Claude Billing Split | AI Field Notes #36

AnalysisAnthropic's unreleased Mythos security model scanned more than 1,000 open-source projects and flagged 23,019 issues in its first month of access, of which 6,202 were high- or critical-severity. Cloudflare found 400 severe vulnerabilities in its own internal code. Mozilla found 271 bugs in Firefox 150, over ten times the 27 found in Firefox 148. Mythos also assembled four independent bugs into a single exploit chain that bypassed both browser renderer and OS sandboxing, and forged a certificate against wolfSSL, an open-source cryptography library used by billions of devices. Anthropic has no plans to release the model publicly: "No company, including Anthropic, has developed safeguards strong enough to prevent such models from being misused." The new bottleneck in security is patching, not finding.

AnalysisStarting June 15, Anthropic separates Claude subscription limits into two pools. Interactive use (chat, Claude Code terminal sessions, Claude Cowork) stays on existing plan limits. Agent SDK, claude -p, Claude Code GitHub Actions, and third-party frameworks draw from a new monthly credit: $20 for Pro, $100 for Max 5x, $200 for Max 20x, billed at full API list rates with no rollover. Before this, all usage shared one subsidized cap. A Pro user running heavy automation burns through the $20 credit in roughly four or five 1-million-token sessions at Claude Sonnet 4.6 input rates. Credits expire monthly. Anthropic sends claim emails before June 8; users must claim their credit once through their Claude account.

AnalysisOpenAI filed a confidential S-1 with the SEC on May 22, targeting a September 2026 IPO on Nasdaq with Goldman Sachs and Morgan Stanley as lead underwriters. The prospectus puts the target public valuation above $1 trillion; the company's most recent private round in March 2026 valued it at $852 billion, the largest private fundraise in history at $122 billion. Key numbers in the filing: roughly $25 billion in annualized revenue as of February 2026 (40% enterprise), a projected $14 billion operating loss for 2026, and an ad business that crossed $100 million annualized in under six weeks from launch. The company projects continued losses through approximately 2030 and has committed $600 billion over five years to chips and data centers.

AnalysisOn May 21, President Trump canceled the signing of an executive order that would have set up voluntary agreements for AI companies to share advanced models with the federal government before release, including a proposed 90-day pre-launch review window. Trump told reporters he "didn't like certain aspects of it" and didn't want to slow down the US lead over China. AI adviser David Sacks was also reportedly opposed, even to a voluntary framework. The draft had been developed with input from AI companies and national security staff over several months. Some AI labs had pushed for a shorter 14-day review window rather than 90 days. The order would not have been binding; its cancellation still removes even a discussion framework.

AnalysisOn May 25, Pope Leo XIV released Magnifica Humanitas ("Magnificent Humanity"), the first papal encyclical dedicated to artificial intelligence, signed exactly 135 years after Pope Leo XIII's Rerum Novarum on workers' rights. The document warns that control of AI must not remain "in the hands of a few," argues that advancing AI technology is fueling global conflicts, and frames the protection of human dignity as the central challenge of the AI era. Anthropic co-founder and safety researcher Christopher Olah appeared alongside Pope Leo XIV at the presentation. The Catholic Church has roughly 1.4 billion members worldwide, and the document creates a formal moral framework that NGOs and policymakers in majority-Catholic regions will cite in AI governance debates.

AnalysisAugust 2, 2026 is 96 days away, the date when high-risk AI system obligations under the EU AI Act become binding. The rules cover systems used in biometrics, critical infrastructure, education, employment, migration, and asylum: conformity assessments must be completed, technical documentation finalized, CE marking affixed, and EU database registration done. A May 7 political deal delayed the timeline for AI systems embedded in physical products (lifts, toys) to August 2028 and some other categories to December 2027, but employment and education AI systems remain at the August 2 date. Penalties run up to 3% of global annual turnover for high-risk violations, 7% for prohibited practices. US and global companies deploying high-risk AI that affects EU users are equally subject to the rules.

AnalysisSecurity researchers published details in May 2026 on CVE-2025-53773, a CVSS 9.6 vulnerability in which hidden prompt injection embedded in pull request descriptions could trigger remote code execution through GitHub Copilot. An attacker submitting a pull request to a public or enterprise repository embeds malicious instructions inside the PR description text; Copilot processes the description as part of its context during AI-assisted review and executes the injected instructions. The vulnerability works because Copilot does not enforce a system-level distinction between display text and agent instructions. Any team using Copilot for code review on repositories that accept external contributions is a potential target.

AnalysisAnthropic projected $10.9 billion in Q2 2026 revenue, a 130% jump from $4.8 billion in Q1, and said it expects its first quarterly operating profit in company history. The company was valued at $380 billion in February 2026 and is now closing a round at above $900 billion, potentially overtaking OpenAI's $852 billion March 2026 valuation. Claude Code, which generates revenue through both direct subscriptions and the API token consumption underlying third-party integrations, is the primary driver alongside enterprise contracts. The revenue acceleration maps to a pattern: a coding tool with high per-session token usage, embedded in developer workflows at scale, compounds faster than most software businesses.