Today: Workday jostles for position in the race to bring agents to the enterprise, a new type of software supply-chain attack is spreading, and the latest funding rounds in enterprise tech.
Today: another batch of earnings reports shows that enterprises are still investing heavily in the raw materials for generative AI, Microsoft takes a careful step away from its dependence on OpenAI's models, and the latest enterprise moves.
Today: Broadcom rolls out new VMware services aimed at convincing customers to run next-generation workloads the old-fashioned way, we're starting to learn what DOGE did with some of the country's most sensitive data, and the latest funding rounds in enterprise tech.
Today: Workday jostles for position in the race to bring agents to the enterprise, a new type of software supply-chain attack is spreading, and the latest funding rounds in enterprise tech.
Welcome to Runtime! We're back! Today: Workday jostles for position in the race to bring agents to the enterprise, a new type of software supply-chain attack is spreading, and the latest funding rounds in enterprise tech.
(Was this email forwarded to you? Sign up here to get Runtime each week.)
2025 was supposed to be "the year of the agent," the year when generative AI applications would move beyond their chatbot origins to autonomously execute any number of business tasks and transform the way enterprise software is built and sold. Gartner recently declared that it is safe to take the over on that prediction, which rather than deterring the enterprise software vendors who have placed big bets on agentic AI only gives them more time to hone the pitch.
Workday is one of many companies trying to convince enterprises to use its software as the foundation for their agentic AI strategies, and Tuesday at Workday Rising it unveiled several new tools that it hopes will close the deal. "The era of one-size-fits-all enterprise software is over," said Workday CTO Peter Bailis in a press release, and Workday's plan is to help current customers make more of their existing investments in its software.
One big reason why AI agents have yet to hit the mainstream is that many enterprises don't have the proper data management tools and strategies in place to help unlock unstructured data. Anyone who wants to sell an agentic AI platform to those companies needs to deal with that reality first, and Workday rolled out a new data service Thursday that could help.
Workday is no different from enterprise software competitors such as Salesforce and ServiceNow in that it became a huge part of its customers' business operations long before anybody was talking about generative AI. Upstarts built around the generative AI era are nipping at their heels, and Workday took one of those companies off the board Tuesday by announcing a $1.1 billion deal to acquire Sana.
Millions of software developers use NPM, a software package repository owned by GitHub, to find open-source code they need to build or update their applications. A new type of malware spreading through packages stored on NPM is stealing private credentials from developers that install the packages and publishing those secrets to GitHub, according to Krebs On Security.
Those secrets are being published to a GitHub repository called Shai-Hulud, or the name of those huge sandworms in the Dune novels and movies. "Beyond data theft, the malware exhibits worm-like behaviour: when a compromised package encounters additional npm tokens in its environment, it will automatically publish malicious versions of any packages it can access - spreading across the npm ecosystem," according to Wiz Research.
Security experts believe the new malware threat is similar to one that spread a few weeks ago across NPM, which Ars Technica said "is likely to be the world’s biggest supply-chain attack ever." Nicholas Weaver, a researcher with the International Computer Science Institute, told Krebs on Security that package repositories like NPM need to insert a human in the package-publishing loop: “Allowing purely automated processes to update the published packages is now a proven recipe for disaster.”
Invisible Technologies raised $100 million in "growth funding" for its AI infrastructure software, which includes a data platform and an observability tool.
Remedio scored $65 million in its first funding round to date after six years of operating profitably as a cybersecurity startup focused on device posture management, which helps companies manage PCs, Macs and other devices on their networks.
CodeRabbit landed $60 million in Series B funding for its code-review software, which helps developers spot and fix problems with AI-generated code.
Airia raised $50 million in new funding from co-founder John Marshall, who previously invested a separate $50 million round in the enterprise AI orchestration startup.
Micro1 scored $35 million in Series A funding for its AI data-labeling services, which are in demand after Meta invested $14.5 billion in Scale AI, forcing rival model developers to look for new labeling partners.
Druid AI landed $31 million in Series C funding as it builds out a platform for building and managing enterprise AI agents.
Salesforce announced the creation of a new business unit called Missionforce that will sell AI services to U.S. military customers, and we can't wait to see which furry mascot gets selected for the new division.
Nvidia will purchase any computing capacity that CoreWeave isn't able to sell through 2032, a deal that is worth $6.3 billion up front according to Reuters.
Thanks for reading — see you Thursday!
Today: another batch of earnings reports shows that enterprises are still investing heavily in the raw materials for generative AI, Microsoft takes a careful step away from its dependence on OpenAI's models, and the latest enterprise moves.
Today: Broadcom rolls out new VMware services aimed at convincing customers to run next-generation workloads the old-fashioned way, we're starting to learn what DOGE did with some of the country's most sensitive data, and the latest funding rounds in enterprise tech.
Today: the wildest dreams for the future of LLMs appear to be falling apart, Microsoft kicks partners from certain countries out of its early-notification program for vulnerabilities, and the latest enterprise moves.
Today: Voice-phishing attacks are turning into a serious problem without an easy solution, Google Cloud furthers its nuclear plans, and the latest funding rounds in enterprise tech.
