AI Multi-Turn Safety Gap | AI Field Notes #37

AnalysisCisco published research on May 27 showing frontier AI models fail adversarial attacks delivered across multiple conversation turns at rates dramatically higher than their published single-prompt benchmarks. GPT 5.4's single-turn attack success rate is 2.74%, rising to 24.68% in multi-turn conversations. Gemini 3 Pro goes from 18.1% to 73.35%. Grok 4.1 in non-reasoning mode reaches 88.3% multi-turn success. The study ran 30,090 single-turn and 6,986 multi-turn attacks across 1,456 conversations, testing role-play, misdirection, information decomposition, and incremental escalation. The conclusion: real adversaries iterate. Every safety benchmark that uses only single-turn prompts measures a scenario that does not exist in deployed products.

AnalysisAnthropic closed a $65 billion Series H on May 28, pushing its valuation to $965 billion and passing OpenAI's $852 billion private-market figure. Run-rate revenue crossed $47 billion earlier in May, up from $14 billion at the February Series G close, roughly a three-fold increase in three months. The round was led by Altimeter Capital, Dragoneer, Greenoaks, and Sequoia, with $15 billion coming from cloud providers including $5 billion from Amazon. Anthropic also announced compute commitments: five gigawatts from Amazon, five gigawatts of next-generation TPU (Google's custom AI accelerator chip) capacity from Google and Broadcom, and GPU access from SpaceX's Colossus data centers. An October 2026 IPO remains the target.

AnalysisKPMG announced on May 19 that all 276,000 employees across 138 countries will access Claude through a new Digital Gateway integration running on Microsoft Azure. The deployment embeds Claude Cowork and Managed Agents into KPMG's core client platform, with an initial focus on tax and private equity clients. KPMG's tax leadership cited a concrete result: a regulatory compliance agent that previously took weeks to build inside Digital Gateway now takes minutes. Separately, Deloitte announced a 470,000-employee Claude deployment within 60 days, and PwC committed to its own enterprise-wide rollout. Three of the Big Four accounting firms now run Claude at scale; EY is the visible holdout.

AnalysisMeta began notifying 8,000 workers of layoffs in late May, roughly 10% of its approximately 80,000-person workforce. Simultaneously, 7,000 additional employees are being moved into three new AI-focused groups: Applied AI Engineering, Agent Transformation Accelerator XFN, and Central Analytics. Together, the cuts and redirects touch around 20% of Meta's total headcount. Engineering and product teams took a disproportionate share of the layoffs. Severance runs 16 weeks base pay plus two additional weeks per year of tenure, with 18 months of health coverage. The restructuring follows CEO Mark Zuckerberg's January 2026 statement that 2026 was the year AI agents would do the work of mid-level engineers.

AnalysisPayPal's new CEO Enrique Lores, who arrived from HP Inc. in March 2026, announced on the Q1 earnings call on May 5 that 4,760 employees, 20% of the company's 23,800-person workforce, would be reduced over the next two to three years. The target is $1.5 billion in annualized savings by shifting to an AI-native operating model. Lores described the goal as "becoming a technology company again" after years of accumulated operational layers. The phased timeline is unusual: most AI restructurings announce a single headcount action rather than a multi-year drawdown. PayPal cited customer service, fraud detection, and payment processing pipelines as primary automation targets.

AnalysisPope Leo XIV signed "Magnifica Humanitas" on May 15, exactly 135 years after Leo XIII published "Rerum Novarum," the encyclical that addressed workers' rights and the social consequences of industrialization. The document runs 42,300 words and reaches 1.4 billion Catholics globally. It covers labor displacement, autonomous weapons, AI-generated misinformation, and the concentration of AI capabilities among a small number of corporations. The document frames technology as never neutral: it takes on the characteristics of those who devise, finance, regulate, and use it. No prior institutional statement on AI has reached a comparable audience at this scale.

AnalysisCanada's privacy commissioners published findings in late May that OpenAI violated federal privacy law through ChatGPT's data handling. The investigation identified three failures: overcollection of personal data without proper consent, inadequate safeguards for sensitive information, and insufficient transparency about how data was used. OpenAI did not implement the commissioners' recommended changes before the report was released. Canada becomes the second G7 country after Italy to issue a formal regulatory finding against OpenAI's core product, with the difference that Canada's ruling targets underlying data practices rather than just the consent mechanism.

AnalysisChina began requiring government pre-approval for overseas travel by AI researchers at Alibaba, DeepSeek, and other private-sector AI firms in late May 2026, according to Bloomberg reporting on May 26. The policy extends to startup founders, senior researchers, and executives working on advanced AI. It moves from 2025's soft guidance, which merely advised prominent AI figures to avoid US travel, to a mandatory approval requirement. Beijing has long imposed similar restrictions on state-affiliated researchers in nuclear and aerospace; bringing private-sector AI workers under the same regime marks a material change in how China categorizes strategic AI talent.