Supply Chains Come Home
Supply Chains Come Home
The era of treating infrastructure as a commodity problem is ending. What we're seeing across the technology sector is a fundamental revaluation: infrastructure that was once optimized purely for cost and efficiency is being reconfigured around control, security, and strategic autonomy.
Apple's exploration of domestic chip production through Intel and Samsung's Texas facilities isn't just about diversification. It signals recognition that manufacturing independence is now a competitive requirement, not a nice-to-have. Similarly, Amazon opening its logistics network to third parties isn't expansion, it's a declaration that private infrastructure has become more reliable than public alternatives.
Even information infrastructure is retreating behind walls. The NHS decision to close source hundreds of repositories over AI security concerns marks a reversal of the open-by-default philosophy that dominated the 2010s. When a public health system concludes that transparency creates more risk than value, something fundamental has shifted.
The common thread isn't nationalism or protectionism, though both play roles. It's that infrastructure itself has become a strategic asset again, with all the defensive posturing and vertical integration that implies. Organizations are choosing sovereignty over optimization.
Deep Dive
Open source becomes a liability when AI can audit at scale
The NHS decision to close source hundreds of GitHub repositories by May 11 represents more than temporary caution. It marks the moment when open source shifted from default best practice to calculated risk that requires active justification. The trigger is Anthropic's Mythos model and similar systems capable of ingesting and analyzing codebases faster than human security teams can audit them.
The calculus is straightforward: when AI models can scan millions of lines of code for architectural weaknesses, configuration details, and subtle vulnerabilities, public repositories become reconnaissance tools. The NHS Engineering Board concluded that even mundane internal tooling carries enough contextual information to materially increase attack surface. This matters because most organizations following open-by-default policies haven't seriously evaluated whether that stance still makes sense in an environment where adversaries have effectively unlimited analysis capacity.
For engineering leaders, this creates an immediate strategic question. Continuing to publish code publicly now requires either confidence that your security posture can withstand AI-assisted analysis or acceptance that you're essentially publishing attack documentation. The middle ground of security through obscurity never worked, but security through limiting adversary reconnaissance time did. That time advantage is gone.
The broader implication cuts deeper than individual security decisions. The open source model relied on transparency creating more benefit than risk. When frontier AI models reach general availability, that equation inverts for any organization whose code contains even modest competitive or operational value. Expect more companies to follow the NHS pattern: temporary closures that become permanent as teams realize they lack the resources to maintain truly secure public repositories. The open source movement doesn't die from this, but it contracts to projects where transparency is the entire point, not a philosophical default.
The AI infrastructure stack is consolidating before it's even finished
Cerebras heading toward a $26 billion IPO reveals how quickly the AI chip market is stratifying into clear winners and also-rans. More notable than the valuation is the company's relationship with OpenAI: a $1 billion loan secured by warrants for 33 million shares, making OpenAI simultaneously Cerebras' largest customer, creditor, and soon-to-be major shareholder. This is vertical integration by another name.
The OpenAI-Cerebras arrangement illustrates why AI infrastructure companies face structural pressure toward consolidation. Building competitive AI-specific chips requires both enormous capital and guaranteed demand at scale. Cerebras solves this by locking in its largest customer as a quasi-owner. OpenAI gains supply chain security and potential upside if Cerebras succeeds. Both parties trade market flexibility for reduced execution risk.
For infrastructure startups, the lesson is stark: access to frontier AI customers is becoming table stakes for raising growth capital. The $10 billion worth of IPO orders on $3.5 billion of available shares signals that public market investors understand this. They're betting on consolidation around a handful of specialized compute providers deeply entangled with the major AI labs.
This creates difficult decisions for founders building AI infrastructure. Pure merchant models look increasingly risky when your potential customers are also potential competitors or acquirers. The alternative is accepting strategic investment from customers, which provides capital and validation but eliminates acquisition optionality and creates dependency. Cerebras chose dependency and it's working. Others attempting merchant independence should expect steady pressure to pick a side as the major labs build or buy their way to supply chain control.
Signal Shots
Sierra hits $15B valuation on $950M raise: Bret Taylor's AI agent company raised $950M from Tiger Global and GV, reaching a post-money valuation above $15 billion with claims of 40% Fortune 50 penetration. The company says it jumped from $100M to $150M in annual recurring revenue in just two months. This matters because enterprise AI agents are proving they can command venture-scale capital while delivering measurable productivity gains, as Uber's report of 10% autonomous code generation demonstrates. Watch whether Sierra's Ghostwriter tool for building agents becomes the platform layer or just another workflow automation feature.
Anthropic and OpenAI launch parallel enterprise ventures: Both AI labs announced joint ventures with asset managers to deploy enterprise AI services, with Anthropic partnering with Blackstone and Goldman Sachs at a $1.5B valuation while OpenAI's Development Company raised $4B from TPG and Brookfield at a $10B valuation. The convergent strategy reveals that AI labs see forward-deployed engineering as the path to enterprise revenue at scale, essentially franchising their models through financial partners with deep portfolio company access. Watch whether these ventures actually deliver integrated solutions or become expensive consulting arrangements that dilute the core product value.
Semiconductor sales surge 79% year-over-year: Global chip sales hit $298.5B in Q1 2026, up 25% from Q4 2025, with March sales reaching $99.5B driven by Asia Pacific and Americas demand. This matters because it confirms the industry is on track for the projected $1T annual run rate, validating that AI infrastructure spending is translating into actual chip purchases rather than just promises. Watch whether the growth sustains through Q2 or if we see inventory correction as hyperscalers digest their capacity additions.
DeepInfra raises $107M for dedicated inference infrastructure: The inference cloud startup raised a Series B from 500 Global and Georges Harik with participation from Nvidia, Samsung, and Supermicro to build out specialized AI inference capacity supporting 190+ open source models. This matters because it validates the thesis that inference will be the dominant AI workload and that purpose-built infrastructure beats general cloud platforms for production AI. Watch whether DeepInfra's token factory model maintains cost advantages as hyperscalers optimize their own inference offerings and whether 30% of traffic coming from autonomous agents becomes the new baseline.
CopyFail bug exposes Linux kernel to takeover attacks: A severe vulnerability affecting Linux kernel versions 7.0 and earlier allows regular users to gain root access on affected systems, with CISA confirming active exploitation and ordering federal agencies to patch by May 15. This matters because the bug affects virtually every modern Linux distribution since 2017, threatening servers in data centers that process the majority of enterprise workloads. Watch whether patches deploy faster than previous kernel vulnerabilities and whether cloud providers experience material security incidents before updates complete. Supply chain injection remains the highest risk vector.
Pinterest crosses $1B quarterly revenue on search, not social: The visual discovery platform reported $1B in Q1 revenue, up 18% year-over-year, driven by 80 billion monthly visual searches that generate commercial intent data no feed-based platform can match. This matters because it validates that advertising attached to search intent converts at fundamentally higher rates than advertising attached to content browsing, with Pinterest's Performance+ suite showing 24% higher conversion lift. Watch whether Google, Amazon, and OpenAI's visual AI capabilities erode Pinterest's moat or if the intent data from 631 million users actively searching for products to buy remains defensible as AI commerce layers proliferate.
Scanning the Wire
Lattice Semiconductor acquires AMI for $1.65B: The Oregon chipmaker is buying the Georgia firmware company to add cloud and AI infrastructure manageability capabilities to its programmable logic offerings. (Oregonian)
Vodafone takes full control of UK joint venture: The telecom will buy out CK Hutchison's 49% stake in VodafoneThree for £4.3B, consolidating ownership of the merged entity formed from its UK operations. (Wall Street Journal)
GameStop bids $56B for eBay without financing: The struggling game retailer made an unsolicited offer for the marketplace giant while revenue declines and store closures continue, with no clear explanation of how it would fund the acquisition. (Ars Technica)
Denmark's clean grid hits AI data center limits: The country that generates 80% of its electricity from renewables now faces infrastructure constraints as power-hungry AI facilities overwhelm grid capacity built for industrial loads. (The Next Web)
Nscale invests €695M in Portugal GPU infrastructure: The Microsoft partner will deploy over 66,000 Nvidia Rubin GPUs starting late 2027, expanding European AI compute capacity through datacenters built specifically for model training workloads. (Bloomberg)
iPhone 17 dominates Q1 global smartphone sales: Apple captured three of the top four spots worldwide, with the base iPhone 17 taking 6% of all sales while Samsung's budget Galaxy A07 claimed fourth position. (Counterpoint Research)
Colorado lawmakers revise AI discrimination bill: After tech leaders warned that regulations were driving companies out of state, legislators introduced a narrower version of anti-discrimination requirements for AI systems. (Wall Street Journal)
UK age verification easily bypassed by children: Research shows 46% of kids consider age checks simple to defeat, with nearly a third admitting they've circumvented them, sometimes by drawing fake facial hair to fool detection systems. (The Register)
Notepad++ creator threatens legal action over Mac port: Developer Don Ho objected to an unofficial macOS version that attempts to look like an authorized release, saying the fork itself is acceptable but the branding infringes his trademark. (The Register)
Dubai sets private sector AI deadline: Crown Prince Sheikh Hamdan launched an initiative requiring the emirate's entire private sector to transition toward agentic AI, marking a departure from typical government roadmaps that avoid specific timelines. (The Next Web)
Outlier
Elon Musk settles SEC Twitter lawsuit for $1.65M: The SEC's lawsuit over disclosure violations during Musk's Twitter acquisition ended with a settlement that amounts to roughly 0.0005% of his net worth, while the agency dropped its request to bar him from serving as an officer or director of public companies. This matters because it establishes that regulatory enforcement has effectively become a voluntary tax for principals wealthy enough to treat penalties as rounding errors. When fines become inconsequential relative to personal wealth, compliance shifts from legal obligation to business decision. Watch whether other founders adopt Musk's strategy of simply absorbing penalties rather than modifying behavior, treating regulatory agencies as minor cost centers rather than constraints on action.
The semiconductor industry just reported $298 billion in quarterly sales while GameStop offered $56 billion for eBay with no money. Someone should tell them the chips are real and the bid is not.