Three things collided today. A landmark AI governance lawsuit. The first real demonstration of recursive self-improvement. And a $99-per-user bet that enterprise AI is about to consolidate fast. Let's get into it.

The Anthropic-Pentagon Fault Line

Anthropic filed two lawsuits against the Department of Defense overnight. And within hours, thirty-plus employees from OpenAI and Google—including Jeff Dean, Google's chief scientist and lead of the Gemini program—filed an amicus brief in support.

Here's the backstory. The Pentagon labeled Anthropic a "supply chain risk"—a designation normally reserved for foreign adversaries—after Anthropic refused two specific demands. They wouldn't allow Claude to be used for mass domestic surveillance. And they wouldn't allow it for fully autonomous lethal weapons systems—that is, AI that can kill without a human in the loop.

The Defense Department's position was that it should be able to use AI for any "lawful purpose." Anthropic drew a line. Negotiations collapsed. The blacklist followed.

The amicus brief makes a pointed argument. It says the Pentagon could have simply cancelled the contract if it didn't like the terms. Instead, the government branded a domestic company a national security threat. The brief warns this "chills professional debate on the benefits and risks of frontier AI systems"—and threatens US competitiveness.

Here's what makes this extraordinary. Jeff Dean signing onto a brief defending a direct competitor. Sam Altman—whose company quickly signed its own military contract after Anthropic's fell apart—publicly calling the designation "very bad for our industry." Even rivals agree the precedent is dangerous.

The core question this case will decide: can the US government blacklist a domestic company for taking a position on AI safety? Every lab in the industry will be watching.

Machines Improving Machines

While that drama played out in courtrooms, something quietly significant happened in a GitHub repo.

Andrej Karpathy released a tool called autoresearch. The concept is deceptively simple. An AI agent reads its own training codebase, forms a hypothesis for improvement—maybe change a learning rate, maybe adjust an architecture depth—modifies the code, runs the experiment, and evaluates the result. Then repeats. Overnight. Without a human watching.

The results matter. After roughly seven hundred autonomous changes on a small language model training run, the agent improved training efficiency by about eleven percent. Not massive. But—and this is the key—it discovered changes that transferred from a smaller to a larger model configuration. The agent wasn't just tuning. It was finding generalizable improvements.

Jack Clark's Import AI newsletter frames this precisely. He cites researchers at Oxford and GovAI who just published fourteen metrics for tracking—quote—"AI R&D Automation." The idea: recursive self-improvement isn't a single event. It's a gradient. And we need to measure where we are on it before we reach the point where we can't easily see it anymore.

One of those metrics is particularly striking. Measure how well human teams can actually supervise AI systems that are building other AI systems. That problem gets harder as the volume of AI-generated work scales faster than human reviewers can follow.

Meanwhile, Ajeya Cotra—a longtime AI forecaster—published an update saying her January predictions for 2026 are already too conservative. She had predicted AI agents would reach a twenty-four-hour task horizon by end of year. Current benchmarks have Opus 4.6 at twelve hours—already halfway there in March. Her updated guess: by December, agents could sustain over a hundred hours of autonomous work on software tasks. At that point, she writes, the concept of a "time horizon" may start to break down entirely.

ByteDance adds a concrete data point here. They fine-tuned their Seed 1.6 model—a mixture-of-experts—specifically for writing CUDA kernels—the low-level GPU code that determines how fast AI models actually run. The resulting agent hit a hundred percent success rate on two benchmark tiers, and ninety-two percent on the hardest tier. That's roughly forty percent better than Claude Opus 4.5 on that hardest tier.

The implication: AI is now being used to write the GPU code that will train the next generation of AI. The loop is closing.

Microsoft Absorbs the Competition

Ben Thompson at Stratechery has a sharp read on the Microsoft-Anthropic Copilot Cowork announcement. Microsoft's classic move is to commoditize its complements—make everything around its core products cheap or free to strengthen its own position. But Thompson notes Anthropic has a point of integration strong enough that Microsoft chose to build on top of it rather than around it.

The product itself is notable. Copilot Cowork runs in the cloud—not desktop-only like Claude's native agent. It pulls from emails, meetings, files, and calendars across Microsoft 365's entire ecosystem. Users describe an outcome. Cowork breaks it into steps and produces deliverables across apps. It launches inside a new ninety-nine dollar per user enterprise tier called E7.

The strategic read: wrapping Anthropic's agent technology inside M365's security and compliance layers gives this product something Claude alone can't easily match. Deep, integrated enterprise context across four hundred fifty million users' worth of organizational data. Anthropic gets distribution. Microsoft gets capability it didn't have to build.

Inference at Planetary Scale

The latest Latent Space podcast goes deep inside NVIDIA's Dynamo—a data center scale inference framework—with two engineers who live at the intersection of GPU hardware and AI deployment.

A few insights worth extracting.

The first is about a fundamental architectural shift called prefill-decode disaggregation. Historically, inference engines ping-pong between two phases: prefill—reading the input and building a cache of key-value vectors that represent the sequence—and decode—generating new tokens using that cache. Kyle Kranen, one of Dynamo's lead architects, explains that separating these phases onto different hardware pools unlocks real efficiency gains. Prefill is compute-bound. Decode is memory-bound. Mixing them on the same hardware means each phase constantly blocks the other. Disaggregating them lets you scale each independently based on actual workload.

The second insight is about agent security. Nader Khalil offers a practical mental model that's worth internalizing. Agents can do three things: access your files, access the internet, and write and execute code. His rule: only ever let an agent do two of those three at once. Files plus code execution—no internet access, because that's your injection vulnerability. Internet plus files—know the full scope before you give it those two together. The combinatorial risk is the problem.

The third is about where agents are heading. The current average autonomous work window for coding agents in production is twenty to forty-five minutes—that's measured in human-equivalent work, not wall-clock time. But the engineers expect this to compound. Kyle expects an agent capable of running with self-consistency for longer than twenty-four hours before end of year. The broader framing they offer: this is the year of "system as model"—where a single API call to something that looks like one model is actually a coordinated system of specialized agents underneath.

The Technology Choice Paradox

Simon Willison closes out today with an observation that cuts against a common assumption. Many people expected coding agents to push developers toward popular, well-documented technology stacks—whatever is best represented in training data. Boring tech by default.

Willison says that's not what he's seeing. Modern agents with long context windows can consume documentation for new or private tools before they start working. They iterate, test their own output, and learn patterns from existing codebases. The agent adapts to the technology choice—not the other way around.

One caveat he adds: what technology an agent recommends unprompted is a separate question. Studies show Claude Code has strong preferences—GitHub Actions, Stripe, shadcn/ui appear at near-monopoly rates when agents make choices independently. The lesson: agents adapt to your choices when you're explicit. But watch what they default to when you're not.

Today's through-line is compression. AI timelines are compressing faster than forecasters can update. The gap between human and AI-generated work is compressing. And the distinction between "AI capability" and "AI governance" is compressing into a single legal and strategic battleground—with the Anthropic lawsuit as its first major test case.