For a decade, enterprise software was bought by the seat: a fixed monthly fee per user, predictable to the cent. Generative AI broke that model. Modern coding assistants and agents charge by the “token” — roughly a fragment of a word — consumed by each prompt, each reasoning step, each tool call. The more an engineer uses the system, the more it costs. A single agentic workflow can chew through tens of thousands of tokens to answer what feels like one question. “Tokenmaxxing” is the new shorthand: a culture in which staff race to consume more tokens as a badge of being AI-native. The result is that AI spend behaves less like a software licence and more like an electricity bill in a heatwave — variable, surprising, and increasingly the business of the CFO.

On the last day of April, at the Sentro Filipino Cultural Center in San Francisco, Uber’s Chief Technology Officer Praveen Neppalli Naga took the StrictlyVC stage opposite TechCrunch editor Connie Loizos. The room expected an Uber-at-scale talk. What it got, three minutes in, was a confession. Uber’s 5,000 engineers had run through the company’s entire 2026 AI coding budget by April. Four months. “We blew through our budget,” Naga said, describing the moment shortly after Uber opened the door to agentic coding tools late last year. Adoption of Claude Code inside engineering had jumped from 32% to 84% of the workforce in a single quarter. Power users were spending $500 to $2,000 a month on tokens; Naga himself, by his own account, burned roughly $1,200 in a two-hour demo. Not by accident: Uber had stopped throttling. Two weeks later, ServiceNow’s Chief Information Officer Kellie Romack told reporters her company had done the same thing. The pattern, she said, was “a really hard problem.” The headlines that followed wrote themselves — the canaries in the AI coal mine were singing in chorus. By the time Azeem Azhar’s Exponential View ran its May 18 dispatch under the headline “The cost of tokenmaxxing,” the term had escaped the engineering Slack channels of San Francisco and entered the boardroom vocabulary. What is unusual is not that engineers want more AI. It is the shape of the bill. The average enterprise AI invoice in the United States has grown from roughly $63,000 a month in 2024 to $85,500 in 2025 — a 36% jump in twelve months, according to CloudZero’s State of AI Costs benchmark. The share of organisations planning to spend more than $100,000 a month on AI tools more than doubled from 20% to 45% in the same window. For comparison, the average enterprise AI bill is now larger than the entire annual cloud bill at a typical German Mittelstand firm five years ago. The line item that did not exist in 2022 is now competing for budget with data centres, salaries and physical security. More remarkable still is who is showing up to the meeting. “It is frustrating that I have no idea what we’re going to spend on AI this quarter,” one Fortune 500 CFO told the analyst Ed Zitron earlier this year. “My business units have no forecast of what they are going to use.” The finance organisation, accustomed to negotiating per-seat SaaS contracts in three-year cycles, now finds itself trying to govern an input that behaves like jet fuel — priced daily, burned unevenly, and central to whatever the engineers do next. The CFO is the new gatekeeper of AI.

Start with the variance. CloudZero’s benchmark of large US enterprises puts the median monthly AI bill at $85,521 in 2025, up 36% year over year. But the median hides the tail. A survey by Benchmarkit and Mavvrik, cited in CIO Magazine, found that 85% of organisations misestimate their AI costs by more than 10%, and nearly a quarter are off by 50% or more. Boards have noticed: more than four in five CIOs and CTOs say their directors are now actively questioning the AI line. 71% of leaders told the same survey they plan to raise AI investment in 2026 even as scrutiny tightens — a contradiction the CFO has been handed to resolve. The Uber case study makes the mechanics visible. Per-engineer AI spend at Uber averages $150–$250 a month. Heavy users — the so-called tokenmaxxers — sit between $500 and $2,000. Multiply by 5,000 engineers and even the lower band lands at $9 million a year for one tool; the upper band runs past $100 million. Uber’s engineering chief reports that internal AI agents now author one in nine production-ready code changes, up from less than one percent a few months earlier. The productivity story is real. So is the invoice. The spend curve also breaks the old SaaS economics on both sides. Anthropic, OpenAI and Google have cut headline per-token prices by roughly 80% from 2025 to 2026, according to cross-provider pricing data compiled by Finout and CloudZero. Caching can shave 90% off repeat inputs; batch processing knocks another 50% off. Yet aggregate enterprise spend keeps rising. The reason is Jevons’ paradox in real time: cheaper tokens unlock heavier workflows — agentic chains, sub-agents, tool use — that consume 10 to 40 times more tokens per user interaction than a single prompt did in 2024. Anthropic has restructured enterprise billing accordingly, replacing its old Premium and Standard tiers with role-based pricing ($20 per seat for Claude Code, $10 for Claude.ai) and quietly eliminating the 10–15% volume discounts large customers relied on. The DACH picture is sharper than many in Berlin or Munich would like. The April 2026 Bitkom KI-Studie found that 33% of German companies running AI in production are over their original business case — a rate Digital Chiefs called the moment when “the back-of-the-envelope math from the pilot phase stops holding up.” Forty-one percent of surveyed firms have AI in productive use; nineteen percent already cite AI as justification for headcount reductions. The Bitkom authors warn that 2026 will be remembered either as the year DACH boards built real AI governance, or as the year the first management boards were dismissed for letting AI spend run unsupervised. China is no exception. Domestic labs that boast a structural cost advantage — cheaper inference, open weights, leaner architectures — are nonetheless reporting double-digit monthly growth in token consumption from their enterprise customers, according to Exponential View’s May 2026 compute-crunch dispatch. The conclusion is the same on both sides of the Pacific: efficiency gains are being recycled into more usage, not lower bills.

The strategic implication for senior leaders is straightforward, if uncomfortable. AI is no longer an IT cost centre; it is closer to a raw material, and a volatile one. That has three operating consequences. First, the CFO must move upstream. The traditional pattern — IT procures, finance audits later — is incompatible with a variable-cost input that can swing by an order of magnitude in a quarter. The FinOps Foundation’s 2026 framework now lists “maximising the value of tokens” as a first-class capability alongside cloud cost management, and 90% of FinOps practitioners are being asked to extend their remit to SaaS and AI. Second, business units — not central IT — should own their token budgets. The Exponential View thesis, articulated by Azhar in March, is that treating tokens as an IT line item is the organisational error of the moment: “They are a productive input, as fundamental to knowledge work as electricity or office space.” Engineering, marketing and customer service should each carry their own meter. Third, governance must shift from gatekeeping to telemetry. Per-team dashboards, per-workflow attribution and hard alerts beat quarterly committee reviews. The catch: most enterprises lack the instrumentation to do any of this today. Uber and ServiceNow are the canaries because they are large, public and instrumented enough to notice. The Mittelstand is unlikely to notice until the invoice arrives. The second-order question is contractual. Most existing AI vendor agreements were negotiated in 2024 against per-seat or low-volume API patterns; they do not contain the consumption caps, alert thresholds, or committed-use discounts that a serious FinOps team would now insist on. SAP procurement leaders inside DAX40 firms confirm informally that their AI cost lines are growing 8 to 15% month over month, faster than any other category in the IT plan, and that few of the underlying contracts even surface monthly burn against budget. A practical 2026 control set looks like this: token budgets owned by business unit, instrumented to dashboards refreshed daily; vendor contracts re-papered with rate cards, caps, and audit rights before the next renewal cycle; and a quarterly board-level review of AI unit economics, treated with the same seriousness as the cloud-cost review board most large enterprises stood up in 2018.

A “Skill” is the simplest thing that could possibly work. It is a folder on disk with one file inside called SKILL.md. The file has three parts: a name, a short description that begins with the words “Use when…”, and a markdown body of instructions. An AI agent reads the description, decides if the task fits, then loads the body and follows the steps. Optional extras—scripts, templates, reference docs—sit alongside the file and load only when needed. Anthropic shipped the format in October 2025. Within eight months every major coding and agent vendor adopted it, including OpenAI, Microsoft, Cursor, Vercel, Windsurf, Cognition and, this week, Lovable. Skills sit above protocols like MCP: they tell an agent how to think, not how to connect. For enterprises, they are the first portable, version-controllable unit of agent behaviour.

On a Sunday evening in Stockholm, Anton Osika posted a thirty-second screen recording to X. In the clip, a user typed “save that as a skill” into a Lovable chat. The app spun for two seconds, wrote a SKILL.md file, and tucked it into the user’s workspace. The next message invoked the new skill by name. “We shipped Skills to eight million builders today,” Osika, Lovable’s co-founder and chief executive, wrote. “Three ways in: type the words, import a GitHub repo, drag a ZIP. Standard credits cover execution. No revenue share, no marketplace tax.” The post would have been routine product theatre a year ago. It is now the closing chapter of a quiet standardisation race. In October 2025 Anthropic published the Agent Skills format, a deliberately under-engineered idea borrowed from the way humans organise knowledge: put the playbook in a folder, give it a name, write “Use when…” at the top. Within weeks Cursor, Windsurf and Cognition were reading the same files. In January 2026 Vercel launched skills.sh, a registry it pitched as “the npm for agents,” which now indexes more than 34,000 entries. Microsoft folded Skills into Visual Studio 2026 and Copilot Studio in April. OpenAI, after months of public ambivalence, shipped SKILL.md compatibility under the internal codename “Hazelnut” between February and April. Lovable was the last holdout among the consumer-facing AI builders. With its launch on May 17th, the count is eight vendors on one format in under twelve months. Skills are to agents what npm was to JavaScript, or what .gitignore was to source control: a primitive so cheap that resisting it costs more than adopting it. The format is a YAML header and a markdown body. There is no SDK, no compiler, no protocol handshake. A skill written for Claude Code on a Tuesday runs in Codex CLI on a Wednesday and Gemini CLI on a Thursday. That is the entire reason it spread. The pivot, for enterprises, is what this implies about lock-in. For two years the assumption was that every agent platform would build a moat from its tool ecosystem—custom GPTs, Copilot connectors, Claude integrations—that customers would not pay twice to rewrite. SKILL.md inverts the geometry. The expensive artefact, the codified workflow, is now portable. The model underneath is a commodity slot. Lovable’s announcement matters less for the eight million users it touches than for what it signals about the direction of value: away from the vendor and into the customer’s git repository.

The mechanical brilliance of Skills is something Anthropic’s engineers call progressive disclosure. An agent’s context window is a scarce resource. Loading every skill in a library at once would either blow the budget or degrade reasoning. So the format defines three tiers. Tier one is metadata—name and description, perhaps fifty tokens—always resident. Tier two is the SKILL.md body itself, loaded when the description matches the task. Tier three is everything in the folder beside it—reference docs, schemas, sample inputs—pulled in only when the body explicitly references them. The result is a library that can scale to thousands of skills without flooding the model. The second design choice is the separation from MCP. Anthropic’s Model Context Protocol, released in late 2024, handles the wiring: how an agent calls a Jira API, queries a Postgres database, or writes to S3. Skills handle the playbook: which Jira fields matter for this team’s bug triage, what schema this database uses for revenue, which S3 bucket holds the brand-approved logos. MCP is the nervous system. Skills are the muscle memory. The two compose: a skill can call MCP servers; an MCP server can ship reference skills alongside its tool definitions. For architecture leads at large consultancies, this is the cleanest separation of concerns the agent stack has produced. It maps onto familiar enterprise patterns: protocol layer, domain logic, asset library. Third, and most relevant for governance, Skills are just files. A skill lives in a git repository. It has a commit history, a code-owner, a pull-request workflow, a diff. A compliance officer can read it. A security scanner can lint it. A platform team can publish an internal registry that mirrors only approved skills, much as enterprises run internal npm or PyPI mirrors today. None of this requires a new tool category. JFrog, Sonatype and the existing artefact-management vendors have already announced SKILL.md scanning support; GitHub’s Dependabot now flags vulnerable skill references in the same flow as vulnerable packages. The contrast with the alternative is sharp. A year ago a workflow encoded in a Custom GPT lived in OpenAI’s servers, invisible to source control, ungovernable by enterprise IT, undeleteable on offboarding. A workflow encoded in a Microsoft Power Platform connector sat in a different black box with a different licensing surface. A SKILL.md file sits in the same repository as the application it serves, reviewed by the same engineers, governed by the same policies. That is not a small change. It is the difference between treating agent behaviour as shadow IT and treating it as code.

Lovable’s numbers are the clearest sign that Skills have crossed from developer plumbing into mass-market product. The Swedish company added $100m in revenue in February 2026 alone, taking annual recurring revenue to $400m. With 146 employees, that is $2.77m of ARR per head—roughly four times the SaaS benchmark Bessemer published last year, and ahead of the $2m-per-head bar Gartner projected for the next decade of unicorns. The platform now ships 200,000 new projects a day and has hosted 40 million in total. Most of those builders cannot read a YAML file, let alone write one. They invoke skills by typing slashes. The historical rhyme is with the mid-2000s web. WordPress did not become ubiquitous because it was the best CMS; it became ubiquitous because plugins were folders of PHP files that anyone could drop into wp-content. The technology was trivial. The distribution was everything. SKILL.md is following the same arc. The format is small enough that a non-technical Lovable user, an SAP consultant, and an Anthropic researcher can all author one. The portability is the product. For enterprises advising DAX40 clients, the practical takeaway is to start treating Skills as a first-class asset class, alongside data, code and prompts. Internal skill libraries—“price a German Mittelstand lease,” “draft a Betriebsrat-compliant memo,” “run a GDPR DPIA on a new vendor”—capture the institutional knowledge that today lives in PowerPoint decks and the heads of senior managers. They survive vendor switches. They survive model upgrades. They are, finally, the agentic deliverable that a Chief AI Officer can show a board. One practical implication deserves emphasis. A well-built skill captures both the institutional pattern and the regulatory guardrails — citation requirements, retention rules, escalation paths, redaction policies — in a form a junior employee can read and a senior auditor can sign off on. That is closer to a Verfahrensanweisung in German compliance practice than to a software feature, which is precisely why it travels well across vendors and outlasts model upgrades. Treating the skill library as a regulated asset, with code-owners, version control and a change-approval workflow, is the move that turns Skills from a developer-productivity convenience into a board-defensible governance layer.

Lovable is a Stockholm-based AI platform that lets people build working web applications by describing them in plain English. Its founder, Anton Osika, calls the practice “vibe coding” — a conversation with a model that returns running software, not a code editor for engineers. In February 2026 the company crossed $400 million in annualised revenue with 146 employees, three years after Osika open-sourced the prototype as a weekend project called GPT Engineer. Roughly half of paying accounts now sit inside enterprises, often arriving through a single marketer or product manager and spreading from there. For DAX40 leadership the relevance is structural: a European-headquartered tool is becoming the default way non-engineers ship internal apps, and it is doing so without an enterprise sales motion.

On a Tuesday morning in March, Anton Osika walked into Bloomberg’s television studio in a black T-shirt and told the interviewer that Lovable was “pacing five months ahead of our projections.” The line was delivered evenly, almost as an aside, but the underlying number was the headline: $400 million in annualised recurring revenue, reached in February 2026, with a headcount of 146. The company added $100 million of ARR in the previous month alone. There is no comparable curve in the history of European software. The arc itself is short. Lovable hit $100 million ARR in July 2025. It doubled to $200 million by November. In December, CapitalG and Menlo Ventures’ Anthology fund led a $330 million Series B at a $6.6 billion post-money valuation, with NVentures, Salesforce Ventures, Databricks Ventures, Accel and Creandum joining. Two months after that round, the platform had crossed $300 million in January and $400 million in February. Osika told reporters the company is now hunting acquisitions in the vibe-coding adjacencies it does not yet own. The pivot that matters for enterprise readers is not the revenue line but the audience. Lovable counts roughly eight million users on the platform — founders, marketers, finance analysts, operations managers, internal tool builders. Forty million projects have been generated lifetime; two hundred thousand new ones go up every day. More than half of Fortune 500 companies have at least one paying Lovable seat, according to Osika, although in most cases the company never sold them anything. The seats arrived because a product manager wanted a working prototype before the Monday review, or a marketer needed a landing page that the agency could not turn around in time. In May 2026 Lovable shipped Skills — workspace-scoped playbooks written as SKILL.md files, mirroring the format Anthropic released for Claude Code last autumn. A Skill is a short markdown document with a name, a “use when…” trigger, and a body of instructions. Lovable users invoke them by typing “/” or just asking. The same file runs unmodified in Cursor, Copilot, Windsurf and OpenAI Codex. There is no marketplace fee and no revenue share. The strategic point is that Skills move Lovable from a one-shot prototype generator to a place where a company’s house style, compliance checks and review playbooks live alongside the code — the connective tissue an IT function would normally insist on owning. The pivot for the CIO is unwelcome but obvious. By the time procurement is asked to evaluate Lovable against ServiceNow, OutSystems or Microsoft Power Platform, the platform has already been used to build a quarter’s worth of internal tooling under the radar. The decision is no longer whether to adopt Lovable. It is whether to formalise a shadow estate that is already running.

Revenue per employee is the figure that has gone around Stockholm and Sand Hill Road in equal measure. $400 million ARR divided by 146 people gives $2.77 million per head. Slack at its 2019 direct listing booked roughly $400 million of revenue with about 1,500 employees — closer to $270,000 per head. Lovable is operating at roughly ten times that density, with a fraction of the GTM machine. Cursor, the closest American comparator, was last reported around $9 billion in valuation with a much larger engineering and infrastructure footprint; Replit closed 2025 near $265 million ARR. On the vibe-coding side of the market — the part addressed to non-engineers — Lovable is now the revenue leader by a margin. The shape of the curve is unusual. Lovable went from $0 to $100 million ARR faster than any software company on public record, according to Osika — ahead of OpenAI, Cursor and Wiz. It added another $100 million in the four months to November, another $100 million in two months, and another $100 million in a single month. The growth is concentrated in self-serve subscriptions: 8 million users, 200,000 new projects per day, an average revenue per user that has been climbing as the median customer moves from hobbyist to small-team to enterprise pilot. The unit cost picture is harder to read from the outside. Lovable runs on top of Anthropic’s Claude and other frontier models, which means a large share of marginal cost is variable inference paid to a third party. The company has not disclosed gross margin. The economics that matter for an investor are different from the ones that matter for a CIO: the investor cares whether $400 million of revenue at this density is durable in the face of a model-price war; the CIO cares whether Lovable can keep up SOC2, GDPR, EU AI Act conformity and ISO 27001 on a 146-person headcount. Three things deserve flagging. First, the platform’s defensibility is the open question, not its growth. Pieter Levels and other no-code veterans have argued for a decade that there is no moat in low-code app building; Ben Thompson has written about the structural difficulty of holding margin when the underlying model improves faster than the wrapper. Lovable’s answer is distribution — the eight million users — plus Skills as a stickiness layer, plus a network of templates and shared workspaces. Second, security is where the bear case lives. Veracode found that 45% of AI-generated code samples failed standard security tests; a separate developer survey reported 53% of teams discovered vulnerabilities in shipped AI-written code that had passed initial review. The default failure modes — SQL built by string concatenation, exposed API keys in client code, weak authorisation — are precisely the patterns DAX40 application security teams are paid to catch. Lovable has an enterprise tier with SSO and audit logs, but the platform is consumed by non-engineers who, by definition, cannot read the code they ship. Third, the European framing is doing real work. Sweden is in the EU. The Draghi report on European competitiveness recorded that the US produced 40 large foundation models last year, China 15, the EU just three. Against that backdrop a Stockholm-headquartered company at $400 million ARR is the closest thing the continent has to a generational software win since Spotify. Whether that translates into political shelter is a separate question — but the data residency, language, and jurisdictional case Lovable can make to a German DAX board is harder for Cursor or Bolt.new to match.

Fast16.sys is a Windows kernel driver, written around 2005, that researchers at SentinelOne’s SentinelLABS unit have just reverse-engineered. It does not steal data and it does not destroy machines. Instead, it silently rewrites the answers that engineering-simulation software gives back to the people running it. The malware sits inside programs that model how materials behave under extreme stress — the same programs used to design crash structures, jet-engine blades, dams, and, critically, the implosion mechanics of nuclear weapons. By patching a few floating-point instructions in memory, it makes a simulated component appear to pass a test it should have failed, or fail one it should have passed. The forensic finding matters to DAX industrials because the targeted tools — chiefly LS-DYNA and AUTODYN — sit deep inside German automotive, aerospace and energy R&D stacks. It is also the first item BSI inspectors will reference under NIS2.

Juan Andrés Guerrero-Saade and Vitaly Kamluk had been pulling on a thread inside the old Shadow Brokers dump — the 2016 leak of NSA tooling that has fed a decade of attribution work. Buried in the Territorial Dispute component was a string nobody had ever resolved: “fast16.” Tracking it back through period-appropriate malware corpora, the SentinelLABS team surfaced a kernel driver and an accompanying service binary, svcmgmt.exe, carrying an embedded Lua 5.0 virtual machine. The Lua handled propagation. The driver did the work. What the driver did is the part that should make every industrial CIO put down their coffee. Inside the binary, beneath the usual scaffolding of a code-injection routine, sat a standalone block of x87 floating-point unit instructions — a self-contained piece of precision arithmetic that had nothing to do with hijacking control flow. It was simply a small mathematical function, carefully written, sitting in a malware sample. The SentinelOne write-up describes it as “a larger and complex sequence of Floating Point Unit instructions dedicated to precision arithmetic and scaling values in internal arrays.” The malware was not stealing the calculation. It was performing its own calculation and substituting the result. The team built YARA rules from the most distinctive fragments and scanned a corpus of mid-2000s software. Fewer than ten binaries matched two or more patterns. None were operating systems. None were games. All were precision calculation tools in narrow specialist domains: civil engineering, computational physics, and physical-process simulation. The strongest overlaps were with LS-DYNA 970, the Chinese structural-engineering package PKPM, and MOHID, an open-source hydrodynamic modeling suite. Subsequent analysis — picked up by The Hacker News and Security.com — confirmed AUTODYN as a second primary target, and surfaced the most damning trigger: fast16 only fires when the simulated material density crosses 30 g/cm³, a threshold reachable only when uranium is compressed by an implosion lens. It is, in the most precise sense available, a nuclear-weapons-design sabotage tool. Jack Clark, writing in Import AI #457 on 18 May, called it an “AI Stuxnet” — not because it uses machine learning, but because, like the centrifuge attack that surfaced in 2010, it weaponises the gap between what an engineer sees on screen and what is physically true. Stuxnet lied to operators about rotor speed; fast16 lies to designers about whether their device will work at all. Readers of Liu Cixin will recognise the pattern: this is the Sophon problem, the adversary who corrupts the experimental substrate so that science itself returns the wrong answer. Except the substrate here is Ansys LS-DYNA, sold under licence to roughly every serious mechanical-engineering organisation on Earth. The narrative pivot is who that organisation list contains. LS-DYNA was cited in public reporting on Iran’s suspected violations of Section T of the JCPOA — the clause that bans dual-use simulation work relevant to nuclear-weapon development. It is also the standard crash-simulation environment at BMW, the standard implicit/explicit FEA tool inside MTU Aero Engines’ turbine-blade group, and a routine fixture in Airbus stress-analysis pipelines. Ansys ran its EMEA LS-DYNA user conference at BMW Welt in Munich seven months ago. A malware family that targets that exact tool, even one twenty years old, is no longer a historical curiosity. It is a template.

The chronology matters because it rewrites a piece of cyber-history that German industry has been working off for a decade. Stuxnet, discovered in June 2010, has been treated as the origin of state-sponsored industrial sabotage malware — the moment cyberweapons crossed from espionage into physical effect. The SentinelLABS analysis pushes that origin back at least five years. Components of fast16 carry compilation timestamps consistent with 2005. “Stuxnet 0.5,” the earliest known centrifuge attack code, dates to 2007. Fast16 is older, more specialised, and — in its design philosophy — arguably more sophisticated: it does not need to know anything about the physical hardware. It only needs to corrupt the simulation that justifies the hardware’s design. For DAX boards, three timeline pressures now collide. First, NIS2: Germany’s implementing law took effect on 6 December 2025 with no transition period, and the BSI’s registration portal opened on 6 January 2026. Roughly 29,500 entities are now in scope, up from 4,500 under the old KRITIS regime. Operators classified as “particularly important” face fines of up to €10 million or 2% of global turnover — the same exposure ceiling as GDPR. Supply-chain security and software-integrity controls are explicit obligations. A malware family that targets a single, named CAE vendor used across the German Mittelstand is precisely the threat model the law was written for. Second, the EU Cyber Resilience Act. The CRA’s reporting obligations for actively exploited vulnerabilities in commercial software begin biting in 2026, and CAE/CAD vendors — historically lightly regulated, often shipping legacy code paths — sit squarely inside scope. Ansys, Dassault Systèmes, Siemens Digital Industries, Altair: every one of them now has a regulatory clock running on simulation-product supply-chain disclosures. A retrospective vulnerability in LS-DYNA 970 is unlikely to be actioned, but the discovery of fast16 will almost certainly trigger BSI requests for vendor attestations covering modern releases. Third, geopolitics. The SentinelLABS write-up does not formally attribute fast16, and the researchers are careful about it; Antiy Labs, the Chinese vendor that issued a counter-analysis, framed the disclosure as a “psychological warfare” operation and questioned the chain of custody. That dispute is itself a useful tell. The strongest open-source inference — Shadow Brokers provenance, U.S. tooling conventions in the driver, the Iran-relevant trigger density — points to a Western intelligence service. But the operational lesson is independent of attribution: the technique works, the source code analogue is now in the public domain, and the next variant will not need to be twenty years old. The historical comparison most German CISOs will reach for is Stuxnet itself — the Siemens S7-300 PLCs at Natanz, the over-spun IR-1 centrifuges, the painstaking decade of forensic work by Ralph Langner and others to reconstruct what had been done to whom. Fast16 is the answer to a different question: what was the generation before? And the answer is that the generation before did not bother with the PLC. It went after the engineer’s screen.