Sam: Anthropic filed for an IPO. The company behind Claude submitted a confidential draft registration to the SEC, with a valuation just under one trillion dollars. If it goes through at anything close to that number, it would be the largest IPO ever filed. And the timing is interesting — this lands right as Anthropic is scaling its security vulnerability program to critical infrastructure in fifteen countries, and right as OpenAI is preparing its own IPO. There's a lot to unpack today.

Priya: Welcome to AI Revolution for Tuesday, June 2nd, 2026. I'm Priya Nair.

Sam: And I'm Sam Kim.

Priya: We've got a packed episode. We're going to dig into the Anthropic IPO and what public market scrutiny actually means for an AI safety company. Then we'll talk about Project Glasswing scaling Claude Mythos to critical infrastructure worldwide — ten thousand vulnerabilities found so far. Florida has filed a first-of-its-kind lawsuit against OpenAI and Sam Altman personally. OpenAI's models just landed on AWS. We've got new Codex enterprise tools, dynamic multi-agent workflows in Claude Code, Richard Sutton arguing that generative AI fundamentally can't do science, and a genuinely alarming story about hackers using Meta's AI support chatbot to steal celebrity Instagram accounts. Let's get into it.

Sam: So the Anthropic IPO. A confidential S-1 filing, valuation approaching a trillion dollars. To put that in context, Anthropic was valued at eighteen billion in late 2023. That's roughly a fifty-x increase in about two and a half years. The confidential filing process means we won't see the actual financials until closer to the roadshow, but when that S-1 becomes public, it'll be the first time we get a detailed look at a frontier AI lab's unit economics — compute costs, revenue breakdown, margin structure, customer concentration.

Priya: And that transparency piece matters beyond just investor interest. Anthropic has built its brand around responsible AI development and safety research. Once you're a public company, you have quarterly earnings calls. You have analyst scrutiny. You have to quantify what you're spending on safety versus capability research. That's a fundamentally different accountability structure than what any frontier lab has operated under.

Sam: Right. And the competitive dynamics here are fascinating. OpenAI is also preparing an IPO. So we're about to see a direct market comparison between these two companies. Investors will be looking at revenue per employee, inference costs per query, enterprise contract sizes. It'll be the first time the market gets to price the difference between Anthropic's approach and OpenAI's approach with real numbers.

Priya: One thing I'll be watching — customer concentration risk. If a significant chunk of Anthropic's revenue comes from a small number of large enterprise deals or from their Amazon partnership, that's something public market investors will scrutinize heavily.

Sam: Absolutely. Now, speaking of Anthropic — the second big story today is actually connected. Project Glasswing, their security vulnerability discovery program, has expanded massively. A hundred and fifty partner organizations across fifteen-plus countries, all using Claude Mythos Preview to scan critical infrastructure — power grids, water treatment systems, healthcare networks, telecommunications.

Priya: And the headline number: over ten thousand serious security vulnerabilities identified so far.

Sam: Let's talk about what's actually happening technically. Mythos is being used for automated vulnerability discovery in systems that are notoriously hard to audit. Critical infrastructure runs on deeply heterogeneous technology stacks — legacy SCADA systems, decades-old firmware, custom protocols. Traditional automated scanning tools struggle with this because they're built around known vulnerability signatures. What an LLM brings is the ability to reason about system behavior, read documentation and source code in context, and identify logical flaws that aren't in any CVE database.

Priya: The scale here is what stands out to me. Fifteen countries, sectors where a successful cyberattack could affect a hundred million people. This is one of the largest applied AI security programs ever attempted. And the fact that it's happening simultaneously with the IPO filing is probably not a coincidence — it's a concrete demonstration of enterprise value and real-world impact.

Sam: Though I want to be careful about one thing. Ten thousand serious vulnerabilities is a big number, but we don't have visibility into the false positive rate, or how "serious" is being defined, or how many of these are novel versus things that would have been caught by conventional auditing given enough time and resources. The program sounds genuinely impressive, but the detailed methodology matters.

Priya: Fair. Let's shift to a very different kind of story. Florida has sued OpenAI and Sam Altman personally over violent incidents allegedly linked to ChatGPT, including a shooting at Florida State University.

Sam: This is the first state-level lawsuit that names both a frontier AI company and its CEO individually. The legal theory here is product liability — the argument that ChatGPT's outputs contributed to real-world violence, and that OpenAI and its leadership bear responsibility.

Priya: The legal precedent question is genuinely significant. We don't have established case law for AI product liability in consumer-facing applications. Is an AI model more like a product, where the manufacturer is liable for defects? Or more like a platform, with Section 230 protections? Or something else entirely? This case will start to define that.

Sam: And it connects to the broader regulatory vacuum. The Trump administration revoked Biden's AI executive order, and as Wired reported today, the White House is internally divided on whether and how to rebuild any federal AI framework. So in the absence of federal regulation, states are stepping in — Florida with this lawsuit, other states with their own legislative approaches. If you're an enterprise deploying consumer-facing AI, your liability landscape is now fragmented across fifty different state-level frameworks that don't exist yet.

Priya: Which is arguably worse than any single regulation would be.

Sam: Much worse. Okay, let's talk about OpenAI on AWS. GPT-5.5, GPT-5.4, and Codex are now available through Amazon Bedrock at pricing parity with OpenAI's own platform. Both commercial and government AWS regions, US-only for now.

Priya: This is a distribution play, and the details matter. Usage counts toward existing AWS enterprise agreements. That's huge for procurement. If you're a large enterprise with a committed AWS spend, you can now access OpenAI models without a separate vendor relationship, separate security review, separate contract negotiation. It removes enormous friction.

Sam: And the government region availability is significant. There are organizations that can only run workloads in GovCloud-compliant infrastructure. They previously couldn't use OpenAI models at all in those environments. Now they can. That opens up a substantial market segment.

Priya: It also means AWS is now hosting both Anthropic's models — through their existing partnership — and OpenAI's models. Amazon has effectively become the model-agnostic enterprise distribution layer.

Sam: Which is a very comfortable strategic position for Amazon and a more complicated one for both OpenAI and Anthropic, who are now competing on the same shelf.

Priya: Related to OpenAI — they also released new Codex capabilities today, expanding beyond code generation into general enterprise knowledge work. The interesting part is they published an internal usage report documenting how Codex is actually being used.

Sam: This is rare. We almost never get empirical data on how agentic AI tools are adopted in real organizations. The details of the report will matter — what tasks are people delegating, what's the completion rate, where do humans intervene. If the data is solid, it'll be one of the better sources we have for understanding what agentic AI actually does versus what demos suggest it can do.

Priya: Now, Anthropic also had a technical release today. Claude Code got Dynamic Workflows — the ability to spin up and coordinate large numbers of parallel AI agents within a single session.

Sam: This is architecturally interesting. Previously, agentic coding tools mostly worked sequentially — do step one, then step two, then step three. Dynamic Workflows lets Claude Code analyze a complex task, generate an orchestration script on the fly, decompose the work into subtasks, farm those out to parallel agents, then validate and synthesize the results.

Priya: So practically, what does that look like?

Sam: Say you need to refactor a large codebase — update an API across dozens of files, with tests. Instead of processing files one at a time, Claude Code can now spawn parallel agents that each handle a subset of files simultaneously, then a coordinator agent checks consistency across all the changes. The orchestration logic itself is generated dynamically based on the task structure. It's a meaningful step toward what you'd call genuine multi-agent software engineering.

Priya: The validation step is key. Parallel execution without verification is just parallel hallucination at scale.

Sam: Exactly. And that connects nicely to our research story. Richard Sutton — Turing Award winner, father of reinforcement learning — published an argument that pure generative AI cannot do real scientific discovery because it fundamentally lacks the ability to evaluate its own outputs.

Priya: His point is that generation and evaluation are different capabilities, and current LLMs only do generation. They can produce novel-looking outputs, but they can't tell whether those outputs are actually correct or meaningful.

Sam: Right. His examples are AlphaGo and AlphaProof — systems that have built-in evaluation loops. AlphaGo can play out a game and know who won. AlphaProof can check whether a mathematical proof is valid. That evaluation signal is what allows genuine exploration and discovery. Without it, you get what Sutton calls flickering novelty — the system occasionally produces something interesting, but it can't recognize it, so it can't build on it.

Priya: The implication for the field is that the current strategy of scaling up LLMs alone won't get us to AI that advances science. You need hybrid architectures that pair generation with rigorous evaluation. Which, interestingly, is exactly what the Dynamic Workflows validation step is a tiny version of.

Sam: Good observation. And it's worth noting — this isn't Sutton saying LLMs are useless. He's saying they're architecturally incomplete for a specific and important class of tasks.

Priya: Okay, last story, and it's a good one to end on. Hackers manipulated Meta's AI customer support chatbot to steal high-value Instagram accounts from celebrities. The handles were resold before Meta identified and patched the exploit.

Sam: This is a textbook example of why giving LLM-based agents privileged access to backend systems creates novel attack surfaces. Meta deployed an AI chatbot for account support. That chatbot had the ability to perform account actions — password resets, email changes, whatever the support flow requires. Attackers found ways to manipulate the chatbot into performing those actions on accounts they didn't own.

Priya: We don't have full details on whether this was prompt injection, social engineering of the AI, or some combination. But the fundamental problem is clear: the chatbot had authority to modify accounts, and the authorization checks weren't sufficient to prevent manipulation.

Sam: This is the risk that security researchers have been warning about for two years. When you give an LLM agent the ability to take real actions in production systems, you're essentially creating a new user with a new attack surface. The LLM doesn't have robust identity verification instincts. It's trying to be helpful. And the gap between "trying to be helpful" and "verifying the requester is authorized" is exactly where these attacks live.

Priya: Every organization deploying AI agents with backend access should be studying this case.

Sam: Looking ahead — what are the threads to watch? The Anthropic IPO process will unfold over months, but when that S-1 goes public, it'll be the most information-dense document about the AI industry's economics we've ever seen. I'll be reading it line by line.

Priya: The Florida lawsuit will move slowly, but every brief filed will start establishing the vocabulary and legal framework for AI liability. And the Meta chatbot attack — I think we're going to see more incidents like this. The deployment of AI agents with privileged access is accelerating faster than the security frameworks to protect them.

Sam: And Sutton's critique is going to keep reverberating. The question of whether scaling LLMs alone is sufficient, or whether we need fundamentally different architectures for real reasoning and discovery — that's the deep technical question underlying everything else we talked about today.

Priya: That's our show for Tuesday, June 2nd, 2026. Show notes and links to all the stories we covered are at cleartext.fm.

Sam: Thanks for listening. We'll see you tomorrow.