Sam: A researcher at Anthropic used Claude Code to find a heap buffer overflow in the Linux kernel's NFS driver that had been sitting undetected for 23 years. That's not a benchmark result — that's AI finding a real, remotely exploitable vulnerability in production infrastructure that billions of systems depend on, and it signals that AI-assisted security research has crossed from interesting to genuinely consequential.

Priya: Welcome to AI Revolution's Week in Review for the week ending April 18th, 2026. I'm Priya Nair, here with Sam Kim, and this was a week that felt like several tectonic plates shifting at once. We're going to dig into four major themes: AI in security and what it means that models are now finding real bugs at scale; the agentic coding arms race, because OpenAI and Anthropic are in a very pointed fight for that territory; how the industry is restructuring itself financially — and that's more interesting than it sounds; and the infrastructure reality check, because the gap between announced compute buildouts and what's actually getting built is widening. Let's get into it.

Sam: So let's start with the security story, because I think it deserves more unpacking than it usually gets. The headline is that Nicholas Carlini at Anthropic found a 23-year-old kernel vulnerability using Claude Code. But the technically important detail is what kind of vulnerability and where it lives. A heap buffer overflow in the NFS driver. NFS is network file system — this is code that handles remote file access, meaning the attack surface is exposed over the network. Remotely exploitable kernel bugs are about as serious as it gets.

Priya: And the way Carlini apparently found it wasn't magic — it was Claude Code doing systematic analysis of kernel code at a scale and consistency that humans can't sustain. You can have a brilliant security researcher, but they get tired, they have intuitions that lead them away from certain code paths, they prioritize. A model iterating over kernel subsystems doesn't have that problem. It just keeps going.

Sam: Which is why the follow-on statistic matters so much. Linux kernel maintainers are now receiving five to ten valid AI-generated bug reports per day. A few months ago, they were getting AI-generated noise — hallucinated bugs, false positives, low-quality submissions. Now the signal-to-noise ratio has flipped enough that they're tracking it as a category. That's a qualitative shift in the state of the art.

Priya: Now there's a complication this week, and it's worth being honest about it. Two separate studies came out showing that smaller, openly available models can reproduce most of the vulnerability analyses from Anthropic's Claude Mythos — their restricted cybersecurity model that they've kept on a very short leash precisely because they claimed its capabilities were uniquely dangerous.

Sam: Right, and Anthropic's position has been essentially: this model is too capable to release broadly because it could enable sophisticated cyberattacks. The counter-finding is that open models at much smaller scale can do most of what Mythos does. Which either means Mythos isn't as uniquely dangerous as claimed, or it means the capability frontier for security AI is moving fast enough that restricting one model buys you very little time.

Priya: Both of those things can be true simultaneously. And the honest read is probably that AI-enabled vulnerability discovery is going to be widely accessible — the question is whether defenders get there as fast as attackers. The 5-10 valid reports per day number is optimistic if you're on the defense side. It's alarming if you think about who else is running similar pipelines.

Sam: The other layer here is political. Anthropic has simultaneously been in a legal dispute with the Pentagon over AI in warfare, and apparently Claude Mythos is now being used to help thaw that relationship with the Trump administration, which had labeled Anthropic — and this is a direct quote — a "radical left woke company" and a national security supply-chain risk. The fact that a cybersecurity AI model is now functioning as a diplomatic instrument is one of those sentences you have to read twice.

Priya: It reflects something real though. Governments are realizing that AI capability in the security domain is a geopolitical asset, not just a commercial product. Which has real implications for how these models get regulated, who gets access, and how labs position themselves.

Sam: Okay, let's pivot to the coding arms race, because this week made it very clear that agentic coding is where the frontier labs think the near-term money is. OpenAI upgraded Codex significantly — it can now operate in the background on your desktop, it has an in-app browser for visual feedback while it's building, it's moving from "AI that writes code when you ask" to "AI that runs a development loop autonomously."

Priya: And the framing in the coverage was explicit: this is OpenAI taking direct aim at Anthropic's Claude Code. Which is interesting because six months ago the conversation was about GitHub Copilot and which model had the best autocomplete. Now we're talking about agents that hold state, take actions, browse the web, and iterate on their own output. The abstraction level has shifted substantially.

Sam: Anthropic pushed Claude Code forward too — they launched agent-based pull request review, where multiple AI reviewers analyze code changes simultaneously. That's a different kind of capability than generation. It's quality assurance, catching things before they land in main. The combination of generation and review in the same agentic framework starts to look like something that can own a meaningful chunk of the software development lifecycle.

Priya: And the OpenAI organizational news this week reinforces that this is deliberate strategy, not just product releases. Kevin Weil, who was CPO, is out. Bill Peebles, who led Sora, is out. Sora itself has been shut down. OpenAI is explicitly calling things they're killing "side quests" — that's the term they're using internally. They folded the science team into Codex. The entire gravitational center of the company is moving toward enterprise and coding.

Sam: Which is a significant strategic admission. Sora was supposed to be the demonstration that OpenAI could win in video generation — a consumer-facing creative tool. Shutting it down and redirecting that talent and compute toward Codex is a bet that enterprise developer tools are the revenue path, not consumer media generation.

Priya: And it creates interesting space for other players. Google released Gemma 4 this week under Apache 2.0 — 2B, 4B, 26B, and 31B parameter variants, full multimodal including video, image, and audio, context windows up to 256K tokens. Apache 2.0 means genuinely permissive commercial use, no restrictions. For enterprises that want to run capable open-weight models on their own infrastructure without touching OpenAI or Anthropic, this is a substantial option.

Sam: The 256K context window at open-weight under Apache 2.0 is the number I keep coming back to. That's long enough to hold an entire moderately-sized codebase in context. Combine that with agentic capability and multimodal input, and you have a serious foundation for someone to build a Codex or Claude Code competitor without depending on any closed API.

Priya: Let's talk about the financial restructuring happening across the industry, because three stories this week together paint a picture that I think is important. Meta is cutting roughly 8,000 jobs on May 20th, with a second wave planned that could push total cuts above 20% of their workforce. The explicit framing from Zuckerberg is that headcount is being traded for compute. GPU clusters instead of people.

Sam: That's a stark capital allocation choice, and it's worth understanding what's driving it. Training frontier models and running inference at scale requires massive, sustained compute investment. Data center buildouts, GPU procurement, power infrastructure — these are capital-intensive in a way that headcount isn't. And if you believe, as Zuckerberg apparently does, that the next competitive moat is model capability and inference efficiency, then the math on where to put money shifts.

Priya: Meanwhile, DeepSeek — which had been notable for being self-funded and producing remarkably capable models on reportedly constrained budgets — is seeking outside funding for the first time. At least $300 million at a $10 billion valuation. And the context is important: delayed model releases, researchers being poached by well-capitalized rivals. Even the most efficient lab in the world can't sustain frontier development without serious capital.

Sam: That's a meaningful data point about the economics of this space. The narrative around DeepSeek was partly that you could compete at the frontier with much less capital. That might have been true for a window. The window appears to be closing.

Priya: And then Cerebras filed for its IPO this week, backed by a $10 billion-plus deal with OpenAI and an AWS data center partnership. Cerebras builds wafer-scale AI chips — a fundamentally different architecture from Nvidia's discrete GPU approach. An IPO filing with those contracts suggests there's real institutional belief that the chip layer isn't a winner-take-all market for Nvidia.

Sam: There's also the data center construction story this week that adds necessary friction to all of this. Satellite and drone imagery analysis shows that 40% of US data centers planned for 2026 are facing significant construction delays. Energy bottlenecks, permitting, growing community resistance. The compute buildout that the entire industry's projections depend on is running behind.

Priya: Which creates a genuine tension. You have Meta cutting humans to fund compute. You have DeepSeek needing capital to stay competitive. You have Cerebras going public on the strength of AI chip demand. And simultaneously, the physical infrastructure for all of that compute is delayed. The financial bets are ahead of the physical reality.

Sam: One story I want to make sure we don't skip entirely: Recursive Superintelligence, a four-month-old startup, raised $500 million at a $4 billion valuation this week. The focus is self-improving AI systems. Former DeepMind and OpenAI researchers. And yes, Allbirds — the shoe company — pivoted to AI compute infrastructure, which puts it in direct lineage with Long Island Blockchain from 2017. Both of those things happened in the same week, which tells you something about where the investment cycle is.

Priya: It tells you we're somewhere between genuine acceleration and froth, which is an uncomfortable place to try to make decisions from.

Sam: So stepping back — what does this week mean? I think the through line is that AI is exiting the "impressive demo" phase in several important domains simultaneously. Real kernel vulnerabilities. Agentic coding loops that run for hours. Security AI as a geopolitical instrument. These aren't benchmarks, they're production-grade impacts.

Priya: What I'm watching heading into next week is whether the Claude Mythos access restrictions hold given the replication studies, and what the Stanford AI Index report's finding about the US-China capability gap actually prompts in terms of policy response. The export control and national AI strategy conversation has been running on assumptions that the data may not support anymore.

Sam: And I'm watching the OpenAI reorganization — specifically whether the focus on Codex and enterprise represents a genuine long-term strategic shift or a shorter-term revenue move. That answer shapes how the rest of the competitive landscape positions itself.

Priya: That's the Week in Review for April 18th, 2026. AI Revolution publishes a daily episode Monday through Friday if you want to go deeper on any of these stories as they develop — links in the show notes. We'll be back Monday. Thanks for listening.