Trust Nothing. Not Your Extensions. Not Your Enemies.
GitHub lost 3,800 internal repos to a poisoned VS Code extension. Anthropic is paying Elon Musk $1.25B a month to survive its own growth
The Weekly Byte | May 22, 2026
This week handed us two stories that, on the surface, couldn't look more different. One is a wake-up call about how fragile the infrastructure that developers trust every day really is. The other is a $40 billion bet that the real power in AI isn't intelligence — it's electricity and GPUs. Both are about who controls the pipes. Welcome to The Weekly Byte.
🔥 Lead Story
GitHub Says Hackers Stole Data from Thousands of Internal Repositories
On May 20, GitHub confirmed that a hacking group named TeamPCP had exfiltrated data from over 3,800 internal code repositories. The entry point wasn't a zero-day exploit or a nation-state attack on the network perimeter. It was a poisoned VS Code extension installed on an employee's device.
TeamPCP is now selling the stolen data on a cybercrime forum with a starting ask of $50,000. GitHub's official statement says there is "no evidence of impact to customer information stored outside of GitHub's internal repositories," but the investigation is ongoing. That's important to hold onto.
Why it matters:
The real story here isn't that GitHub got hacked. Large, complex organizations with millions of moving parts get breached. The story is how. A developer tool, a VS Code extension, was the kill chain. Something that millions of developers install without scrutiny, auto-update silently, and never audit. The developer toolchain is the new perimeter, and most teams aren't treating it that way.
This is also not TeamPCP's first rodeo. They previously breached the European Commission, walking away with 90 gigabytes of sensitive data. They are persistent, targeted, and effective at exploiting the human layer of the stack.
Pile on top of this that Wiz researchers flagged CVE-2026-3854 just weeks ago (a critical RCE vulnerability that let any authenticated GitHub user execute arbitrary code on GitHub.com servers via a git push) and the picture gets uncomfortable fast.
What you should do today:
- Audit every VS Code extension across your team. Remove anything unverified, dormant, or from an unknown publisher.
- Rotate API keys, personal access tokens, and any secrets that touch GitHub infrastructure.
- If you store secrets in internal repos, even encrypted, treat them as potentially exposed until you know otherwise.
- Enable GitHub Advanced Security scanning if you haven't already. Now is the time.
📰 Top Stories
1. Anthropic Will Pay xAI $1.25 Billion Per Month for Compute
Anthropic has signed a deal to pay Elon Musk's xAI $1.25 billion per month for GPU compute, running through May 2029 (this is more revenue than xAI is generating itself). That's potentially $40+ billion in total revenue for xAI. The deal hands Anthropic access to the Colossus data center in Memphis: 300+ megawatts, over 220,000 Nvidia GPUs. The reason? Anthropic's usage grew 80-fold in a single quarter. CEO Dario Amodei called the growth "just crazy, too hard to handle." Rate caps were biting, pricing models were breaking, and there simply weren't enough chips. The kicker: Musk is actively suing OpenAI (Anthropic's primary competitor) while his companies now directly fuel Anthropic's ability to scale. Compute is infrastructure. Infrastructure doesn't have politics.
Why it matters: Musk has quietly positioned xAI and SpaceX as AI compute utilities. This deal validates that strategy at a scale no one had publicly acknowledged. The company controlling the chips controls the leverage, and $1.25B per month is proof that Frontier AI Labs will pay almost anything not to be bottlenecked on GPUs.
2. OpenAI Files Confidential S-1 Targeting $1 Trillion IPO
OpenAI is filing a confidential S-1 with the SEC as early as today, targeting a September 2026 public listing at an $852 billion to $1 trillion valuation. Anthropic is simultaneously targeting an October 2026 listing at $900 billion. Two of the most valuable private companies in history are going public within months of each other.
Why it matters: This is the AI industry's inflection point from venture-backed moonshot to public market accountability. Retail investors, institutional scrutiny, quarterly earnings pressure: the era of unconstrained "we'll figure out revenue later" is ending. Fast.
3. Andrej Karpathy Joins Anthropic to Use Claude to Build the Next Claude
The OpenAI founding member and former Tesla AI lead started this week on Anthropic's pre-training team (huge win for Anthropic team). His specific mandate: use Claude to accelerate the research that produces the next version of Claude.
Why it matters: Karpathy recently called current AI agents "slop." The fact he's now betting his time on Anthropic's pre-training work (and using the model itself in the loop) is a significant signal about where he thinks the next real capability gains will come from.
4. Anthropic Rolls Out Agent Sandboxes and MCP Tunnels at Code with Claude London
At its London event on May 21, Anthropic launched two infrastructure features: sandboxes that let enterprises run Claude agents on their own infrastructure, and MCP tunnels that allow those agents to reach internal systems without touching the public internet.
Why it matters: Anthropic isn't just selling model intelligence anymore. It's selling the control plane for agentic workloads inside the enterprise firewall. This is the infrastructure play, and it's a direct answer to every security and compliance objection that has slowed enterprise adoption.
5. White House AI Executive Order Postponed
The White House delayed its AI executive order that would have required AI companies to voluntarily share frontier models with the US government up to 90 days before public release.
Why it matters: With two major AI IPOs on the horizon and the Musk v. Altman trial still running, adding regulatory friction right now would have been explosive. The delay is politically calculated, but the underlying question of who gets early access to frontier models before public release isn't going away.
🛠️ Tool of the Week
RAMPART by Microsoft — Open-source Pytest-native framework for testing AI agent safety and security. Given this week's GitHub breach and the explosion of agentic deployments, having a structured adversarial testing framework for your AI workflows is no longer optional. RAMPART drops straight into your existing Python test suite.
💡 Quick Takes
- Microsoft disrupted Fox Tempest, a malware-signing-as-a-service operation that abused Microsoft's own Artifact Signing infrastructure to deliver malicious code and facilitate ransomware attacks.
- Anthropic is on track for its first quarterly operating profit in Q2 2026, projecting $10.9B in revenue, up 130% from $4.8B in Q1. The compute deal with xAI suggests they know exactly where that growth goes.
- AI-generated lookalike domains are now showing up embedded inside third-party scripts running on live websites, a new supply chain vector that most WAFs aren't flagging yet.
- CVE-2026-3854, the GitHub RCE flaw discovered by Wiz in late April, allowed any authenticated user to run arbitrary code on GitHub.com via a git push. Its relationship to the TeamPCP breach remains under investigation.
- Anthropic opened a London office, planting its flag in Europe's largest developer market as enterprise adoption of Claude Code accelerates.
📊 Numbers That Matter
| Metric | Value | Context |
|---|---|---|
| GitHub repos stolen | 3,800 | Internal repos exfiltrated by TeamPCP in the May 20 breach |
| Asking price for stolen data | $50,000 | Listed on cybercrime forum; investigation ongoing |
| Anthropic monthly compute bill | $1.25B | Paid to xAI; deal runs through May 2029 |
| Total xAI deal value | $40B+ | If Anthropic maintains full capacity through contract end |
| Anthropic Q1 usage growth | 80x | Annualised — the demand shock that triggered the xAI deal |
| OpenAI target IPO valuation | $852B–$1T | Confidential S-1 filing as early as May 22 |
🎯 Brian's Take
This week's two headline stories aren't separate. They're the same story from different angles.
GitHub's breach is a reminder that trust in developer tooling is largely inherited. We install, update, and run extensions without thinking because the productivity gains feel obvious and the risks feel abstract. That calculus just got a lot more expensive for a lot of organizations.
The Anthropic-xAI deal is a reminder that in the current AI arms race, the company with the most model intelligence doesn't win. The company that can keep the lights on while scaling does. Musk understood this before most. He's not selling AI ideology. He's selling kilowatts and GPUs to whoever needs them most. Right now, that's Anthropic.
Two weeks ago this deal would have been unthinkable. That's the pace we're operating at now. The pace is breakneck speed or die!
Keep shipping. 🚀
Brian @idomyowntricks
