Ramp is a US corporate-card and spend-management company that has, in five years, grown from a fintech curiosity into a platform that watches how 70,000 companies spend their money. This week it raised $750 million from investors led by ICONIQ, GIC and Ontario Teachers, valuing the business at $44 billion — nearly triple its valuation a year ago. The interesting part is not the cheque. It is what Ramp is now selling: a way for CFOs to see, budget and cap what their teams spend on AI tokens — the per-request fees paid to OpenAI, Anthropic and others. In parallel, Ramp's own data on customer spending suggests that companies pouring the most revenue into AI are growing far faster than those that are not. The story is partly about a fintech round. It is mostly about a new line on the corporate income statement.

On a Thursday morning in early June, Ramp co-founder and CEO Eric Glyman published a blog post titled "The Third Pillar." In it, he made a claim that, two years ago, would have read as marketing: "For 500 years, business ran on two pillars of spend: people and vendors. In the last 24 months, a third arrived — intelligence, paid by the token and invisible to every system we've built to manage cost." That same day, Ramp announced a $750 million Series F at a $44 billion valuation. The round was led by ICONIQ, GIC and Ontario Teachers' Pension Plan, with Goldman Sachs Alternatives, D.E. Shaw, Morgan Stanley Investment Management, Generation Investment Management and Insight Partners joining. The valuation is up from roughly $32 billion seven months ago and from the $13–16 billion range Ramp carried in early 2025. Annualized revenue has crossed $1 billion. The company says it is free-cash-flow positive on more than $200 billion in annualized purchase volume. Customers include Visa, Uber, Shopify, Anduril and Figma. The scene matters because the product matters. Alongside the round, Ramp confirmed it is rolling out AI Token Spend Management to more than 7,000 enterprise customers. The tool pulls billing and usage data from OpenAI, Anthropic and gateways such as OpenRouter, then slices it by model, team, user and project — the way finance teams have long sliced AWS and Snowflake. Budgets, caps and anomaly alerts sit on top. Glyman's pitch to CFOs is that token spend should be its own general-ledger category, not a rounding error tucked inside "software." The valuation tells a second story. In a fundraising market still cautious about anything that smells like a bubble, Ramp's investors were willing to mark up a fintech roughly 3x in twelve months — but only one with an AI narrative wrapped around it. Not by accident: a year earlier, the same investors would have valued a comparable spend-management book at a fraction of this number. The premium is the AI layer, both as a product Ramp sells (agents inside procurement, expense, accounting) and as a category Ramp now claims to own on behalf of its customers. Azeem Azhar, writing in Exponential View #577 on Sunday, called the move "the FinOps wrapper coming for the AI stack" — a comparison to how the original cloud FinOps category, born around AWS in the late 2010s, eventually swallowed an industry. The historical echo is sharp: enterprise software spend itself only crystallised as a budget line in the late 1990s. AI tokens look like the 2026 equivalent.

Strip the press-release polish away and three numbers do the work. The first is Ramp's own customer-base growth: more than 100% year-over-year enterprise growth, with 3,200+ customers now spending at least $100,000 a year on the platform. The second is concentration: 7,000 enterprise customers are the ones Ramp will sell AI Token Spend Management to first — the segment large enough to have a real AI bill and a CFO who notices it. The third, and most interesting, sits inside Ramp's anonymized spending data. According to figures Ramp shared with investors and that Azhar reproduced in Exponential View #577, companies that spend the largest share of their revenue on AI grew revenue by roughly 12% over the last year; those spending the least saw growth close to zero. Azhar's framing: top-quartile AI spenders are growing revenue around five times faster than the wider economy, while bottom-quartile spenders are tracking the economy. Anthropic disclosed a complementary data point — code contributed per developer is now 8x higher this quarter than the 2024 average across customers using Claude Code at scale. Whatever you think of the causal direction, the correlation is no longer marginal. This is where it pays to be careful. The pattern echoes a 2020 AEA Papers and Proceedings study by James Bessen, Maarten Goos, Anna Salomons and Wiljan van den Berge on Dutch non-financial firms from 2000–2016. Automating firms grew sales and employment faster than non-automating ones — but, as Daron Acemoglu and co-authors noted in parallel work, the automators were already more productive before they automated. Selection, not just treatment, is doing real work. The Ramp dataset is almost certainly subject to the same bias: the companies wiring up Anthropic and OpenAI billing into a CFO-grade dashboard are not a random slice of the economy. They are disproportionately well-run, well-capitalised and software-native. Still, the macro picture has its own signal. Apollo chief economist Torsten Slok has been arguing for months that AI is fuelling a surge in new US business formation — Stripe and Census data both show new-business applications running well above pre-pandemic trend. Slok's view is that AI lowers the fixed cost of starting a company, and that the resulting churn — some firms growing, others displaced — is showing up in macro data before it shows up in headline employment. The Ramp picture and the Apollo picture rhyme: AI spend is correlating with growth at the firm level, and AI tooling is correlating with firm creation at the macro level. The catch is that both stories are about the top end of the distribution. The companies that cannot afford a token budget, or do not yet need one, are not in the dataset at all.

Every large company runs software it did not write and cannot fully read. Hidden in that code are bugs that attackers can use to steal data or shut services down. For two decades, finding those bugs has been the job of specialist vendors: CrowdStrike on the endpoint, Wiz in the cloud, Snyk and Veracode in the developer pipeline. In the last six weeks, the two largest AI labs have walked into that market. Anthropic has put Claude Security into public beta, a tool that reads a company's entire codebase and proposes patches. OpenAI has launched Daybreak, a parallel program built on GPT-5.5 and its Codex coding agent. Both promise to do the dull, expensive work of application security faster and cheaper than the incumbents. Boards will now be asked whether their next security dollar goes to a security company or to an AI lab.

On a Wednesday morning in San Francisco, Jason Clinton, Anthropic's chief information security officer, sat in front of a room of Fortune 500 security leaders and pulled up a live scan of an open-source repository. Within minutes, Claude Opus 4.7 flagged a memory-handling flaw that the company's existing scanners had walked past for three years. "We are giving defenders the same model the best offensive researchers in the world are using," Clinton told the room, according to two attendees. The product he was demonstrating, Claude Security, had just moved from a closed research preview to public beta for every Claude Enterprise customer. It runs on Opus 4.7, traces data flows across files, suggests patches for human review, and exports findings to Jira, Slack and existing audit pipelines. Hundreds of design partners had already used the preview to surface vulnerabilities their commercial tools missed. Twelve days later, OpenAI answered. In a blog post co-signed by head of security Matt Knight and chief information security officer Dane Stuckey, the company unveiled Daybreak, an umbrella program built around three tiers of GPT-5.5: a general-purpose model, a Trusted Access tier for authorized defensive work, and GPT-5.5-Cyber, a permissive variant tuned for red teaming. Daybreak's centerpiece is Codex Security, an agent that ingests a repository, builds an editable threat model, ranks attack paths by likely impact, and validates exploits in sandboxed environments before suggesting a fix. "The goal is simple: accelerate cyber defenders and continuously secure software," the OpenAI team wrote. Launch partners read like a who's who of the very industry the labs are now stepping into — Akamai, Cisco, Cloudflare, CrowdStrike, Fortinet, Oracle, Palo Alto Networks and Zscaler. Neither launch sits on its own. Anthropic's Project Glasswing, the research program that seeded Claude Security, expanded on 2 June to around 200 partner organizations across more than fifteen countries, including critical-infrastructure operators in the United States and Europe. Glasswing partners have together logged more than 10,000 high- or critical-severity flaws using an unreleased model called Claude Mythos Preview. The day before the expansion, Anthropic filed a confidential S-1 with the SEC, with reporters placing the listing window in October and a base-case valuation north of one trillion dollars. OpenAI is expected to file its own paperwork in September. Not by accident, both companies are now showing public-market investors a story that runs well beyond chat. The pitch is that frontier models are infrastructure for the regulated enterprise — and the first vertical they intend to own outright is security.

For two years, the consensus answer to "where does the value in generative AI end up?" was that labs would sell tokens, hyperscalers would sell compute, and application companies would sell workflows on top. Anthropic and OpenAI are now rejecting the third leg of that thesis in the category that pays best. Application security is a roughly seventy-billion-dollar market growing faster than corporate IT spend overall, and it has the rare property that the buyer — the CISO — is already accustomed to writing seven-figure cheques for a single tool. Selling Claude Security or Daybreak directly to that buyer captures margin that would otherwise accrue to Snyk, Veracode or GitHub Advanced Security, all three of which license model capacity from the same labs. The strategic logic is the cleanest case yet for what Ben Thompson has called the "compounding advantage" of frontier model ownership. Vulnerability discovery is a reasoning problem that scales almost linearly with model capability; whoever has the best model finds the most bugs. Anthropic's Glasswing data, showing that Mythos Preview surpasses skilled human researchers at exploit discovery, is the evidence the company will wave at IPO investors. OpenAI's answer — a tiered model family with explicit dual-use controls — is an attempt to neutralize the safety objection before regulators raise it. The first time a frontier lab has gone after a regulated enterprise vertical this directly was arguably AWS's 2017 push into managed security with GuardDuty, and the parallel is instructive: the hyperscaler did not kill the security industry, but it did permanently compress margins for anyone selling commodity detection. But the incumbents are not standing still. Snyk used RSAC 2026 to launch Agent Security, with a Studio integration that embeds directly into Claude Code and Cursor — a deliberate signal that it intends to ride the lab platforms rather than fight them. CrowdStrike, Palo Alto Networks and Wiz are simultaneously announced as Opus 4.7 integration partners and as Daybreak launch customers; they are hedging by hosting both labs inside their own consoles. Rubrik's Bipul Sinha told Axios that the cybersecurity market "as we know it is dead," and that only AI-native vendors will survive. The DACH angle sharpens the bet further. The EU Cyber Resilience Act's vulnerability-handling obligations take effect in stages through 2027, NIS2 transposition is finally biting across German Mittelstand suppliers, and BaFin has begun asking regulated financial institutions for evidence of "state-of-the-art" software-supply-chain controls. An AI tool that ingests a codebase, produces a documented threat model, and ships an audit trail to Jira is exactly the artefact a BSI auditor wants to see. Whether boards trust a model that can also write the exploit is the harder question — and the one that will decide whether Claude Security and Daybreak become line items or footnotes in the 2027 security budget.

The EU AI Act is the world's first horizontal AI law. It bans a small set of "unacceptable" uses outright, then puts heavier rules on "high-risk" systems listed in Annex III: hiring tools, credit scoring, biometric ID, education tech, law enforcement and critical infrastructure. Those high-risk rules were due to apply on 2 August 2026. They will not. On 7 May 2026, EU negotiators struck a provisional deal — the "Digital Omnibus on AI" — that pushes the Annex III deadline to 2 December 2027. Rules for AI inside regulated products (machinery, medical devices) slip to August 2028. A separate Code of Practice on labelling AI-generated content is being finalised this month, with enforcement of transparency obligations still landing in August 2026. Prohibited practices stay live, with fines up to EUR 35 million or 7% of global turnover.

Inside the Justus Lipsius building in Brussels late on 7 May, Henna Virkkunen, the Commission's Executive Vice-President for Tech Sovereignty, walked to the cameras with the look of someone who had spent the night doing arithmetic on calendars. "Our businesses and citizens want two things from AI rules," she told reporters. "They want to be able to innovate and feel safe. Today's agreement does both. With simpler and innovation-friendly rules, we make it easier to innovate without lowering the bar on safety." The phrasing was carefully chosen. The substance was a deferral. The provisional political agreement — branded "Omnibus VII" inside the Commission's simplification programme — moves the application date for stand-alone Annex III high-risk systems from 2 August 2026 to 2 December 2027. Annex I systems, those embedded in regulated products such as machinery and medical devices, slip to 2 August 2028. National AI regulatory sandboxes get an extension to 2 August 2027. The grace period for providers to mark AI-generated content was tightened, not loosened, from six months to three: that obligation now bites on 2 December 2026. A new prohibition on AI "nudifiers" and CSAM-generating systems was added. This is the first time a flagship EU digital file has formally slipped a headline deadline since the General Data Protection Regulation's de facto one-year enforcement grace in 2018. Unlike GDPR, where the slippage was tacit — regulators simply held fire — the Omnibus writes the delay into primary law. That distinction matters. Boards now have a hard, statutory new date to anchor compliance plans against, rather than a soft promise from Brussels. The pressure that produced it was not subtle. Through the spring, the Computer and Communications Industry Association — Apple, Meta, Amazon among its members — ran a coordinated campaign arguing the original timetable was incompatible with available harmonised standards. Microsoft and Google added their voices through separate position papers. Inside the Council, French and German officials backed the simplification logic openly. Reuters and Politico Europe reported that Chancellor Friedrich Merz personally lobbied the Commission and other capitals as negotiations narrowed. Not by accident, the deal also extends SME-style regulatory carve-outs to "small mid-caps," reinforces the AI Office's powers, and reduces governance fragmentation across the 27 national supervisors. Whether it lowers the substantive bar is the contested question. EDRi, the umbrella body for European digital rights groups, and over 120 civil society organisations have called the broader Digital Omnibus "the biggest rollback of digital rights in EU history," pointing in particular to the proposed deletion of the Article 49(2) registration requirement for self-classified non-high-risk systems. That deletion did not survive the final trilogue intact, but it survived in spirit: the deferral itself is, to the act's critics, the concession that matters.

The Omnibus is a course correction, not a U-turn, and the calendar around it is unusually crowded. To make sense of the next 18 months, executives need three dates in their heads. The first is 22 December 2025. On that day, Finland's President signed the national act giving Finnish market-surveillance authorities full AI Act enforcement powers, effective 1 January 2026. Finland thereby became the first member state with a working enforcement architecture, a decentralised model leaning on existing product-safety, transport and financial-services regulators rather than a single new agency. The Finnish Transport and Communications Agency, Traficom, is now operationally the EU's first active national AI enforcer. Other capitals are watching closely. The second is August 2026. Article 50 transparency duties — labelling deepfakes, machine-readable marking of synthetic media — still come into force then. The accompanying Code of Practice on marking and labelling of AI-generated content, drafted by independent experts and consulted with industry and civil society through workshops in January 2026, is expected to be finalised this month. The second draft, published earlier in the spring, was deliberately streamlined: more flexibility for signatories, an EU icon for labelling, and a steer towards open standards such as C2PA. For European consumer-facing businesses, this is the part of the regime that hits earliest. The third is 2 December 2027. That is the new Annex III date, and it sits awkwardly close to a German federal election cycle and the end of the current Commission's first major legislative tranche. Berlin's own Implementation Act — the KI-Marktüberwachungs- und Innovationsförderungs-Gesetz, or KI-MIG — was adopted as a Regierungsentwurf on 10 February 2026 and is winding through the Bundestag. The German model is hybrid: a central market-surveillance chamber reporting annually to the Bundestag, sectoral regulators retaining their roles, and the BfDI explicitly not designated as the lead AI authority, though it keeps responsibility for data-protection-relevant high-risk systems. The Bundesrat is expected to clear it in time for the original August 2026 cliff edge that no longer exists. For a Großkonzern, the practical reading is mixed. Compliance teams that geared up programmes for an August 2026 go-live now have 16 extra months for Annex III readiness, but the prohibited-practices regime — Article 5 — is already enforceable, with fines up to EUR 35 million or 7% of global annual turnover, the same ceiling as DSA's top tier and well above GDPR's 4%. Transparency obligations land on schedule. Finland is enforcing. The KI-MIG is moving. The Omnibus buys time on the most contested tier, not on the regime as a whole. The historical analogue worth keeping in mind is not GDPR's enforcement-light first year but the Markets in Crypto-Assets Regulation, where industry pressure secured staggered application without softening the underlying obligations. The political signal from 7 May was that Brussels can be moved on timing. The legal signal was that the substantive architecture — risk tiers, conformity assessments, fundamental-rights impact assessments — remains intact and still arrives, only later.

Flourish is a New York startup that wants to build artificial intelligence the way the brain actually works, not the way a 2017 research paper said neurons might work. The pitch is simple: today's large language models run on warehouses of chips that burn megawatts. The human brain runs on roughly 20 watts and still writes poetry. If you could copy the brain's wiring patterns — a field called connectomics — you might build a system that learns faster, forgets less and costs a fraction to run. Flourish has now raised $500 million from Jeff Bezos, Lux Capital and Google's venture arm to try. The money is a research bet, not a product launch. It also lands in a week when enterprise buyers are openly grumbling about token bills.

In a converted loft in SoHo, a few blocks from where he once led a team building neural wristbands for Meta, Thomas Reardon spent the spring quietly walking investors through slides that did not show a chatbot. They showed neurons. Reardon — the Microsoft engineer who built Internet Explorer in 1994, then earned a neuroscience PhD at Columbia, then sold the muscle-signal startup CTRL-labs to Meta for close to a billion dollars in 2019 — was raising money for his third act. By the time the round closed on June 4, Flourish had committed paper for $500 million at a $2.5 billion valuation. Bezos alone wrote a cheque that began at around $50 million and roughly doubled as other names piled in. Lux Capital and GV led the institutional side. Catalio Capital, a healthcare-focused fund, came in via the neuroscience door. "We are not trying to make a better language model," Reardon told one investor, according to a person briefed on the pitch. "We are trying to find the algorithm the cortex is already running." The company calls its system Cortex AI. Its stated target is an intelligence that runs on a 20-to-50-watt budget — the order of magnitude of a human brain, or a bright lightbulb. For reference, a single H100 GPU under load draws around 700 watts, and OpenAI's next training run is expected to consume the equivalent output of a mid-sized nuclear reactor. The round did not happen in a vacuum. Story 1 in this briefing covers the LLM token-cost squeeze that is now showing up in CIO budgets. Naveen Rao, the silicon veteran now at Databricks, has spent months arguing publicly that the field is hitting a watts wall, not an intelligence wall. Yann LeCun, Meta's chief AI scientist, has repeated for two years that autoregressive LLMs are "an off-ramp on the highway to AGI." Fei-Fei Li raised World Labs on a related thesis about spatial intelligence. Flourish is the loudest cheque yet on the same idea: that the transformer is not the final form. Not by accident, the comparison reaching for the ceiling on this round is DeepMind's 2014 Series B, the last time a single brain-adjacent research bet pulled in this kind of capital before any product. That bet ended with Google buying the company. The investors around Flourish's table are openly hoping for a similar shape of outcome, even as they concede the science is, in the kindest reading, unfinished.

What does "brain-inspired" actually mean in 2026, and why is it suddenly fundable? Three threads have braided together. The first is connectomics. Over the past five years, labs at Janelia, the Allen Institute and Princeton have published the first dense reconstructions of cubic millimetres of mammalian cortex — every neuron, every synapse, mapped. Reardon's wager is that the wiring motifs found in these maps encode learning rules that backpropagation does not. His pitch deck reportedly contrasts the cortical microcircuit, which is sparse, recurrent and event-driven, with the dense, feed-forward, clock-synchronous transformer. The second thread is hardware. Intel's Loihi 2, IBM's NorthPole, BrainChip's Akida and SynSense's Speck all implement variants of spiking neural networks — chips where computation happens only when a neuron "fires," not on every cycle. Power figures are real: Loihi 2 has demonstrated keyword-spotting at sub-milliwatt levels. The catch is that nobody has trained a frontier-scale model on a spiking substrate, and the software toolchains are roughly where CUDA was in 2009. Flourish's bet, as far as outsiders can tell, is to build the algorithm first on conventional silicon and design the chip second. The third thread is German, and worth a line for DACH readers. Heidelberg's BrainScaleS-2 system, the Jülich Forschungszentrum's NeuroAI group and the SpiNNaker-2 machine being commissioned at TU Dresden are arguably the densest concentration of neuromorphic research in Europe. None has spawned a comparably funded startup. Flourish's round will sharpen the question of whether that work stays academic or finally spins out. The sceptical case is harder to dismiss than the bullish narrative suggests. Demis Hassabis, who co-founded DeepMind on a self-described neuroscience-first thesis, has more recently argued that scaling transformers — not biological mimicry — produced the results that matter, and that the brain is an inspiration, not a blueprint. Ilya Sutskever, before founding Safe Superintelligence, made the same point bluntly: the next-token prediction objective is doing more work than people give it credit for. Gary Marcus, who has spent thirty years calling for structured, brain-like approaches, is himself careful to say that biological plausibility is not a guarantee of capability — symbolic structure is what he wants, not spikes for their own sake. Flourish's quietly stated answer is that this is a research bet with a five-to-seven-year horizon and a balance sheet that can fund it. The transformer took six years from "Attention Is All You Need" to ChatGPT. The cortical algorithm, if there is one, may take longer. The $500 million is essentially a wager that the people in the room can find it before the money runs out.