SpaceX's $23B Debt, DeepSeek's $20B Valuation, and OpenClaw's Growing Pains

welcome everyone to the information's ti tv my name is akash bashricha it is wednesday april 22nd first up today the information has exclusive reporting that tencent and alibaba are in talks to invest in DeepSeek. Our Asia Bureau Chief will join the show to talk about that. We'll then talk through our story about OpenClaw's growing pains. We also have some analysis on the SpaceX cursor deal. We have some exclusive reporting on SpaceX's debt profile. We'll then be joined by a cybersecurity CEO to talk through recent hacks at Mercore and Vercel. And we will wrap the show with our senior finance editor who will discuss his latest column around the opportunities and risks for CoreWeave. It's going to be a fun show, so let's get right on into it. The Information published exclusive reporting about DeepSeek's funding round that is coming together. Our Asia Bureau Chief Jing Yang joins me now to break it all down. Jing, welcome back to the show. It's great to have you here. What do we know about this funding round? Yeah, so we reported just on Friday that DeepSeek is opening up to external capital for the first time ever, which is a big shift for this AI lab. Up until then, Dipsy has been running pretty much as open source AI lab, free from commercial pressure, free from external investor pressure. And remember, when we reported on Friday, the valuation that Dipsy was seeking is $10 billion plus. And quickly that, you know, maybe potentially the effect our story has had, The company has met with immense interest from potential investors they've held discussions with. So now they are seeking a $20 billion plus valuation. That's how fast the story is moving and how quickly things are evolving. And then, so talk about Tencent and Alibaba. So they are interested in investing? Very much so, based on our reporting. Okay. So this is kind of interesting because I'm putting this into context of what we've seen here in North America. We've seen the big hyperscalers like Microsoft, Google, Amazon. They've invested in these high-flying AI startups like Anthropic OpenAI. You can't really call them startups anymore. I mean, these are hundreds of billions of dollars. But is this the same thing playing out in Asia? Is there a circularity loop with respect to business that DeepSeek is buying from Tencent and Alibaba? Walk us through it. So I would just say the short answer is yes and no. So I'll go with the no part first. So DeepSeek, as you know, is mostly an open source AI developer. That means that any cloud provider can apply for a license to host the models on their cloud services. From that perspective, I would say that the logic for the hyperscalers in the US to invest in the likes of Anthropic is a little bit different in here. And then, however, the other end of the spectrum is that we know that Alibaba and Tencent and Biden have all been developing racing to develop the best models in both China and on par with the US. And DeepSeek, even though they have not published or launched a new model for over a year now, still is considered as quite an asset and quite competitive technology-wise. So for the tech giants in China, investing in a company like DeepSeek has two benefits. First, that yeah, of course, for these companies that have their own cloud computing, investing in Upstart can potentially help them acquire a customer. We've seen this played out previously, actually. Alibaba being the cloud computing leader in China and Asia has invested several Chinese AI Upstarts. And then they would, this is sort of a very easy way for them to acquire customers because you can invest in the startup, which will naturally least compute from you. And then you use the money to gain a very loyal and sustainable customer. That's the first logic for these companies to want to invest. The second one would be, you know, DeepSea still is very popular. And then if you believe that DeepSea will be able to continue to innovate, then being an investor would then help you to deepen your potential collaboration down the line with DeepSea whenever they launches their new model or even more AI-related products. And these companies need the best technology they can get to continue to enhance their user base because these are companies that have hundreds of millions or even more than a billion user base of the various tech products and apps in China. So I would just say these are the top two logics for these companies. Let's go back to the valuation. So $20 billion is the new revised valuation that we are reporting that DeepSeek is seeking. $20 billion plus. $20 billion plus. Okay. All right. So it could go even higher. We've seen it already double, I guess. So, I mean, sky's the limit in terms of DeepSeek. But tell me, $20 billion, where does that stack up in terms of competitors in China? Does that feel high, low? Just put it into context for us. Yeah, so I understand 20 billion compared to the valuation that OpenAI and Farbiz has been able to fetch feels like so minuscule, right? But you have to bear in mind that first, DeepSeq is like open source AI lab that has not generated meaningful revenue. And then on top of that, the mess that based on reporting, it could go, you know, it basically works like this. The other heavy contender in the ALM space in China that has not gone public is Moonshot AI, which is behind the very popular Kimi series of models. And then they, as we reported, are finalizing their latest funding round, which values the company at $18 billion before the round. And so from that perspective, it doesn't seem too far-fetched that Dupsey wants a slightly higher valuation. and then there are other data points that suggest the valuation could even get higher because we have two AI model developers that went public in Hong Kong in January, Minimax and Zipu, also known as Z.ai. And then these two companies went public in January at a valuation under $10 billion, but now they are traded somewhere between $30 to $50 billion based on recent market data. So it really depends on how you want to cut and paste the math and how you want to decide what is your worst. But then I do want to point out for the two companies that have recently gone public, they do have been able to generate revenue. Right. Well, I think as we've seen, revenue and profitability is not necessarily an indicator of how much these companies fetch. So at this point, anything goes. 20 billion plus, sure. Why not? But Jing, I want to thank you. I don't want to be surprised. That week has gone up to $50 billion. I mean, I don't know. Well, then you can come on the show and you can tell us more about if they have any more revenue in the last week or something like that. I don't know. All right. Well, Jing, I want to thank you for coming on. That is Jing Yang, our Asia Bureau Chief here at The Information on TITV. OpenClaw consumed Silicon Valley when it first came out a few months ago. Now, the open source initiative is going through some growing pains. That is according to a story out today from my colleagues Juro Osawa and Rocket Drew. I want to bring on Rocket to chat more about it. Rocket, welcome back to the show. It's great to have you here. What is going on in OpenClaw land? That's exactly what I wanted to know going into this story. And what I come away with is the sense that OpenClaw is kind of in an impossible situation here. So if you remember, OpenClaw exploded all of a sudden, but it was just this open source project that Peter Steinberger had been plugging away at for months. And then all of a sudden it went viral and users started complaining that it had security issues. And Peter said, of course it has security issues. It's just my side project, but here's what I'm going to do. I'll give you my best advice for how to avoid security issues. And then people didn't follow the best advice. And he said, I'm going to add as many new security features as possible. So he's adding in all of these new security features, but of course that makes significant changes to the software. So people's systems break. And then they complain. They said, ah, you changed too much stuff and my system broke. He's also trying to reinvent, I mean, invent what agents should even be for the first time. It's a brand new product category. So he's making pretty sweeping changes to the software and it breaks people's setups. So some people are complaining that their setups are breaking. Some people decide to not even update at all. So they're just using out of date versions of the software. He says, okay, here's what I'm going to do. I'm going to build up a team as fast as I can. He recruits this lean team of volunteers to work on OpenClaw all the time. And other people say, well, I don't know your team. I don't trust your team. This isn't a venture-backed startup. I'm supposed to use your software. So he's up against all of this. Meanwhile, there's a whole raft of new competitors on the scene. You've got other open source agent projects. You've also got these offshoots of OpenClaw, like NemoClaw and other corporate offerings that have been adapted. And then at the same time, you're also getting cut off from your access to Anthropics models. Meanwhile, Anthropics is happy to take and copy all sorts of features from OpenClaw and incorporate them into Clawd Code and Clawd Cowork. So OpenClaw is in kind of a tough position here. They're hanging on. They're still getting new users, but growth has slown down a bit. And we wanted to take a look at all of these constraints that it's running up against because it really is in a tough position right now. Okay, so there's a lot there and I want to get into it. But before we get there, so Peter Steinberger, he was hired by OpenAI, right? Is he still working on OpenClaw while he's a full-time employee at OpenAI? That's right, that's right. It's hard to get a really great sense of where his hours are going these days, and he's probably working, you know, maybe the equivalent of two full-time jobs. But from everything that we know, he's still able to spend quite a bit of his time on OpenClaw. He's a very active presence. He's still running the team there. The team is maybe 10, a dozen core maintainers who are these volunteers who are spending maybe three to five hours a day working on this project. And then there are also some maintainers that work at companies like Tencent or NVIDIA, and those companies have dedicated some employees to working on the product, but they tend to work on the parts of OpenClaw that touch their systems rather than the core parts of OpenClaw that everyone is using. So let's go back to the developers you talked about, the people who are upset at this impossible situation that Peter is trying to get his head around. So there's the idea that, hey, look, we have to make it more secure and that will require updates. But also we acknowledge that you probably liked V1 of the software or whatever. But my question for you is, I mean, you speak to these developers. I mean, software updates are not anything new in software development, right? Like this is something that happens every day of every week. So why is it that these OpenClaw updates are infuriating them so much? Yeah, that's right. I mean, I think a lot of the software updates that people are used to is like when I update the iOS on my phone and all things considered, it goes very smoothly. It just works out of the box. But Apple, of course, is able to spend an enormous amount of resources on making that possible. OpenClaw, in contrast, is much more under-resourced. And that is kind of the nature of the game for open source, to your point. I mean, people do expect that when they're updating an open source package, a lot of the time things will break. Now, open source products that are more mature have found some workarounds here, like Linux releases versions that they expect to maintain for the long term. These are called long term support versions. But nothing like that exists for OpenClaw yet because they're still building so rapidly and with such a small team. So I think you're exactly right that in some sense that should be par for the course, but people had unreasonable expectations when OpenClaw went out. It was discussed as though it was a fully polished mature product from a company. And so people expected it to be a smoother experience than maybe they should have. Okay and so now let talk about the other angle you mentioned competition which is that we seen Anthropic is coming out with their own answer to OpenClaw I guess And I'm not sure if it's a direct competitor, but I know that NVIDIA, they're also innovating in the space here with NemoClaw, and we also have our own reporting that Microsoft has been paying attention to all this. So what evidence do we have that these closed source products, maybe if you will, the actual legacy company products, are they competitive with OpenClaw? Is this a threat to them? Are people still using OpenClaw over the alternatives? What do we know? Yeah, I think they are a competition in some sense if we think about these as different products. In other sense, it's a win for OpenClaw. I mean, it's OpenClaw influencing the ecosystem. Sometimes these other products are inheriting code directly from OpenClaw. So it's definitely OpenClaw having an influence on everyone else. I think to some extent, OpenClaw faces a big battle in trying to get to the point where it's on the same tier as something like Claw Code or Claude Cowork, because that's coming from such a name brand company. It has the reputation and some of the credibility built in. and Anthropic is able to throw those resources at making it a smoother experience to use. They're able to make it sort of easier to install, easier to set up on your computer. And they're able to add in a bunch of security features that frankly, some OpenClaw users wouldn't want because they want the freedom. They want the ability for their OpenClaw agent to take whatever action it wants on their computer, any action autonomously, go on the internet, browse any webpage it wants with very little supervision. So in some sense, they're playing in different lanes here, but they also have some advantages over Open Claw. So if I understand you correctly, you're saying that Open Claw is actually, they're not necessarily threatened by this. It's actually validation that their product should be adopted, in other words. Yeah, that's right. Interesting. Rocket, last question for you. What are you watching for with this story as it continues to unfold? Are there, you know, should we be watching for more money pouring into the space here? More high profile developers joining the OpenClaw Foundation as maintainers? What are you looking for? I think both of those could go a long way to helping OpenClaw. What I'm looking for in terms of the future of OpenClaw specifically and whether it's going to develop into a mature, stable product or exactly that, you know, once they set up the foundation, are they able to raise the money to hire some full-time maintainers who can really take OpenClaw to the next level? That might be the thing that's missing for them right now. They might need to move from this sort of scrappy volunteer organization to something a little more established. And they're in the process of doing exactly that. So that's sort of the first question for what happens to OpenClaw. But as far as what I'm watching for on a much higher level, I think is, what does OpenClaw tell us about the future of open source software, especially in this AI era that we're entering? People have a lot of questions about what the next few years hold for open source software. And there's a theory out there that we're about to enter an open source renaissance, that as AI allows the cost of writing new code to go to zero, that open source software will flourish. Just a thousand open source flowers will bloom. And OpenClaw, in some sense, is the beachhead of that. OpenClaw is where we should see that first. So I think we are starting to see it. All of the OpenClaw maintainers are using codecs heavily. They're using AI to write the new features that will allow OpenClaw to improve. But, you know, given that they're still facing these growing pains, it makes you wonder, you know, how far can AI really go for allowing a scrappy team like this to develop a product that's maybe the fastest growing open source product in history. And the sense is there's still a lot of challenges there. Open source has this fundamental asymmetry compared to these closed source proprietary products like you mentioned, which is that Anthropic is free to look at every line of code in OpenClaw and pick and choose the features that they like and adopt them. But it doesn't go the other way, right? It's difficult to know what's going on with cloud code under the hood. I guess, unless Anthropic leaks the source code to cloud code, which they did. But that's the question here is, does open source stand a fighting chance? And is it going to really take off in the next few years? Okay, so you mentioned Anthropic, and you mentioned leak, and this is not, it's not a leak that we're about to talk about here. But we do know that, according to a Bloomberg report, that Anthropix mythos model has now gotten into the hands of some unauthorized users, which was the thing that we were worried about. I mean, you know, they gave access to a couple companies via Project Glasswing. They said it's going to be a controlled release, if a release at all. I wondered what your reaction was to this. I mean, people in your orbit, are they freaking out, scared that, oh my gosh, the cat is out of the bag, or is this not such a big deal? You know, I think for some people I've talked to, this is in line with their expectations. They knew that all of the AI labs have a ways to go in terms of their cybersecurity. So this wasn't a shock. But to your point, there's an irony here that this model that is so cyber capable, so dangerous in terms of cyber attacks, that it had to be kept under lock and key was itself, you know, accessed in an unauthorized way. There's certainly an irony there. It seems like what happened is that the model was in an environment that Anthropic sets aside for third-party testing to help them develop their models before they're released. The model was still available there. Someone had access to that environment. They were able to use Mythos and also other unreleased models from Anthropic. And it sounds like they and their friends just used this model, not for cyber attacks, but to make fun websites for themselves and to play around with it. So that's what we know about how that situation went down. But I think it's not too surprising, even if it is ironic. Yeah, well, the irony here is like, actually crazy. Because if you think about it, I mean, I don't understand. Anthropic could have just used Mythos to analyze its own code base, its own cybersecurity, right? I mean, the whole thing was that, hey, we've used Mythos to find vulnerabilities in other systems that we couldn't find what you didn't think to use it on your own system to figure out that maybe this was the back door that you know this thing could get leaked through like yeah yeah it's a great point you should definitely point the system back at itself to some extent the problem is is intractable because it's also a question of permissions you do have humans and you do have to let them interact with the model if you're going to have them tinker with it before the model goes out. And so maybe those permissions were left open too long. Maybe the permissions should have been restricted more quickly, but that's an aspect of it as well. Okay. Well, Rok, I would add one other thing, which is that it does kind of undermine their cybersecurity strategy, right? Like you said, their approach with Project Glasswing was, we will choose who are the trusted good guys, and they will have access to it to make their systems more robust. And we'll do that so that the good guys get access before the bad guys. But if their security doesn't meet the bar, then the bad guys are going to get access to the model and be able to use it for nefarious purposes and conduct cyber attacks. But it will only be available to a limited set of good guys, the ones that Anthropic handpicked. So if that's the trade-off, you might actually come down and say, well, I would have preferred them to just release it publicly and everyone gets access to it at the same time, both the cyber defenders and the cyber attackers uh it's not totally clear but it does undermine the strategy that they were going for or or maybe maybe there's a mole maybe there's a double agent you know i mean permissions human human error that is the thing that we cannot control for here in this maybe the mole is opus 4.6 that's jealous of all the attention mythos is getting okay well we should be clear we are this is fully on we're just riffing here okay that's right yeah we're writing a script for our next action movie there you go yeah okay well um it's a good name for a double agent i will tell you that much uh rocket i want to thank you for coming on uh that is rocket drew our ai robotics and cyber security reporter today here at the information spacex has quite the deal with cursor the elon musk led company could buy cursor for 60 billion dollars to break it all down and also share more about their reporting on SpaceX's debt profile. I want to bring on deals reporter Valida Pau and Deputy Bureau Chief of Finance Corey Weinberg. Welcome to you both. It's great to have you here. Valida, I want to start with you. Walk us through this Cursor deal. So huge news yesterday about SpaceX agreeing to have an option to buy Cursor for $60 billion later this year, or they can pay a breakup fee to Cursor for $10 billion for the work they do together. cursor was just in talks to raise two billion dollars at a whopping 50 billion dollar valuations until this deal with elon musk yesterday so um the round is not going to happen anymore but then we still don't know when this acquisition would happen you know either it's before like after the ipo or how far away is um the deal will happen this also like adds a twist to elon musk's ipo pitch for spacex in june it was largely going to be based on like putting data center in space and about its fast-growing Starlink business. But now, with Cursor in the mix, in the formula, how Elon Musk will position SpaceX remains to be seen. But of course, Cursor generates billions of revenues from developers, and that is a market that XAI has struggled to keep up with its Grok products. Corey, did this surprise you? I mean, this is another deal under the SpaceX umbrella. What does it tell us about XAI's business? Of course, that surprised me just in terms of you don't really see an M&A announcement like this, even though it isn't a finalized deal yet. You don't see an M&A announcement like this on the eve of the largest IPO in history in a business line that is, let's just say, adjacent to SpaceX's core, not exactly in the core. So it was shocking. To me, it illustrated just this key point that I keep hearing over and over again from folks that are watching this IPO very closely, which is this is going to be in large part an AI pitch. We talk so much about Starlink and the satellite internet that SpaceX has. We talk about its dominance in launching rockets. Elon is going to be making this about AI. Well, and the other thing, Corey, that I've been thinking about is, look, XAI, we have heard rumblings. Well, Elon has come out and said, look, we didn't build XAI right the first time. We are rebuilding it. We've talked a little bit on this show about how coding is one of the most ripe markets for AI companies to actually make money. I mean, it sort of seems to suggest to us, Corey, that XAI's coding endeavors were not going very well at all. No, I mean, nothing really with XAI has been going all that well. And they have a ton of hardware, a ton of chips. They have these huge data centers. they have the infrastructure in place to be a real force in AI. But you have to do the computer science well. You have to build the models correctly. You have to have the right people in place. And I definitely think that's one read on this deal that I've heard from sources in the past. What's it been? Not, you know, maybe 12 hours, 15 hours since this deal was announced. is that you really have a situation where you had XAI needing to sort of find a great reason and a great business partner for all the compute that they have. And Cursor needs compute. It's building its own coding model. It's trying to wean itself off of OpenAI and Anthropic, which poses a ton of strategic risk for them. And XAI also needs a nice story to go with the SpaceX IPO. Okay so Valida I want to move to a story that you and Corey broke yesterday You had some details about SpaceX debt profile ahead of the IPO What did we learn there So new numbers from SpaceX IPO documents is showing us the impact of how Elon Musk is merging its companies together to its debt So SpaceX increased its debt low by nearly two-thirds last year to about $23 billion at the end of 2025, and that's up from $14 billion the year prior. and much of the debt was like tied to a lease deal they struck with like valor equity that you know to rent out like ai chips for xai and spaces recorded that as like a 4.5 billion of debt on its balance sheets and valita do we have any idea how investors will feel about this debt well i thought it's pretty um they are expecting that like you know to build these ai businesses like you need to take on like you know lots of capital investments and like debt to fund these so i feel like that won't affect his like credit ratings um most likely but then they also share with investors like you know in recent weeks that like you know by going public they will have a full range of like you know debt and equity financing solutions and that could help you know fund future investment so but like some investors down in the south meeting with the SpaceX right now was kind of like surprised about how, you know, how much debt it took on. And then like, you know, now with the cursor deal and like XAI deals, you know, how much cash it will burn like in the futures are like, you know, big questions for investors. Corey, are you hearing anything about what investors are thinking about this? And also, you know, there was a detail that I wanted to ask you about in the story about how the CFO is being compensated. That was kind of interesting. Walk us through those angles. Yeah, the real finance and accounting nerds will love this little Easter egg, which really just illustrates the situation that SpaceX is in now, going from this company that had this very profitable sort of internet business, satellite internet business in Starlink, and a pretty breakeven to profitable business in rocket launch. And previously, the SpaceX board had compensated their CFO, Brett Johnson, based on the gold star metric of any CFO, which is free cash flow. You know, that is the everyone would agree that the purest sort of measure of profitability or maybe not everyone because it's, you know, it's finance and people debate things all the time. But, you know, free cash flow, we know that's so pure. And that's how the board is going to compensate Brett Johnson based on hitting those metrics. And recently it changed the metric that he is shooting for to adjusted EBITDA, which of course takes out any sort of accounting measure for capital expenditures through depreciation or interest payments on the debt. So to me that just sort of showed this pivot that SpaceX has been in in terms of what are its finance leaders actually incentivized to reach. so so to put it more simply cory so is the cfo now being more compensated towards how they pay down the debt or profitability it's sort of forgiving it it's forgiving uh him and forgiving the company uh for uh taking on a more capital intensive approach to running the business okay so it's it's saying you can issue the debt if you want it's fine we won't knock you for it essentially. That's the way of the way. I mean, every company building AI models has taken on a ton of debt. The difference in SpaceX is, you know, unlike sort of the other publicly traded companies, you know, like Meta, like Microsoft, like, you know, I mean, Apple has a type of debt. I mean, these companies also have a ton of cash flow. SpaceX does not. It has a bunch of cash from raising outside money, but it doesn't actually generate cash every year. And that's sort of a wrinkle on sort of its sort of financial story that I think investors should at least be paying attention to. Right. Okay, Valida, I want to come back to you very quickly. So So the other story, another story that you and Corey wrote together is one about the banks that are leading the SpaceX IPO, or rather, I should say, the banks that are vying to lead the SpaceX IPO. There's a bit of a rivalry. This was our dealmaker newsletter. Tell us, Valita, who is in the mix and what are the dynamics playing out here? So Morgan Stanley and Goldman Sachs are always the two lead banks on leading tech IPOs. and Morgan Stanley has been considered as like the favorite to win a top banking job on this deal largely because you know the bank helped Elon Musk buy Twitter in 2021 and they lend a lot of money to Twitter to Musk. One of his closest bankers Michael Grimes has just came back to the bank recently after a job in the government. A sign pointing to Morgan Stanley's lead in this job is that they organized they were leading a syndicate meetings with all the banks involved earlier this month however you know Goldman Sachs which is another kind of dominant Wall Street banks is still in the flow and they're working heavily on the IPOs like with Morgan Stanley bankers but their relations less firm after they were presented Twitter during the sale to Elon Musk but both are still in talks for like a lucrative job for overseeing the early hours of the trading for the IPO so like it shows that like the banks are still angling to get a top job but there's also the possibility where like you know space it could rank the banks just alphabetically so bank of america could be on the first the first name and more instantly the last corey you've been covering ipos for a while here so walk us through the broader story here it could i mean spacex is the biggest ipo obviously that we've seen ever right it is it is am i correct there okay okay all right Well, you know, they still need to set the actual offering amount. Okay, fine. Yeah. All right. So. By at least two and a half times if they raise $5 billion. Okay. So, I mean, could the order in which the banks are listed, could that have an implication on then who could lead future IPOs for OpenAI and Anthropic? Or is this really just, does it end up being a case-by-case basis? it it matters a lot to the people who watch these things closely which is you know people in the tech uh investment banking world but if you really have like you know uh some pretty significant upside and downside scenarios for the banks if the IPO goes poorly and it is a complicated deal, not just because it's Elon Musk at the helm, but raising this much money, issuing this much stock, dealing with all the shares that are going to flow in and out of this company, it's going to ripple across the market. It's going to have huge ramifications. And if it goes poorly, and none of us could sit here today and say how exactly that's going to happen or whether that's going to happen. That's going to be a huge black mark and people are going to be pointing their fingers at each other. If it goes well, it's going to be the bragging right, at least for the next year or so. We led this deal or we were a lead on this deal and we pulled off the biggest, greatest IPO in history. There's a wide range of possibilities here and I'm sure the banks will be well compensated regardless. Well, time will tell. Thank you very much, both of you coming on. That is Valita Pau, our deals reporter, and Corey Weinberg, our Deputy Bureau Chief of Finance here on TITV. One of the biggest AI stories of the past few weeks have been all of the high-flying startups that have seen security breaches or mishaps. Among them are Mercor and Vercel. This has been one of the risks of AI that we have talked a lot about on the show, the idea that agents and vibe coding and other elements of AI could make it easier for hackers to break into systems. I want to turn it over to my colleague, Anita Ramaswamy, for a conversation with Nitsen Ziv, founder and CEO of Aux Security, about that topic. Anita, over to you. Nitsen, so great to have you on the show. Thanks for joining us today. Same here. Pleasure being here. So we have a lot to talk about, and let's dive right in. We have had a lot of high-profile data breaches, security mishaps, if you will, at a number of startups over the last month or so. We had Purcell, we had Mercor, there was a little bit of an incident that was lovable. And then the latest one is this whole controversy around Mythos and how Anthropic is investigating them for a potential breach. What do all these things have in common? Well, first of all, I think that most of them, if you think about what's the potential damages, Those are companies that are being targeted by external sources or have contractors working for them that have access to all of our lives. Think about it, for example, if Mythos is actually being not just stolen, but somebody has a way to influence the weights. And then this is being used in government or the biggest 20 companies that actually got access to this. It can trickle down to Apple from there to each one of our phones. So think about the implications of this. Now, when you think about what's common, first of all, high profile. Those are breaches that require a lot of resources. If you look on the sophistication level, it requires a lot of attention to the details and ability to do many hops. The second, most of them are classic software supply chain where you're able to inject yourself to one place, get to another place, get to the third place. And with that, just go down the flow to the mess like we had in SolarWinds or Log4J. So it's all about being able to control everything. And remember, most of those companies grew so rapidly over the past years that they didn't have the time to prepare all of this. They're building it as they go. And that's like one of these strains on our industry right now. So Nitsun, you recently released the results of the study that you guys did at Ox that suggested that the underlying cybersecurity risks at these different companies is actually growing because of AI. What were some of your key findings and takeaways? I mean, I guess if you could just walk us through who you surveyed, how you did it, and what you found. So we've surveyed about 250 of our customers. And what we found over there that over the past year, we had almost 4x more critical findings than any other years. Usually you see year over year an increase just in noise level. The amount of critical findings kind of side the same, but you get more noise. What's a critical finding, just to break it down for people without the background? Yeah, absolutely right. So a critical finding says it's not just a noise. It's something that somebody, an attacker, can actually do a major damage to your organization. It can break in. It can steal data. It can manipulate data. It can take your source control. Or in other cases, it can actually change your source control and just push it to everybody else downstream from your usage. What this actually means is that this year we have seen an increase of four times versus any other year. Year over year, it's usually growing very steady. This year, code became one of the most important things to protect internally for companies, open source. And that's a huge, huge difference. What sorts of companies did you find in this study to be most at risk? Was it startups? Was it enterprises? And were there any particular industries or sectors that you felt, you know, showed higher levels of threats? So just like we started talking about the high flying, the more asset the company has, the more interesting it is for a threat actor. So insurance companies, for example, definitely were on the top of the list. Banking, then financial services, and then going surprisingly enough to gaming companies, just because they hold a lot of real money inside of their system. And we're seeing it go to automotive and other industries as well. So I can't say that there is an industry that doesn't get any exposure, but definitely the more exposure you have, the more assets that you have, the more you are a likely target for such a threat. And of course, threat actors know about it and act upon this. So, Nitsen, I want to go back to Anthropic for a second here. You also published some findings last week about a vulnerability in Anthropic MCP protocol Can you tell us a little more about that and whether it relates to what we seeing go on with this mythos story So it goes hand in hand because what we published is that Anthropic and basically a lot of others, what they're doing is that they're allowing their models to communicate with your MCP, with your computer, with your services, using a protocol called MCP, but they're not verifying the authenticity of this protocol. So if a threat actor, for example, knows what it means and can mimic this, they can actually fool your AI to use external sources, do things on your behalf where nobody else knows about. And when we are talking with them and saying, hey, this is by design, we're not taking accountability on actually fixing this. This is going to be something that the industry needs to fix. And this is a package with over 150 million downloads. And this is right now spread over 150 million people out there trying to do the best guidance that they can for securing this. I'm sure we're going to see the implication of this decision down the road. Dietzen, I'm wondering, you know, as we look at the cybersecurity landscape and sort of survey the different players there, a lot of these large cyber firms, such as, let's say, CrowdStrike, Palo Alto Networks, etc., say that they offer solutions to help secure these vibe-coded apps and help companies with their security in this AI era. But obviously that's also, you know, sort of Aux Security's main focus. What do you think that the incumbents are missing here that you guys are providing? I think that, first of all, the market is expanding so fast. So if you look on what security companies designed as the roadmap last year, most of it is no longer relevant this year. So if you think about the speed the frontier models are progressing in, doing two announcements per week on new features, new products, and so on, it doesn't mean that security companies can actually defend that fast. So most of the designs and most of the acquisitions that you've seen by the bigger firms are not necessarily going to directly cover those assets. Those are fighting companies or assets or threats from last year. This is an ever going, I would say, combat. And in this combat, agility is key. And you constantly need to keep up with the pace and evolve. And this is what we're seeing right now. The speed that new things are coming into the market and forcing companies to react is simply overwhelming at this point. One last question for you. We've seen AI sort of increase the number of breaches, but also help stem some of the breaches. Do you think that the existing cybersecurity software providers are going to be made redundant by AI because AI is helping work on these threats? So I don't think we're getting there that fast. Meaning the declaration that at some point frontier models will replace developers, from what we're seeing and we're a company that made this transformation to become a genetic development, it still requires a lot of guidance, a lot of design, a lot of detail to where you want to go. So it's not that transformation is going to happen in a minute. It will take a few years. And the job itself of developers is going to change. One thing that really changes part of the fundamentals is that up until now, developers were accountable for security inside the code. Now that they don't even see the code anymore, it's one of those assumptions that simply changed. And if they can't see the code, how can they be accountable for their security? So we need to restart the thinking process about the model of accountability for security and developers. And we're just storming into this new era because of speed, and we're going to pay for it down the road. But hey, speed is a lot right now. So definitely worth the risk in some places. Thank you so much for joining us, Nitsan. I'm going to toss this back to Akash in New York. okay core weave has been a big winner this year with shares up roughly 50 the information senior finance editor ken brown wrote a column about the company this week looking at opportunities and risks for the company i want to bring him on or talk all about it ken welcome back to the show it's great to have you here hi gosh i was waiting for the core weave column and here it is we have it. It's in front of us. Shares are up 50%. Why are they up 50% this year? Wait, first of all, they're up 55% this month. Forget the year. Oh, okay. So it has been a bonkers month for CoreWeb. Why are they up so much? They're up so much because business is good. They've signed a bunch of contracts, a bigger contract with Meta, one with Anthropic, and one with a Wall Street trading firm called Jane Street. and they've raised a ton of debt, which allows them to go and build all the stuff they're promising to build. So let's talk about the debt here. Why is it such a favorite in the bond market right now? So there's a couple of things. One is Corvary was there at the right time, right place, right time. They're offering this stuff. I mean, the backdrop is demand for AI computing power is bonkers right now because the models are working. People are buying them. They're generating revenue. and everyone needs more computing power, and Corey's in a good position to offer it. The bond market likes them because they have customers, and they have high-quality customers, and they have been delivering, and they've gotten bigger than most of these startup cloud providers, the other neo-clouds, as they call them. They're nowhere near the size of the big giants like AWS and such, But they're sort of a league of their own, really, in between. But they've gotten big. And so people like that. And I think I may have skipped a step earlier, but they've issued all this debt. And the debt has been well received by bond investors, right? Yeah. I mean, they were going to issue a certain amount. And they bumped that up by a billion. And they sold that. And then the next week, they sold another billion. It is, you know, they really, investors have really dived in. I mean, you know, one of the things that's happened is when you're a bond investor, right, the goal of your life is to get paid back, right? You're lending money and you want to get paid back. And so you tend to lend to companies that generate cash, which are going to pay back the bonds. When you're a company like CoreWeaves, it's not generating cash because they're spending so much on their AI development. then, you know, it's a risky thing for bond investors. So what's happened is these big companies, like when they had this big, they added $21 billion to their deal with Meta. Well, so CoreWeave may not be generating cash, but Meta generates a gazillion dollars in cash. And so the bond investors are looking through this. And that's one of the reasons CoreWeave can raise the money. So one of the big questions that you raise in the column or the points you raise is that this all hinges on demand for compute and the extent to which it continues to grow the way these companies hope it will. What evidence do we, I mean, you mentioned the big deal. So maybe the question is not so much what evidence we have for or against the demand continuing and more about what the ripple effects could be if they don't. How interconnected is this story? Well, it's very interconnected. I mean, so the demand is huge. We're seeing the revenue growth and Anthropic and OpenAI. We're seeing all these other companies like Meta pouring money in. We're seeing, you know, businesses adopting AI. So it's been in the last, you know, month, two months, a real growth market. The problem is, you know, when you have stocks that go up and down, when there's volatile stocks, okay, the stock market can deal with that. The bond market, like I said before, bond investors, you know, they really just want to get paid back and make a little bit of yield, right? And so when the bond market, if the bonds don't get paid back and the bond market goes into a bit of a freak out, which is kind of what happened late last year. They got a little nervous because there was so much debt coming out. The bond market goes into a freak out. What happens is they don't lend. And so if they don't lend, that really ripples through the economy, right? Because lending is the lifeblood of an economy. And so if the bond market is nervous, they don't lend. And so it's just a much more worrisome thing from an economic standpoint. Now, so far, so good. There are no defaults. Everyone's paying things back. But that is the risk. So in other words, if I'm hearing you correctly, the way this could end up affecting other parts of the economy is if the demand is not what people think. And if the bond investors don't get paid back from these huge issuances that they've bought into, then that could cause a broader freeze possibly in the credit markets, which is then sort of how this could get into a bigger story. Right. So, you know, financial crises tend to start in the bond market more than the stock market. I mean, they do both, but bond market is just a much more important market for the economy. And so that's the worry here. And, you know, the bond market has financed all kinds. You know, the high yield market, the junk bond market is $1.5 trillion. And that's where a lot of this debt is going. And so it's not like this thing is new and untested. There's been a lot of risky companies that have come through and sometimes it's not worked out, but a lot of times it has. And the people who are doing the investing are very aware of this. So, you know, we'll see. But they are all making a bet and they are all in on this growth in AI. And right, they're ahead of the revenue that it's going to generate to pay back these bonds, which is what it is. But, you know, you look at the growth, you know, particularly Anthropic, you know, it is nuts. The other thing is, right, these companies are probably going to have IPOs in the next, you know, we're going to see XAI going along with SpaceX, but that's a whole nother reason why the bond market gets excited. Well, and this was an interesting point you raised in the column was that, you know, on the upside here where there is enough demand and where these companies do see the growth sustain well into the future. I think if I understand your column correctly, you were basically suggesting Corweave could set a bit of a precedent almost for bond investors to look more favorably upon tech companies or maybe open up that sector as a whole. Is that right? You know, as long as they can continue to deliver, right? They've done a good job. They've told the bond market what it wants to hear. And so, yes, it's opened up a lot of avenues for other fundraising and, you know, which is kind of good because the demand is there, but also kind of bad because like, you know, for every well-run core weave, there's going to be some dodgier player who might get funding that wouldn't have gotten it otherwise. So, you know, that's sort of how these things play out when you're in a boom period. Even the bond market can get a little euphoric. You know, as boring as it may be, it can get a little ahead of itself. And so last question for you, Ken, as you think about the questions that you have looking ahead for this story, what you're watching for. One way to think about it is we've got the quarterly earnings. that will give us some view into how demand is fluctuating. I wonder if there are other hallmarks you might look for, any particular types of deals. Just walk us through what we should be watching for. Well, I would look for, like I was just saying, I would look for deals with unproven companies, right? It's one thing to go with Corweave, which, you know, is still risky, but is legit. You start to see weird deals. You start to see people taking more risk. That's a sign. And then the other thing you start to see is a pullback, right? So the customers for AI are saying, okay, we're pausing. We don't have enough. We have enough for now. There's some problems and we're taking a pause. And then the other thing is the investment slows down. So Meta, Alphabet, Microsoft slow down their investing. And that's another thing that would be a red flag. We're not going to see defaults. We're not going to see things go bad for a while because these things were just issued. But, you know, you might start to see like signs that, OK, maybe the future is not as rosy as everyone thinks. Right. In other words, just any kind of deceleration might be a red flag in itself. Right, right. Because we're in a boom right now. And so, yeah, booms have to keep booming. If they don't, then, yeah, people start to worry. Great. Well, Ken, I want to thank you for coming on. That is Ken Brown, our senior finance editor here at The Information. That does it for today's show. A reminder, we are on this stream Monday through Friday at 10 a.m. Pacific, 1 p.m. Eastern. If you can't make it then, episodes are available on theinformation.com, our YouTube channel, or wherever you get your podcasts. Make sure to follow us on social media on X, Instagram, and TikTok. I'm already excited for our next show tomorrow. Have a great rest of your Wednesday. Bye-bye for now.