Today on Product Saturday: OpenAI rolls out two new models and a security agent, JavaScript developers have a new way to find npm packages, and the quote of the week.
Today: AWS and Google Cloud are pushing AI deeper into the healthcare industry, Anthropic is now officially considered a supply-chain risk by the U.S. government, and the latest enterprise moves.
Today: The U.S. government's declaration that military contractors should no longer work with Anthropic is a threat to software companies, AWS data centers appear to have been targeted by Iran's response to the joint U.S./Israel bombing campaign, and the latest funding rounds in enterprise tech.
Today on Product Saturday: OpenAI rolls out two new models and a security agent, JavaScript developers have a new way to find npm packages, and the quote of the week.
Welcome to Runtime! Today on Product Saturday: OpenAI rolls out two new models and a security agent, JavaScript developers have a new way to find npm packages, and the quote of the week.
Please forward this email to a friend or colleague! If it was forwarded to you, sign up here to get Runtime each week, and if you value independent enterprise tech journalism, click the button below and become a Runtime supporter today.
Bug hunter: Even putting aside CEO Sam Altman's convoluted response to the showdown between the Pentagon and Anthropic, OpenAI had a busy week. It launched two new models — GPT-5.4 and GPT-5.3 Instant — and introduced Codex Security, a research preview of an AI agent designed to find vulnerabilities and recommend patches.
"By combining agentic reasoning from our frontier models with automated validation, it delivers high-confidence findings and actionable fixes so teams can focus on the vulnerabilities that matter and ship secure code faster," OpenAI said in a blog post. Anthropic revealed a similar security agent in research preview status two weeks ago that tanked cybersecurity stocks, but thanks to the skyrocketing price of oil almost all stocks were down on Friday.
Set and forget: Cursor is going through an interesting time at the moment; its annualized revenue soared to $2 billion a year during the last quarter as more enterprise customers start using its coding editor, but all the cool kids are talking about Claude Code. This week Cursor introduced a new tool called Automations that allows customers to build custom agents in Cursor to tackle all the other parts of software engineering beyond code.
"When invoked, the automated agent spins up a cloud sandbox, follows your instructions using the MCPs and models you've configured, and verifies its own output," Cursor said in a blog post. Right now those agents seem to work best at reviewing code, such as searching for vulnerabilities or as part of responding to an incident, and "chores," things like documentation or bug tracking.
Track your package: Working with the npm registry is a big part of every JavaScript developer's life, and that has been a frustrating experience over the last year or so as malware disguised as legit software packages has spread across the platform. Earlier this year a band of open-source developers came together to work on a new way to navigate that registry, and this week they unveiled a browser called npmx.
"npmx is about speed and simplicity: making it quicker and easier to find, evaluate, and manage npm packages," the group said in a blog post. They seem to have struck a chord: "With over 105 contributors and 1500 stars in just 16 days, npmx became one of the most active early open-source projects we’ve seen," they said.
KARL's Sr: One of the reasons it took so long for agents to get a foothold in the enterprise was that AI models simply weren't ready to support agentic workflows, a situation that changed dramatically at the end of last year with the release of Claude Opus 4.5 and GPT-5-Codex. Still, using those models to run agents remains really expensive, and Databricks introduced a new custom model this week that used reinforcement learning to build a faster and cheaper reasoning model.
KARL "addresses a critical enterprise capability, grounded reasoning: answering questions by searching for documents, fact-finding, cross-referencing information, and reasoning over dozens or hundreds of steps," the company said in a blog post. It's a research preview, so much work remains to be done, but Databricks said KARL "matches the performance of the world's most powerful proprietary models at a fraction of the serving cost and latency, including on new grounded reasoning tasks it had never seen."
Herding agents: As we await the inevitable security disaster that will befall some prominent company currently cranking out AI agents as fast as possible, a startup called DeepKeep released a new tool this week for helping companies find and resolve the weak points in their agentic applications. The AI Agent Scanner "provides immediate, actionable visibility into what AI agents can access, which tools and data they interact with, and where potential vulnerabilities exist, meets a pressing enterprise need as the AI agent attack surface grows," DeepKeep said in a press release.
The scanner builds a dashboard, or a "visual risk map" as DeepKeep put it, that allows administrators to monitor how their agents are using data and connecting to the outside world. Right now it supports agents built using tools from AWS, Microsoft, OpenAI, and Salesforce, with support for more agent-building platforms coming later this year.
Containers seem almost quaint in 2026, more than a decade after they took enterprise tech by storm, but they remain the backbone of modern workloads. According to new research from Nutanix, 85% of enterprise tech leaders "believe AI is accelerating container adoption" and 87% expect to increase their use of containers over the next three years.
"The fact that his shot is unlikely to be lethal (only very bloody) does not change the message sent to every investor and corporation in America: do business on our terms, or we will end your business." — Former Trump administration AI policy advisor Dean Ball, correctly predicting earlier this week that Defense Secretary Pete Hegseth's misguided attempt to prevent Pentagon contractors from using Anthropic's AI models for non-military applications would fall flat, as all of the Big Three cloud providers confirmed Friday.
Project Stargate continues to fall short of last year's expectations after Oracle and OpenAI decided to scrap plans for further expansion in Texas, but Meta might swoop in to take over some of that real estate, according to Bloomberg.
Marvell stock rose 18% the day after it reported earnings that beat Wall Street expectations and raised guidance, thanks to a 46% jump in sales of its chips to data-center customers.
Thanks for reading — see you Tuesday!
Today: AWS and Google Cloud are pushing AI deeper into the healthcare industry, Anthropic is now officially considered a supply-chain risk by the U.S. government, and the latest enterprise moves.
Today: The U.S. government's declaration that military contractors should no longer work with Anthropic is a threat to software companies, AWS data centers appear to have been targeted by Iran's response to the joint U.S./Israel bombing campaign, and the latest funding rounds in enterprise tech.
Today on Product Saturday: AWS introduces a new service for running AI agents developed with OpenAI, ServiceNow builds an agent for running agents, and the quote of the week.
Today: Cloudflare's Next.js rewrite project could be an early sign of a new era of custom software, a roundup of enterprise tech earnings, and the latest enterprise moves.
