Today: New models from Anthropic and OpenAI claim impressive and scary cybersecurity capabilities, but only club members know for sure, NIST explains how it will deal with a huge surge in vulnerability reports, and the latest enterprise moves.
Today: OpenAI's new chief revenue officer outlines a five-point plan for driving enterprise business, local opposition to new data-center construction is going to be a midterm campaign issue, and the latest funding rounds in enterprise tech.
Today on Product Saturday: Nutanix hopes to entice more VMware customers to make the jump with support for AI agents, Zencoder wants to help developers automate the non-coding parts of their day, and the quote of the week.
Today: New models from Anthropic and OpenAI claim impressive and scary cybersecurity capabilities, but only club members know for sure, NIST explains how it will deal with a huge surge in vulnerability reports, and the latest enterprise moves.
Welcome to Runtime! Today: New models from Anthropic and OpenAI claim impressive and scary cybersecurity capabilities, but only club members know for sure, NIST explains how it will deal with a huge surge in vulnerability reports, and the latest enterprise moves.
Please forward this email to a friend or colleague! If it was forwarded to you, sign up here to get Runtime each week, and if you value independent enterprise tech journalism, click the button below and become a Runtime supporter today.
Over the last six months, rapid advances in AI models built by Anthropic and OpenAI have forever altered the software development process and opened the door to broader adoption of AI agents throughout the enterprise. However, that progress comes at a cost, now that those models have the potential to cause new chaos for security teams.
Anthropic released Opus 4.7 Tuesday, the first new version of its flagship model since the release of Opus 4.6 in November last year kicked off a new chapter in enterprise AI. The company claimed the new model is even better at agentic coding than its predecessor, but cybersecurity professionals who want to use it will need a hall monitor.
OpenAI introduced a similar program earlier this year called Trusted Access for Cyber, and expanded that program this week alongside the release of GPT-5.4-Cyber, "a variant of GPT‑5.4 trained to be cyber-permissive." Much like Anthropic's strategy with Mythos Preview and Opus 4.7, GPT-5.4-Cyber will only be released to "customers in the highest tier" of that program, it said in a blog post Tuesday.
Enterprise AI has moved so far, so quickly in just a few years, and a collective decision to take the industry's foot off the gas pedal in the name of security is probably a good thing. But the downside is Anthropic and OpenAI just set up a cybersecurity caste system that will entrench the power of hyperscalers and other massive security vendors while promising to extend the benefits to the rest of enterprise tech, and it's not clear how that will actually happen.
The beleaguered Cybersecurity Vulnerabilities and Exposures (CVE) program was struggling for months amid uncertainties about the future of its funding sources, and a sharp rise in AI-driven reports of new vulnerabilities pushed it to a breaking point this week. The National Institute for Standards and Technology (NIST), which administers one of the most important tools in enterprise cybersecurity, announced Thursday that the CVE program would no longer add key details about new vulnerabilities unless they rise to a certain level.
As of Wednesday, NIST will no longer "enrich," or add details such as a severity score and products affected, to all vulnerabilities discovered in the future unless they meet certain criteria. The ones that will still get those crucial details include vulnerabilities that CISA knows are currently being exploited, vulnerabilities in software used by the federal government, and vulnerabilities as described by a Biden-administration project to define "critical" software.
NIST cited a 263% increase in vulnerability submissions over the last five years as a reason behind its decision, and said that trend continued into 2026. "They’ve just come out and publicly stated, 'We are never going to get through this backlog,'" Trend Micro's Dustin Childs told CSO, which is a backlog that could be addressed — or at least reduced — with proper federal funding.
Duane O’Brien is the new executive director of the Open Source Initiative, joining the guardian of open-source licensing after technology leadership roles at Capital One and Indeed.com.
Anuj Kumar is the new chief revenue officer at Backblaze, joining the cloud storage company after leadership roles at SUSE, Human Security, and NetApp.
U.S. data center operators will soon be required to submit power consumption data to the Energy Information Administration, which is part of the Department of Energy, according to Wired.
Google Cloud struck a deal with private equity giant Thoma Bravo to provide access to Gemini models for companies in its portfolio, which contains a lot of SaaS companies.
Thanks for reading — see you Saturday!
Today: OpenAI's new chief revenue officer outlines a five-point plan for driving enterprise business, local opposition to new data-center construction is going to be a midterm campaign issue, and the latest funding rounds in enterprise tech.
Today on Product Saturday: Nutanix hopes to entice more VMware customers to make the jump with support for AI agents, Zencoder wants to help developers automate the non-coding parts of their day, and the quote of the week.
Today: AWS and Google suggest that the next five years of AI infrastructure strategies won't look like the last five years, GitHub sheds a little more light on its recent uptime struggles, and the latest enterprise moves.
Today: Why Anthropic thinks its next frontier model is too dangerous to release to the general public, AI infrastructure growing pains aren't improving, and the latest funding rounds in enterprise tech.
