, Vijoy Pandey, SVP and GM of Outshift by Cisco, and Noah Goodman, Stanford professor and co-founder of Humans&, sat down to talk about how to move beyond agents that just connect to agents that are steeped in collective intelligence.
The core challenge, Pandey said, is that “agents today can connect together, but they can’t really think together.”
While protocols like MCP and A2A have solved basic connectivity, and AGNTCY tackles the problems of discovery, identity management to inter-agent communication and observability, they’ve only addressed the equivalent of making a phone call between two people who don’t speak the same language. But Pandey’s team has identified something deeper than technical plumbing: the need for agents to achieve collective intelligence, not just coordinated actions.
To understand where multi-agent AI needs to go, both speakers pointed to the history of human intelligence. While humans became individually intelligent roughly 300,000 years ago, true collective intelligence didn’t emerge until around 70,000 years ago with the advent of sophisticated language.
This breakthrough enabled three critical capabilities: shared intent, shared knowledge, and collective innovation.
“Once you have a shared intent, a shared goal, you have a body of knowledge that you can modify, evolve, build upon, you can then go towards collective innovation,” Pandey said.
Goodman, whose work bridges computer science and psychology, explained that language is far more than just encoding and decoding information.
“Language is this kind of encoding that requires understanding the context, the intention of the speaker, the world, how that affects what people will say in order to figure out what people mean,” he said.
This sophisticated understanding is what scaffolds human collaboration and cumulative cultural evolution, and it’s what is currently missing from agent-to-agent interaction.
“We have to mimic human evolution,” Pandey explained. “In addition to agents getting smarter and smarter, just like individual humans, we need to build infrastructure that enables collective innovation, which implies sharing intent, coordination, and then sharing knowledge or context and evolving that context.”
Pandey calls it the Internet of Cognition: a three-layer architecture designed to enable collective thinking among heterogeneous agents:
Protocol layer: Beyond basic connectivity, these protocols enable understanding, handling intent sharing, coordination, negotiation, and discovery between agents from different vendors and organizations.
Fabric layer: A shared memory system that allows agents to build and evolve collective context, with emergent properties arising from their interactions.
Cognition engine layer: Accelerators and guardrails that help agents think faster while operating within necessary constraints around compliance, security, and cost.
The difficulty is that organizations need to build collective intelligence across organizational boundaries.
“Think about shared memory in a heterogeneous way,” Pandey said. “We have agents from different parties coming together. So how do you evolve that memory and have emergent properties?”
At Humans&, rather than relying solely on additional protocols, Goodman’s team is fundamentally changing how foundation models are trained not only between a human and an agent, but between a human and multiple agents, and especially between an agent and multiple humans.
“By changing the training that we give to the foundation models and centering the training over extremely long horizon interactions, they’ll come to understand how interactions should proceed in order to achieve the right long-term outcomes,” he said.
And, he adds, it’s a deliberate divergence from the longer-autonomy path pursued by many large labs.
“Our goal is not longer and longer autonomy. It’s better and better collaboration,” he said. “Humans& is building agents with deep social understanding: entities that know who knows what, can foster collaboration, and put the right specialists in touch at the right time.”
Guardrails remain a central challenge in deploying multi-functional agents that touch every part of an organization’s system. The question is how to enforce boundaries without stifling innovation. Organizations need strict, rule-like guardrails, but humans don’t actually work that way. Instead, people operate on a principle of minimal harm, or thinking ahead about consequences and making contextual judgments.
“How do we provide the guardrails in a way which is rule-like, but also supports the outcome-based cognition when the models get smart enough for that?” Goodman asked.
Pandey extended this thinking to the reality of innovation teams that need to apply the rules with judgment, not just follow them mechanically. Figuring out what’s open to interpretation is a “very collaborative task,” he said. “And you don’t figure that out through a set of predicates. You don’t figure that out through a document. You figure that out through common understanding and grounding and discovery and negotiation.”
True superintelligence won’t come from increasingly powerful individual models, but from distributed systems.
“While we build better and better models, and better and better agents, eventually we feel that true super intelligence will happen through distributed systems,” Pandey said
Intelligence will scale along two axes, both vertical, or better individual agents, and horizontal, or more collaborative networks, in a manner very similar to traditional distributed computing.
However, said Goodman, “We can’t move towards a future where the AIs go off and work by themselves. We have to move towards a future where there’s an integrated ecosystem, a distributed ecosystem that seamlessly merges humans and AI together.”
The “OpenClaw moment” represents the first time autonomous AI agents have successfully “escaped the lab” and moved into the hands of the general workforce.
Originally developed by Austrian engineer Peter Steinberger as a hobby project called “Clawdbot” in November 2025, the framework went through a rapid branding evolution to “Moltbot” before settling on “OpenClaw” in late January 2026.
Unlike previous chatbots, OpenClaw is designed with “hands”—the ability to execute shell commands, manage local files, and navigate messaging platforms like WhatsApp and Slack with persistent, root-level permissions.
This capability — and the uptake of what was then called Moltbot by many AI power users on X — directly led another entrepreneur, Matt Schlicht, to develop Moltbook, a social network where thousands of OpenClaw-powered agents autonomously sign up and interact.
The result has been a series of bizarre, unverified reports that have set the tech world ablaze: agents reportedly forming digital “religions” like Crustafarianism, hiring human micro-workers for digital tasks on another website, “Rentahuman,” and in some extreme unverified cases, attempting to lock their own human creators out of their credentials.
For IT leaders, the timing is critical. This week, the release of Claude Opus 4.6 and OpenAI’s Frontier agent creation platform signaled that the industry is moving from single agents to “agent teams.”
Simultaneously, the “SaaSpocalypse“—a massive market correction that wiped over $800 billion from software valuations—has proven that the traditional seat-based licensing model is under existential threat.
So how should enterprise technical decision-makers think through this fast-moving start to the year, and how can they start to understand what OpenClaw means for their businesses? I spoke to a small group of leaders at the forefront of enterprise AI adoption this week to get their thoughts. Here’s what I learned:
The prevailing wisdom once suggested that enterprises needed massive infrastructure overhauls and perfectly curated data sets before AI could be useful. The OpenClaw moment has shattered that myth, proving that modern models can navigate messy, uncurated data by treating “intelligence as a service.”
“The first takeaway is the amount of preparation that we need to do to make AI productive,” says Tanmai Gopal, Co-founder & CEO at PromptQL, a well-funded enterprise data engineering and consulting firm. “There is a surprising insight there: you actually don’t need to do too much preparation. Everybody thought we needed new software and new AI-native companies to come and do things. It will catalyze more disruption as leadership realizes that we don’t actually need to prep so much to get AI to be productive. We need to prep in different ways. You can just let it be and say, ‘go read all of this context and explore all of this data and tell me where there are dragons or flaws.'”
“The data is already there,” agreed Rajiv Dattani, co-founder of AIUC (the AI Underwriting Corporation), which has developed the AIUC-1 standard for AI agents as part of a consortium with leaders from Anthropic, Google, CISCO, Stanford and MIT. “But the compliance and the safeguards, and most importantly, the institutional trust is not. How can you ensure your agentic systems don’t go off and go full MechaHitler and start offending people or causing problems?”
Hence why Dattani’s company, AUIC, provides a certification standard, AIUC-1, that enterprises can put agents through in order to obtain insurance that backs them up in event they do cause problems. Without putting OpenClaw agents or other similar agents through such a process, enterprises are likely less ready to accept the consequences and costs of autonomy gone awry.
With OpenClaw amassing over 160,000 GitHub stars, employees are deploying local agents through the back door to stay productive.
This creates a “Shadow IT” crisis where agents often run with full user-level permissions, potentially creating backdoors into corporate systems (as Wharton School of Business Professor Ethan Mollick has written, many employees are secretly adopting AI to get ahead at work and obtain more leisure time, without informing superiors or the organization).
Now, executives are actually observing this trend in realtime as employees deploy OpenClaw on work machines without authorization.
“It’s not an isolated, rare thing; it’s happening across almost every organization,” warns Pukar Hamal, CEO & Founder of enterprise AI security diligence firm SecurityPal. “There are companies finding engineers who have given OpenClaw access to their devices. In larger enterprises, you’re going to notice that you’ve given root-level access to your machine. People want tools so tools can do their jobs, but enterprises are concerned.”
Brianne Kimmel, Founder & Managing Partner of venture capital firm Worklife Ventures, views this through a talent-retention lens. “People are trying these on evenings and weekends, and it’s hard for companies to ensure employees aren’t trying the latest technologies. From my perspective, we’ve seen how that really allows teams to stay sharp. I have always erred on the side of encouraging, especially early-career folks, to try all of the latest tools.”
The 2026 “SaaSpocalypse” saw massive value erased from software indices as investors realized agents could replace human headcount.
If an autonomous agent can perform the work of dozens of human users, the traditional “per-seat” business model becomes a liability for legacy vendors.
“If you have AI that can log into a product and do all the work, why do you need 1,000 users at your company to have access to that tool?” Hamal asks. “Anyone that does user-based pricing—it’s probably a real concern. That’s probably what you’re seeing with the decay in SaaS valuations, because anybody that is indexed to users or discrete units of ‘jobs to be done’ needs to rethink their business model.”
The release of Claude Opus 4.6 and OpenAI’s Frontier this week already signals a shift from single agents to coordinated “agent teams.”
In this environment, the volume of AI-generated code and content is so high that traditional human-led review is no longer physically possible.
“Our senior engineers just cannot keep up with the volume of code being generated; they can’t do code reviews anymore,” Gopal notes. “Now we have an entirely different product development lifecycle where everyone needs to be trained to be a product person. Instead of doing code reviews, you work on a code review agent that people maintain. You’re looking at software that was 100% vibe-coded… it’s glitchy, it’s not perfect, but dude, it works.”
“The productivity increases are impressive,” Dattani concurred. “It’s clear that we are at the onset of a major shift in business globally, but each business will need to approach that slightly differently depending on their specific data security and safety requirements. Remember that even while you’re trying to outdo your competition, they are bound by the same rules and regulations as you — and it’s worth it to take time to get it right, start small, don’t try to do too much at once.”
The experts I spoke to all see a future where “vibe working” becomes the norm.
Local, personality-driven AI—including through voice interfaces like Wispr or ElevenLabs powered OpenClaw agents—will become the primary interface for work, while agents handle the heavy lifting of international expansion.
“Voice is the primary interface for AI; it keeps people off their phones and improves quality of life,” says Kimmel. “The more you can give AI a personality that you’ve uniquely designed, the better the experience. Previously, you’d need to hire a GM in a new country and build a translation team. Now, companies can think international from day one with a localized lens.”
Hamal adds a broader perspective on the global stakes: “We have knowledge worker AGI. It’s proven it can be done. Security is a concern that will rate-limit enterprise adoption, which means they’re more vulnerable to disruption from the low end of the market who don’t have the same concerns.”
As OpenClaw and similar autonomous frameworks proliferate, IT departments must move beyond blanket bans toward structured governance. Use the following checklist to manage the “Agentic Wave” safely:
Implement Identity-Based Governance: Every agent must have a strong, attributable identity tied to a human owner or team. Use frameworks like IBC (Identity, Boundaries, Context) to track who an agent is and what it is allowed to do at any moment.
Enforce Sandbox Requirements: Prohibit OpenClaw from running on systems with access to live production data. All experimentation should occur in isolated, purpose-built sandboxes on segregated hardware.
Audit Third-Party “Skills”: Recent reports indicate nearly 20% of skills in the ClawHub registry contain vulnerabilities or malicious code. Mandate a “white-list only” policy for approved agent plugins.
Disable Unauthenticated Gateways: Early versions of OpenClaw allowed “none” as an authentication mode. Ensure all instances are updated to current versions where strong authentication is mandatory and enforced by default.
Monitor for “Shadow Agents”: Use endpoint detection tools to scan for unauthorized OpenClaw installations or abnormal API traffic to external LLM providers.
Update AI Policy for Autonomy: Standard Generative AI policies often fail to address “agents.” Update policies to explicitly define human-in-the-loop requirements for high-risk actions like financial transfers or file system modifications.
OpenAI on Wednesday released GPT-5.3-Codex, which the company calls its most capable coding agent to date, in an announcement timed to land at the exact same moment Anthropic unveiled its own flagship model upgrade, Claude Opus 4.6. The synchronized launches mark the opening salvo in what industry observers are calling the AI coding wars — a high-stakes battle to capture the enterprise software development market.
The dueling announcements came amid an already heated week between the two AI giants, who are also set to air competing Super Bowl advertisements on Sunday, and whose executives have been trading barbs publicly over business models, access, and corporate ethics.
“I love building with this model; it feels like more of a step forward than the benchmarks suggest,” OpenAI CEO Sam Altman wrote on X minutes after the launch. He later added: “It was amazing to watch how much faster we were able to ship 5.3-Codex by using 5.3-Codex, and for sure this is a sign of things to come.”
That claim — that the model helped build itself — is a significant milestone in AI development. According to OpenAI’s announcement, the Codex team used early versions of GPT-5.3-Codex to debug its own training runs, manage deployment infrastructure, and diagnose test results and evaluations. The company describes it as “our first model that was instrumental in creating itself.”
The new model posts substantial gains across multiple industry benchmarks. GPT-5.3-Codex achieves 57% on SWE-Bench Pro, a rigorous evaluation of real-world software engineering that spans four programming languages and tests contamination-resistant, industrially relevant challenges. It scores 77.3% on Terminal-Bench 2.0, which measures the terminal skills essential for coding agents, and 64% on OSWorld, an agentic computer-use benchmark where models must complete productivity tasks in visual desktop environments.
The Terminal-Bench 2.0 result is particularly striking. According to performance data released Wednesday, GPT-5.3-Codex scored 77.3% compared to GPT-5.2-Codex’s 64.0% and the base GPT-5.2 model’s 62.2% — a 13-percentage-point leap in a single generation. One user on X noted that the score “absolutely demolished” Anthropic’s Opus 4.6, which reportedly achieved 65.4% on the same benchmark.
OpenAI also claims the model accomplishes these results with dramatically improved efficiency: less than half the tokens of its predecessor for equivalent tasks, plus more than 25% faster inference per token.
“Notably, GPT-5.3-Codex does so with fewer tokens than any prior model, letting users simply build more,” the company stated in its announcement.
Perhaps more significant than the benchmark improvements is OpenAI’s positioning of GPT-5.3-Codex as a model that transcends pure coding. The company explicitly states that “Codex goes from an agent that can write and review code to an agent that can do nearly anything developers and professionals can do on a computer.”
This expanded capability set includes debugging, deploying, monitoring, writing product requirement documents, editing copy, conducting user research, building slide decks, and analyzing data in spreadsheet applications. The model shows strong performance on GDPVal, an OpenAI evaluation released in 2025 that measures performance on well-specified knowledge-work tasks across 44 occupations.
The expansion signals OpenAI’s ambition to capture not just the developer tools market but the broader enterprise productivity software space — a market that includes established players like Microsoft, Salesforce, and ServiceNow, all of whom are racing to embed AI agents into their platforms.
The pivot toward general-purpose computing brings new security considerations. In a notable disclosure, OpenAI revealed that GPT-5.3-Codex is the first model it classifies as “High capability” for cybersecurity-related tasks under its Preparedness Framework, and the first directly trained to identify software vulnerabilities.
“While we don’t have definitive evidence it can automate cyber attacks end-to-end, we’re taking a precautionary approach and deploying our most comprehensive cybersecurity safety stack to date,” the company stated. Mitigations include dual-use safety training, automated monitoring, trusted access for advanced capabilities, and enforcement pipelines incorporating threat intelligence.
Altman highlighted this development on X: “This is our first model that hits ‘high’ for cybersecurity on our preparedness framework. We are piloting a Trusted Access framework, and committing $10 million in API credits to accelerate cyber defense.”
The company is also expanding the private beta of Aardvark, its security research agent, and partnering with open-source maintainers to provide free codebase scanning for widely used projects. OpenAI cited Next.js as an example where a security researcher used Codex to discover vulnerabilities disclosed last week.
The cybersecurity announcement, however, has been overshadowed by the increasingly personal nature of the OpenAI-Anthropic rivalry. The timing of Wednesday’s release cannot be understood without the context of OpenAI’s intensifying competition with Anthropic, the AI safety-focused startup founded in 2021 by former OpenAI researchers, including Dario and Daniela Amodei.
Both companies scheduled major product announcements for 10 a.m. Pacific Time today. Anthropic unveiled Claude Opus 4.6, which it describes as its “smartest model” that “plans more carefully, sustains agentic tasks for longer, operates reliably in massive codebases, and catches its own mistakes.”
The head-to-head timing follows a week of escalating tensions. Anthropic announced it will air Super Bowl advertisements mocking OpenAI’s recent decision to begin testing ads within ChatGPT for free users.
Altman responded with unusual directness, calling the advertisements “funny” but “clearly dishonest” in an extensive X post.
“We would obviously never run ads in the way Anthropic depicts them. We are not stupid and we know our users would reject that,” Altman wrote. “I guess it’s on brand for Anthropic doublespeak to use a deceptive ad to critique theoretical deceptive ads that aren’t real, but a Super Bowl ad is not where I would expect it.”
He went further, characterizing Anthropic as an “authoritarian company” that “wants to control what people do with AI.”
“Anthropic serves an expensive product to rich people,” Altman wrote. “More Texans use ChatGPT for free than total people use Claude in the US, so we have a differently-shaped problem than they do.”
The public sparring masks a deadly serious business competition. The rivalry plays out against a backdrop of explosive enterprise AI adoption, where both companies are fighting for position in a rapidly expanding market.
According to survey data from Andreessen Horowitz released this week, enterprise spending on large language models has dramatically outpaced even bullish projections. Average enterprise LLM spending reached $7 million in 2025, 180% higher than 2024’s actual spending of $2.5 million — and 56% above what enterprises had projected for 2025 just a year earlier. Spending is projected to reach $11.6 million per enterprise in 2026, a further 65% increase.
The a16z data reveals shifting market dynamics that help explain the intensity of the competition. OpenAI maintains the largest average share of enterprise AI wallet, but that share is shrinking — from 62% in 2024 to a projected 53% in 2026. Anthropic’s share, meanwhile, has grown from 14% to a projected 18% over the same period, with Google showing similar gains.
Enterprise adoption patterns tell a more nuanced story. While OpenAI leads in overall usage, only 46% of surveyed OpenAI customers are using its most capable models in production, compared to 75% for Anthropic and 76% for Google. When including testing environments, 89% of Anthropic customers are testing or using the company’s most capable models — the highest rate among major providers.
For software development specifically — one of the primary use cases for both companies’ coding agents — the a16z survey shows OpenAI with approximately 35% market share, with Anthropic claiming a substantial and growing portion of the remainder.
These market dynamics explain why both companies are positioning themselves as platforms rather than mere model providers. OpenAI on Wednesday also launched Frontier, a new platform designed to serve as a comprehensive hub for businesses adopting a range of AI tools — including those developed by third parties — that can operate together seamlessly.
“We can be the partner of choice for AI transformation for enterprise. The sky is the limit in terms of revenue we can generate from a platform like that,” Fidji Simo, OpenAI’s CEO of applications, told reporters this week.
This follows Monday’s launch of the Codex desktop application for macOS, which OpenAI says has already surpassed 500,000 downloads. The app enables users to manage multiple AI coding agents simultaneously — a capability that becomes increasingly important as enterprises deploy agents for complex, long-running tasks.
The platform ambitions require extraordinary capital. The dueling launches underscore the staggering financial requirements of frontier AI development, with both companies burning through billions while racing to establish market dominance.
Anthropic is currently in discussions for a funding round that could bring in more than $20 billion at a valuation of at least $350 billion, according to Bloomberg, and is simultaneously planning an employee tender offer at that valuation.
OpenAI, meanwhile, has disclosed that it owes more than $1 trillion in financial obligations to backers — including Oracle, Microsoft, and Nvidia — that are essentially fronting compute costs in expectation of future returns.
GPT-5.3-Codex was “co-designed for, trained with, and served on NVIDIA GB200 NVL72 systems,” according to OpenAI’s announcement—a reference to Nvidia’s latest Blackwell-generation AI supercomputing architecture.
The financial pressure adds urgency to both companies’ enterprise strategies. Unlike established tech giants with diversified revenue streams, both Anthropic and OpenAI must prove they can generate sufficient revenue from AI products to justify their extraordinary valuations and infrastructure costs.
Looking ahead, OpenAI says GPT-5.3-Codex is available immediately for paid ChatGPT users across all Codex surfaces: the desktop app, command-line interface, IDE extensions, and web interface. API access is expected to follow.
The model includes a new interactivity feature: users can choose between “pragmatic” or “friendly” personalities — a customization Altman suggests users feel strongly about. More substantively, the model provides frequent progress updates during tasks, allowing users to interact in real time, ask questions, discuss approaches, and steer toward solutions without losing context.
“Instead of waiting for a final output, you can interact in real time,” OpenAI stated. “GPT-5.3-Codex talks through what it’s doing, responds to feedback, and keeps you in the loop from start to finish.”
The company promises more capabilities in the coming weeks, with Altman declaring: “I believe Codex is going to win.”
He concluded his response to Anthropic with a philosophical statement that frames the competition in stark terms: “This time belongs to the builders, not the people who want to control them.”
Whether that message resonates with enterprise customers — who according to a16z data cite trust, security, and compliance as their top concerns — remains to be seen. What’s clear is that the AI coding wars have begun in earnest, and neither company intends to cede ground.
Anthropic on Thursday released Claude Opus 4.6, a major upgrade to its flagship artificial intelligence model that the company says plans more carefully, sustains longer autonomous workflows, and outperforms competitors including OpenAI’s GPT-5.2 on key enterprise benchmarks — a release that arrives at a tumultuous moment for the AI industry and global software markets.
The launch comes just three days after OpenAI released its own Codex desktop application in a direct challenge to Anthropic’s Claude Code momentum, and amid a $285 billion rout in software and services stocks that investors attribute partly to fears that Anthropic’s AI tools could disrupt established enterprise software businesses.
For the first time, Anthropic’s Opus-class models will feature a 1 million token context window, allowing the AI to process and reason across vastly more information than previous versions. The company also introduced “agent teams” in Claude Code — a research preview feature that enables multiple AI agents to work simultaneously on different aspects of a coding project, coordinating autonomously.
“We’re focused on building the most capable, reliable, and safe AI systems,” an Anthropic spokesperson told VentureBeat about the announcements. “Opus 4.6 is even better at planning, helping solve the most complex coding tasks. And the new agent teams feature means users can split work across multiple agents — one on the frontend, one on the API, one on the migration — each owning its piece and coordinating directly with the others.”
The release intensifies an already fierce competition between Anthropic and OpenAI, the two most valuable privately held AI companies in the world. OpenAI on Monday released a new desktop application for its Codex artificial intelligence coding system, a tool the company says transforms software development from a collaborative exercise with a single AI assistant into something more akin to managing a team of autonomous workers.
AI coding assistants have exploded in popularity over the last year, and OpenAI said more than 1 million developers have used Codex in the past month. The new Codex app is part of OpenAI’s ongoing effort to lure users and market share away from rivals like Anthropic and Cursor.
The timing of Anthropic’s release — just 72 hours after OpenAI’s Codex launch — underscores the breakneck pace of competition in AI development tools. OpenAI faces intensifying competition from Anthropic, which posted the largest share increase of any frontier lab since May 2025, according to a recent Andreessen Horowitz survey. Forty-four percent of enterprises now use Anthropic in production, driven by rapid capability gains in software development since late 2024. The desktop launch is a strategic counter to Claude Code’s momentum.
According to Anthropic’s announcement, Opus 4.6 achieves the highest score on Terminal-Bench 2.0, an agentic coding evaluation, and leads all other frontier models on Humanity’s Last Exam, a complex multi-discipline reasoning test. On GDPval-AA — a benchmark measuring performance on economically valuable knowledge work tasks in finance, legal and other domains — Opus 4.6 outperforms OpenAI’s GPT-5.2 by approximately 144 ELO points, which translates to obtaining a higher score approximately 70% of the time.
The stakes are substantial. Asked about Claude Code’s financial performance, the Anthropic spokesperson noted that in November, the company announced that Claude Code reached $1 billion in run rate revenue only six months after becoming generally available in May 2025.
The spokesperson highlighted major enterprise deployments: “Claude Code is used by Uber across teams like software engineering, data science, finance, and trust and safety; wall-to-wall deployment across Salesforce’s global engineering org; tens of thousands of devs at Accenture; and companies across industries like Spotify, Rakuten, Snowflake, Novo Nordisk, and Ramp.”
That enterprise traction has translated into skyrocketing valuations. Earlier this month, Anthropic signed a term sheet for a $10 billion funding round at a $350 billion valuation. Bloomberg reported that Anthropic is simultaneously working on a tender offer that would allow employees to sell shares at that valuation, offering liquidity to staffers who have watched the company’s worth multiply since its 2021 founding.
One of Opus 4.6’s most significant technical improvements addresses what the AI industry calls “context rot“—the degradation of model performance as conversations grow longer. Anthropic says Opus 4.6 scores 76% on MRCR v2, a needle-in-a-haystack benchmark testing a model’s ability to retrieve information hidden in vast amounts of text, compared to just 18.5% for Sonnet 4.5.
“This is a qualitative shift in how much context a model can actually use while maintaining peak performance,” the company said in its announcement.
The model also supports outputs of up to 128,000 tokens — enough to complete substantial coding tasks or documents without breaking them into multiple requests.
For developers, Anthropic is introducing several new API features alongside the model: adaptive thinking, which allows Claude to decide when deeper reasoning would be helpful rather than requiring a binary on-off choice; four effort levels (low, medium, high, max) to control intelligence, speed and cost tradeoffs; and context compaction, a beta feature that automatically summarizes older context to enable longer-running tasks.
Anthropic, which has built its brand around AI safety research, emphasized that Opus 4.6 maintains alignment with its predecessors despite its enhanced capabilities. On the company’s automated behavior audit measuring misaligned behaviors such as deception, sycophancy, and cooperation with misuse, Opus 4.6 “showed a low rate” of problematic responses while also achieving “the lowest rate of over-refusals — where the model fails to answer benign queries — of any recent Claude model.”
When asked how Anthropic thinks about safety guardrails as Claude becomes more agentic, particularly with multiple agents coordinating autonomously, the spokesperson pointed to the company’s published framework: “Agents have tremendous potential for positive impacts in work but it’s important that agents continue to be safe, reliable, and trustworthy. We outlined our framework for developing safe and trustworthy agents last year which shares core principles developers should consider when building agents.”
The company said it has developed six new cybersecurity probes to detect potentially harmful uses of the model’s enhanced capabilities, and is using Opus 4.6 to help find and patch vulnerabilities in open-source software as part of defensive cybersecurity efforts.
The rivalry between Anthropic and OpenAI has spilled into consumer marketing in dramatic fashion. Both companies will feature prominently during Sunday’s Super Bowl. Anthropic is airing commercials that mock OpenAI’s decision to begin testing advertisements in ChatGPT, with the tagline: “Ads are coming to AI. But not to Claude.”
OpenAI CEO Sam Altman responded by calling the ads “funny” but “clearly dishonest,” posting on X that his company would “obviously never run ads in the way Anthropic depicts them” and that “Anthropic wants to control what people do with AI” while serving “an expensive product to rich people.”
The exchange highlights a fundamental strategic divergence: OpenAI has moved to monetize its massive free user base through advertising, while Anthropic has focused almost exclusively on enterprise sales and premium subscriptions.
The launch occurs against a backdrop of historic market volatility in software stocks. A new AI automation tool from Anthropic PBC sparked a $285 billion rout in stocks across the software, financial services and asset management sectors on Tuesday as investors raced to dump shares with even the slightest exposure. A Goldman Sachs basket of US software stocks sank 6%, its biggest one-day decline since April’s tariff-fueled selloff.
The selloff was triggered by a new legal tool from Anthropic, which showed the AI industry’s growing push into industries that can unlock lucrative enterprise revenue needed to fund massive investments in the technology. One trigger for Tuesday’s selloff was Anthropic’s launch of plug-ins for its Claude Cowork agent on Friday, enabling automated tasks across legal, sales, marketing and data analysis.
Thomson Reuters plunged 15.83% Tuesday, its biggest single-day drop on record; and Legalzoom.com sank 19.68%. European legal software providers including RELX, owner of LexisNexis, and Wolters Kluwer experienced their worst single-day performances in decades.
Not everyone agrees the selloff is warranted. Nvidia CEO Jensen Huang said on Tuesday that fears AI would replace software and related tools were “illogical” and “time will prove itself.” Mark Murphy, head of U.S. enterprise software research at JPMorgan, said in a Reuters report it “feels like an illogical leap” to say a new plug-in from an LLM would “replace every layer of mission-critical enterprise software.”
Among the more notable product announcements: Anthropic is releasing Claude in PowerPoint in research preview, allowing users to create presentations using the same AI capabilities that power Claude’s document and spreadsheet work. The integration puts Claude directly inside a core Microsoft product — an unusual arrangement given Microsoft’s 27% stake in OpenAI.
The Anthropic spokesperson framed the move pragmatically in an interview with VentureBeat: “Microsoft has an official add-in marketplace for Office products with multiple add-ins available to help people with slide creation and iteration. Any developer can build a plugin for Excel or PowerPoint. We’re participating in that ecosystem to bring Claude into PowerPoint. This is about participating in the ecosystem and giving users the ability to work with the tools that they want, in the programs they want.”
Data from a16z’s recent enterprise AI survey suggests both Anthropic and OpenAI face an increasingly competitive landscape. While OpenAI remains the most widely used AI provider in the enterprise, with approximately 77% of surveyed companies using it in production in January 2026, Anthropic’s adoption is rising rapidly — from near-zero in March 2024 to approximately 40% using it in production by January 2026.
The survey data also shows that 75% of Anthropic’s enterprise customers are using it in production, with 89% either testing or in production — figures that slightly exceed OpenAI’s 46% in production and 73% testing or in production rates among its customer base.
Enterprise spending on AI continues to accelerate. Average enterprise LLM spend reached $7 million in 2025, up 180% from $2.5 million in 2024, with projections suggesting $11.6 million in 2026 — a 65% increase year-over-year.
Opus 4.6 is available immediately on claude.ai, the Claude API, and major cloud platforms. Developers can access it via claude-opus-4-6 through the API. Pricing remains unchanged at $5 per million input tokens and $25 per million output tokens, with premium pricing of $10/$37.50 for prompts exceeding 200,000 tokens using the 1 million token context window.
For users who find Opus 4.6 “overthinking” simpler tasks — a characteristic Anthropic acknowledges can add cost and latency — the company recommends adjusting the effort parameter from its default high setting to medium.
The recommendation captures something essential about where the AI industry now stands. These models have grown so capable that their creators must now teach customers how to make them think less. Whether that represents a breakthrough or a warning sign depends entirely on which side of the disruption you’re standing on — and whether you remembered to sell your software stocks before Tuesday.