Microsoft and OpenAI built the defining partnership of the modern AI era: Microsoft put in money and Azure compute, OpenAI built the models, and both sides agreed that Azure would be the only cloud allowed to sell those models. That arrangement is now over. Under a deal signed in late April and being detailed through May, OpenAI can sell its products on any cloud, including Amazon and Google. In return, Microsoft keeps a 27% stake in the new OpenAI Group PBC, holds a licence to OpenAI’s technology until 2032, and no longer has to argue about whether OpenAI has reached human-level AI. The cash flow between the two is simpler and capped. For enterprise buyers it means more vendors, more leverage, and more decisions.

On a Monday in late April, Satya Nadella and Sam Altman did something neither had managed for years: they stood on the same side of a press release and explained, in calm sentences, how they would untangle the most valuable corporate alliance in technology. The framing was deliberate. There was no breakup theatre, no leaked memos, no surprise board meeting in a Mexican hotel. Instead, OpenAI’s blog posted a note titled “The next phase of the Microsoft–OpenAI partnership,” and Microsoft’s investor relations team followed within minutes. The message: the old contract had outlived its usefulness, and the new one is built for a world where OpenAI is a public benefit corporation worth around $500 billion and Microsoft is the largest single buyer of its compute. The headline change is exclusivity. Since 2019, Azure had been the only cloud allowed to host OpenAI’s frontier models for outside customers. That clause is gone. OpenAI can now serve ChatGPT, the API, and future models from Amazon Web Services, Google Cloud, Oracle, or anyone else who can put GB300s on a floor. Microsoft, in exchange, gets a non-exclusive licence to OpenAI’s intellectual property — including model weights, research artefacts, and product code — that runs to a fixed date of 2032. Crucially, that licence no longer evaporates the moment OpenAI’s board declares it has built artificial general intelligence. The notorious “AGI clause,” which gave OpenAI the right to revoke Microsoft’s access if a panel of its own directors concluded the threshold had been crossed, has been retired. As Microsoft CTO Kevin Scott has put it for months, the company wanted “real agency at every layer of the stack” — and that is no longer compatible with a contractual self-destruct button. The second change is financial plumbing. OpenAI will continue to pay Microsoft a 20% share of its revenue, but only up to a total cap reported at $38 billion, and only through 2030. Microsoft’s reciprocal revenue share to OpenAI disappears. To grasp the scale: $38 billion is roughly Lufthansa’s annual group revenue, redirected from one private company to another over six years. Brad Smith, Microsoft’s vice chair, framed the package in interviews as “the right deal for the next phase,” noting that Microsoft’s original $13 billion investment has, by Azeem Azhar’s reckoning in Exponential View #574, already generated north of $30 billion in Azure revenue, with OpenAI itself plough­ing back roughly $23 billion as Azure’s single largest AI customer — accounting for up to 60% of Azure’s AI revenue line at peak. The scene-setter for all this was Nadella’s testimony two weeks earlier in the Musk v. OpenAI trial in Oakland, where he described the November 2023 board crisis as “amateur city” and revealed Microsoft had quietly costed a $25 billion plan to absorb Altman and most of OpenAI’s staff if the company collapsed. “I don’t want to be IBM and OpenAI to be Microsoft,” Nadella told colleagues at the time. The new contract is the answer to that fear, written down.

The economics of the old deal had become awkward in three directions at once. OpenAI’s compute bill was vertical: leaked documents reviewed by Ed Zitron and others put OpenAI’s first-half 2025 Azure inference spend at $5.0 billion, rising to $8.7 billion cumulative by September. Microsoft’s Copilot costs, meanwhile, more than doubled from January 2026 as customers shifted onto reasoning models. And OpenAI’s investors — SoftBank, the sovereign funds in the Stargate vehicle, and a long queue of secondaries — wanted the company free to sign cloud deals wherever capacity was cheapest. The pre-existing structure, with its AGI trigger, its capped-profit waterfall, and its single-cloud lock-in, was actively destroying value for both sides. The new architecture replaces those frictions with a cleaner stack. OpenAI Group PBC, the public benefit corporation that emerged from the October 2025 recapitalisation, is governed by the OpenAI Foundation. Microsoft owns 27% of the PBC, a stake valued at roughly $135 billion when last marked. The IP licence is a fixed-term right, not a perpetual claim; the revenue share is a cap, not an open meter; the cloud relationship is preferred, not exclusive. In return, OpenAI has committed to spend a further reported $250 billion on Azure capacity over the term of the agreement — a soft floor that protects Microsoft’s data centre buildout even as AWS and Google enter the picture. The historical comparison that makes the scale tangible: Microsoft’s cumulative committed AI capex for 2026 alone is now larger than the entire annual GDP of Hungary. OpenAI’s 1.9 gigawatts of contracted compute, at roughly $53 billion per year, is more electricity than the city of Hamburg consumes. These are not software economics. They are utility economics, and they are being negotiated by companies that, five years ago, sold seat licences. More remarkable still is what the deal does not do. It does not give Microsoft preferential pricing on OpenAI’s next-generation models. It does not bind OpenAI to use Azure for training the successor to GPT-5.1. And it does not resolve the open question of who owns the research outputs once OpenAI’s own definition of AGI is, as the new contract states, “verified by an independent expert panel” rather than declared unilaterally by its board. That panel does not yet exist. Its composition will be one of the most quietly important governance fights of the next eighteen months. Ben Thompson, writing in Stratechery, called the restructure “the moment Microsoft stopped pretending OpenAI was a subsidiary and started treating it as a supplier.” That framing matters: suppliers can be replaced, dual-sourced, and squeezed. Subsidiaries cannot.

Not everyone reads the deal as a win. Ed Zitron, the most consistent skeptic of the AI economy, points out that the cap on OpenAI’s revenue share is only meaningful if OpenAI actually generates that revenue — and that the unit economics still imply an annual net loss in the low-twenty-billions for 2026. Gary Marcus, more architectural in his critique, argues that locking Microsoft into a 2032 IP licence assumes the underlying transformer paradigm will still be the frontier in six years, an assumption he calls “a bet on the absence of a better idea.” Even sympathetic analysts at the FT’s Lex column have noted that Microsoft’s accounting gain on the 27% stake — booked at fair value — is the kind of mark that can reverse violently if OpenAI’s next funding round prints below $500 billion. The deal cleans up the contract; it does not clean up the bet.

Anthropic, the maker of the Claude AI model, has built a complete software bundle for law firms. Inside Claude, a lawyer can now reach legal research databases from Thomson Reuters (Westlaw and Practical Law), the legal AI tool Harvey, the document store Box, the litigation platform Everlaw, and the e-signature service DocuSign. On top of that sit twelve ready-made workflows for areas like M&A, employment, privacy and litigation. Each one is built to produce what Anthropic calls a review packet: a draft answer with its sources attached, a list of what the model could not verify, and a clear stop sign for the human lawyer. It is the first time a frontier AI lab has shipped a full vertical product, not just a chatbot.

On a Tuesday morning in mid-May, David Wong, chief product officer at Thomson Reuters, stood in front of a room of in-house counsel in New York and described a workflow he had wanted for fifteen years. A junior lawyer types a question into Claude. Claude, sensing it is a legal question, reaches through a new pipe into CoCounsel Legal, which in turn searches across 1.9 billion Westlaw and Practical Law documents and the 1.4 billion validity signals stored in KeyCite. The answer comes back with a patent-pending citation ledger — every sentence traceable back to a primary source in a single click. “We are building CoCounsel Legal to be the fiduciary-grade system at the centre of how legal work gets done,” Wong said. “Today’s integration with Claude is an example of how those connections will continue to grow.” Behind him, Anthropic’s chief product officer Mike Krieger walked through the second half of the announcement. Claude for Legal is not a single product but a stack. Twenty-plus connectors — built on Model Context Protocol, the open standard Anthropic shipped in late 2024 — wire Claude into the software that law firms already run: Ironclad, iManage, NetDocuments, Definely, Relativity, Everlaw, Consilio, Box, Datasite, DocuSign, and Harvey itself. Layered on top are twelve practice plugins covering Commercial, Corporate (with M&A diligence and closing checklists), Employment, Privacy, Product, Regulatory, AI Governance, IP and Litigation work. Each plugin starts with a setup interview that learns a team’s playbooks, escalation paths, risk tolerance and house style. The pivot came when Krieger described what the plugins actually output. Not a chat answer. A review packet. Every deliverable arrives with four mandatory sections: the source support behind each claim, the key findings the lawyer should read first, the missing context the model could not resolve, and the human stopping points where a partner must sign off before anything is filed. Citations that come through a research connector are tagged with the source; citations from model knowledge alone are flagged “[verify]”; if no research tool is connected, a reviewer note records that sources were not verified. Harvey chief executive Winston Weinberg, watching from the front row, called the move validation of a thesis his firm had bet on since 2022 — that legal would be the first knowledge profession remade by AI. Allen & Overy, now A&O Shearman, has been a Harvey customer since the start. PwC, which announced an expanded alliance with Anthropic earlier this year, is a flagship Claude account.

The technical choice that matters is the use of MCP for the Thomson Reuters integration. Until now, every legal AI vendor — Lexis+ AI, Westlaw’s own AI-Assisted Research, Harvey, vLex’s Vincent — has been a closed loop: the vendor controls the model, the retrieval layer, the user interface and the audit trail. MCP breaks that loop apart. Thomson Reuters publishes a connector; Anthropic publishes a model; the law firm chooses how to compose them. The same pattern is replicated for Harvey, Box, Everlaw and DocuSign. A firm can deploy the stack in two ways: install it as a Claude Cowork or Claude Code plugin and let lawyers self-serve, or deploy it through the Claude Managed Agents API behind the firm’s own workflow engine, with the firm’s identity provider, its retention policies and its audit pipeline wrapped around it. This is the first serious enterprise vertical built around what Anthropic internally calls reviewable work product. To understand why that matters, a historical comparison helps. When Bloomberg launched the Terminal in 1981, it did not win because its prices were better than Reuters’. It won because every number on the screen carried a provenance — a timestamp, an exchange, a source — so a trader could be fired or promoted based on the trail. Legal AI has, until now, behaved more like the early consumer web: an answer appears, and the user is expected to trust the box. The Stanford RegLab study that landed last year was the first public evidence of how badly that assumption broke. Researchers led by Daniel Ho found that Lexis+ AI answered 65 percent of queries accurately and that Westlaw’s AI-Assisted Research, despite marketing claims of being “hallucination-free,” hallucinated on roughly one in three queries. Both vendors had advertised retrieval-augmented generation as the cure. It was not. The review-packet design is Anthropic’s answer to that crisis. Source support is not a footnote; it is a structural requirement of the output. Missing context is not buried; it is a heading. The human stopping point is not an asterisk; it is a gate. If this template holds, expect Anthropic to replicate it in finance (review packets for credit memos and pitch books), healthcare (packets for differential diagnosis and prior authorisation), and tax. The legal stack is the prototype. Krieger has been explicit that vertical stacks, not horizontal chat, are the company’s enterprise wedge. Pricing for the standalone Claude plans starts at twenty dollars a month for Pro and twenty-five per user for Team; the Westlaw connector requires a CoCounsel Legal subscription, which for mid-size firms runs into six figures annually. The economic question for general counsel is no longer build versus buy. It is whether the citation ledger justifies the Thomson Reuters premium when the reasoning layer is already a Claude commodity.

Not everyone is convinced. Cognitive scientist Gary Marcus, who has spent two years cataloguing legal hallucinations in real court filings, argues that the structural design of review packets does nothing to fix the underlying problem: a model that confidently misreads a holding will produce a confidently mis-cited packet. The Stanford RegLab team has echoed that view in follow-up commentary — even RAG systems make subtle errors of mischaracterisation that are harder to catch than fake citations, because the case is real and the quote sounds right. Above the Law, covering the launch under the headline “Hate to Say We Told You So,” noted that Fortune’s reporting on the same day documented fresh hallucinated citations turning up in U.S. federal filings, even from firms using premium legal AI tools. The lawyers, not the vendors, are still the ones being sanctioned. Competitors are positioning hard. LexisNexis has spent the past quarter pitching Lexis+ AI as the only legal AI with end-to-end provenance under one roof, arguing that a multi-vendor MCP stack multiplies the points of failure rather than reducing them. vLex’s Vincent has leaned on its international coverage as a hedge against U.S.-centric tools. Genie AI, the U.K. challenger, is courting mid-market firms with a flat-fee model that undercuts both Westlaw and Harvey. And inside Big Law itself, the procurement question has shifted from “which tool do we buy” to “which foundation model do we want under everything,” a contest that Anthropic, OpenAI and Google are all now waging through partner ecosystems rather than direct sales.

Google has rebranded its phone AI as Gemini Intelligence and is wiring it directly into Android rather than shipping it as another app. The pitch is agentic: the system can read what is on the screen, jump between apps, build a shopping cart, draft a reply, or book a class on the user’s behalf. It ships first on Pixel and Samsung Galaxy this summer, then expands to Wear OS watches, Android Auto, smart glasses and the new Googlebook laptops. For enterprise buyers, the change is structural, not cosmetic. The AI is no longer a vendor choice inside an app store; it is a property of the device itself. That collides with mobile device management policies, BYOD contracts, and the open EU Digital Markets Act file on Google’s Android assistant integration.

On the evening of 12 May, Sameer Samat, President of Google’s Android Ecosystem, stood in front of a stripped-down stage at the Android Show: I/O Edition and made a sentence that will be quoted back at him for the rest of the year. Android, he said, is “transitioning from an operating system to an intelligence system.” The phrase landed as a deliberate provocation aimed at Cupertino, where Apple Intelligence is still missing the personalised Siri features promised at WWDC 2024. The substance behind the line is a renamed and rearchitected stack called Gemini Intelligence. Five capabilities anchored the demo: cross-app automation that can photograph a flyer and book the event in Expedia; Magic Cue, a context-aware suggestion layer; Rambler, which cleans up dictated voice; an upgraded Autofill; and Create My Widget, a prompt-to-widget generator. Underneath sits a new Android 17 routing layer that Google is calling Edge-to-Cloud: developers write a single inference call, and the framework decides whether the request runs on the Tensor or Snapdragon NPU, on Google’s Private AI Compute, or on a full cloud Gemini endpoint, based on latency, model complexity and connectivity. The rollout is staged. Gemini Intelligence lands first on the Pixel 10 generation and Samsung’s current Galaxy flagships this summer as part of Android 17 and One UI 9, then expands to watches, cars, Android XR glasses and the freshly teased Googlebook laptops later in 2026. Google’s framing is that the phone is no longer the only AI surface; it is the anchor of a personal compute mesh that follows the user across form factors. The pivot worth noticing is who pays attention to that mesh. For consumers, this is a Siri-vs-Gemini story. For a DAX40 CIO running fifty thousand managed Android handsets through Intune or Workspace ONE, it is the first time an AI agent has been promoted from app to platform. Samat used the phrase “the human is always in the loop” and stressed that Gemini will return to the user before completing a transaction, but the architectural fact remains: an OS-level agent can see across containers in a way a sandboxed app cannot. ComputerBase noted that Google is leaning hard on Private Compute Core, Private AI Compute and a Protected KVM to isolate the agent, and that automated flows run in a dedicated process to blunt prompt-injection attacks. That security narrative exists because Google knows European procurement teams will read the threat model line by line. The launch did not happen in a vacuum. Two days later, on 14 May, OpenAI pushed Codex into the ChatGPT mobile app on iOS and Android, turning the phone into a remote control for coding agents. Anthropic has been threading Claude into enterprise tooling on a parallel cadence. The substrate is moving.

To see why the rebrand matters, look at where the inference actually runs. Android 17 formalises on-device inference APIs around Gemini Nano variants that sit on the Tensor G6 in Pixel and the latest Exynos and Snapdragon silicon in Galaxy. For heavier reasoning, requests are routed to Private AI Compute, a Google-operated trusted execution environment that the company positions as a confidential-computing equivalent for AI, and from there to the full hosted Gemini 3.x family. The framework decides. The developer does not. That single design choice is the enterprise story. Until now, a German mobile fleet manager could draw a clean line: business data lives in the work profile, the assistant lives in a sandbox, and the firm chooses which AI vendor sees what. Once Gemini Intelligence is a system service that can read on-screen content and act across apps, the work-profile boundary becomes a policy question rather than a hard wall. Google has published controls aimed at this exact concern, including Android Enterprise toggles to restrict cross-app actions, audit logs for agentic transactions, and the Private Compute Core attestations that MDM consoles can read. Whether those controls will satisfy a Sparkasse compliance officer is a separate question. A useful comparison to make the number tangible: when BlackBerry Enterprise Server lost its grip on German corporate fleets between 2012 and 2015, the switching cost to managed Android and iOS ran into the low single-digit billions of euros across the DAX. The OS-level AI shift is the first comparable rearchitecture of the mobile management stack since then, and it arrives with a regulator already mid-investigation. The European Commission opened DMA specification proceedings against Google’s Gemini-Android integration on 27 January 2026, and its binding decision is expected on 27 July. Penalties run up to ten percent of global annual turnover. For procurement, three concrete questions emerge in the next ninety days. First, can the Gemini Intelligence agent be disabled inside the work profile while remaining available in the personal profile on a BYOD device, and is that toggle exposed to Intune, Workspace ONE and Sophos Mobile by the time Android 17 ships? Second, where does Private AI Compute physically execute requests originating from EU devices, and is there a Vertex-grade data-residency commitment for EU-west regions? On that point, Datastudios reports that Gemini 3.x models are still not generally available in EU regions on Vertex AI, with only Gemini 2.5 Pro and 2.0 Flash hosted in europe-west4. Third, how does the consent chain work when an agent acts on behalf of an employee inside a third-party SaaS that has its own data-processing agreement? Deutsche Telekom’s MagentaBusiness mobile portfolio and SAP’s mobile front-ends are the first integration points to watch on the DACH side. Neither has publicly committed to a Gemini Intelligence story yet. Carriers that bundle managed devices will be asked to answer the residency question before their customers do.

Three years ago, when an employee pasted text into ChatGPT, it was mostly a meeting agenda or a draft email. Today, roughly one in three of those pastes contains something the company would not want on a US server: a client list, a salary table, M&A draft language, source code, a board memo. The change happened quietly, inside browser tabs, on private accounts, on phones. Vendors call it ‘shadow AI.’ Regulators in Berlin and Brussels increasingly call it a GDPR incident waiting to be reported. For a DAX40 CISO, the question is no longer ‘do we trust the model?’ but ‘do we know what our 80,000 employees are typing into it?’ Banning the tools simply pushes the traffic to private devices the company cannot see at all.

A CISO at a Frankfurt-listed insurer described the moment to colleagues this way: a Monday-morning dashboard, a routine browser-telemetry pull, and 14,000 employees flagged for pasting into chatgpt.com over the previous week. Eighty-two percent of those sessions ran through private Google logins, not the corporate SSO. A spot sample of 200 prompts pulled by the data-loss-prevention team contained, among other items, the underwriting model for a mid-cap energy client, two paragraphs from a draft Vorstand presentation, and a list of broker commissions with names attached. None of it was malicious. All of it would, on a strict reading of GDPR Article 32, qualify as a personal-data processing event in a third country with no documented legal basis. The number that pushed this from background noise to boardroom item came from Oliver Korzen, a security researcher cited on the ‘This Week in AI’ podcast on 15 May 2026: sensitive corporate data now accounts for roughly 35% of what employees paste into generative-AI tools, up from around 10% two years earlier. The underlying telemetry traces back to a cluster of enterprise-browser and DLP vendors, LayerX, Cyberhaven and Harmonic Security among them, who instrument the browser and watch what actually leaves the laptop. LayerX’s 2025 enterprise report logged that 77% of employees paste into GenAI prompts and that 82% of those pastes happen through unmanaged accounts. Cyberhaven’s 2026 AI Adoption and Risk Report put the sensitive share of pasted corporate data at 27.4%, up from 10.7% a year earlier. Harmonic Security, working from 22.4 million prompts across six AI apps, found that 87% of sensitive-data incidents occurred via the free tier of ChatGPT and that ChatGPT alone accounted for 71% of all observed exposures. The numbers disagree at the decimal level. They agree on the shape: the curve is bending up, fast, and it is bending up almost entirely in the unmanaged, consumer-tier channel that the IT department does not own. A useful historical comparison: in the 2013-2015 wave of consumer-cloud storage adoption, Dropbox at one point processed more enterprise data than any sanctioned file-share at the median Fortune 500. The fix was not banning Dropbox. It was Box-for-Enterprise, Office 365, and a generation of CASB tools that made the sanctioned channel as frictionless as the shadow one. The same pivot is now playing out for GenAI, on a compressed timeline and against a far stricter regulatory floor. In Germany the floor is concrete. A works-council vote, a BaFin onsite, a DSK guidance note, an EU AI Act Article 4 audit, any of them can land on a CISO’s desk in the same quarter. And unlike a Dropbox leak, the prompted text may have already been used to fine-tune somebody else’s model. That is the asymmetry the new numbers expose.

Four overlapping rule sets now bear on the question of what an employee may type into an AI chatbot from a company laptop. None of them was written with shadow AI in mind. All of them already apply. The first is the GDPR, unchanged since 2018 but newly sharp-edged. Pasting a customer email into a US-hosted consumer chatbot is a transfer of personal data to a third country. Since the 2023 EU-US Data Privacy Framework it can be lawful, but only if the receiving company is on the DPF list and the data was collected on a documented legal basis. A personal ChatGPT account, logged in via a private Gmail, satisfies neither test. NOYB, Max Schrems’ Vienna-based group, has filed multiple complaints against OpenAI over inaccurate personal data in model outputs and is openly preparing what observers already call ‘Schrems III,’ a structural challenge to the DPF itself. If that case lands the way the previous two did, every enterprise reliance on US-hosted AI processing of EU personal data goes back into legal limbo. The second is the EU AI Act, whose Article 4 has been in force since 2 February 2025. It is short and easy to underestimate: every provider and deployer of an AI system must ensure ‘a sufficient level of AI literacy’ among staff and contractors who use the system on their behalf. The Commission’s own Q&A makes clear that this includes deployers of general-purpose systems such as ChatGPT or Copilot. Enforcement bites from 3 August 2026; civil-liability exposure for harm caused by an inadequately trained user is already live. A company that has neither a written AI-use policy nor evidence of staff training is, on the face of it, out of compliance today. The third is BaFin’s evolving guidance for German-regulated financial firms. MaRisk AT 9 governs IT outsourcing; the 2018 BAIT circular and the 2024 ‘Guidance on ICT risks when using AI’ explicitly require that the cloud-outsourcing notice be applied when AI services are deployed. In practice that means a documented risk analysis, a service-provider agreement with audit and exit rights, and Board-level sign-off, none of which exists when an employee opens a private ChatGPT tab. The fourth is the German Works Constitution Act. Under section 87(1)(6) BetrVG, the Betriebsrat has full co-determination over technical systems suitable for monitoring employee behaviour, and the labour-law commentary is now near-unanimous that ChatGPT Enterprise, Copilot and Gemini for Workspace fall within scope. A 2026 Bundesarbeitsgericht line of reasoning has tightened that further: the moment the employer provides a corporate AI seat, a works agreement is required. The perverse consequence is that the legally easiest path is often to do nothing, leave employees on private accounts, and inherit the GDPR exposure instead. The Bitkom 2026 study captures the result: only 26% of German companies provide sanctioned GenAI access; 23% have written rules; the rest are running on hope.

The commercial answer to shadow AI is the enterprise tier, and the price gap from the consumer product is narrower than most procurement decks assume. ChatGPT Enterprise is negotiated, typically $60 to $100 per seat per month at meaningful volume, with no training on customer data by default, SOC 2 Type II, ISO 27001 and 27701, custom data-retention windows and SAML SSO. Anthropic’s Claude Enterprise, launched September 2024, offers the same no-training commitment plus SCIM provisioning and audit logs. Gemini for Workspace folds AI into existing Google contracts with the customer-data confidentiality clauses of Workspace itself. None of these tiers is a perfect privacy shield, the fine print on security and abuse monitoring is real, but each one closes the single largest hole: the prompts no longer flow into a personal account whose terms of service include training rights. The operational fix on top of the contract is a sensitivity-tier strip-out at the browser layer, the kind of inline redaction sold by LayerX, Harmonic, Nightfall and Concentric. Combined with a published AI-use policy and a mandatory Article 4 training module, it converts the 35% number into a measurable, audited 35%, which is a fundamentally different conversation with a regulator than ‘we had no visibility.’ Abstinence is not on the menu: Bitkom’s data shows that wherever companies ban the tools without offering an alternative, private-account usage rises rather than falls.