STARTUPS
Anthropic Confidentially Files for What Could Be History's Largest IPO
Here's a number worth sitting with: Anthropic is currently valued at $65 billion after its latest funding round — and it still loses money. That hasn't stopped the AI lab from quietly filing IPO paperwork with the SEC, kicking off what could become one of the most consequential public market debuts in tech history.
The filing was announced in a characteristically low-key two-paragraph blog post. No fanfare, no valuation target, no timeline beyond the classic "we'll see how the market feels" hedge. That kind of restraint is unusual for a company that could, if things break right, rival SpaceX for the title of largest IPO ever. SpaceX is currently gunning for a $1.75 trillion valuation in a June debut, so the bar is high.
What makes this moment so interesting isn't just Anthropic's ambitions — it's the race taking shape around them. OpenAI is reportedly eyeing its own public offering as early as September. xAI filed its own paperwork in April. Suddenly, the AI sector is looking less like a private club for well-heeled venture capitalists and more like a sprint to capture public market capital before the window gets complicated.
And that capital is genuinely needed. Training frontier AI models isn't cheap. Anthropic's annualized revenue recently hit $47 billion — a staggering figure for a company that didn't exist four years ago — but it's still spending more than it brings in on cloud infrastructure and headcount. Going public would give Anthropic access to a fresh pool of funding without the constraints that come with private investors.
For Anthropic employees, the IPO represents something more personal. Some have already quietly sold shares on secondary markets, but a public listing is the moment when paper wealth becomes real money. We're potentially talking about hundreds of people in San Francisco suddenly becoming very liquid. That's not nothing — it tends to reshape neighborhoods, real estate markets, and restaurant reservation wait times.
Large external backers stand to benefit too. Amazon has made substantial bets on Anthropic, as has Skype co-founder Jaan Tallinn, who was among the earliest believers.
But there are genuine complications here. Anthropic is structured as a public benefit corporation, which means it operates under obligations that go beyond maximizing shareholder returns. It also answers in part to something called the Long-Term Benefit Trust — an internal governance body designed to keep the company accountable to its safety mission. That's admirable in principle, but investors tend to get nervous around non-standard corporate structures. Expect this to be a significant point of scrutiny during the roadshow.
Anthropics's Claude models, particularly Claude Code, have earned strong reviews in the developer community, which gives the company a credible story to tell Wall Street. Whether that story is compelling enough to justify a valuation that could dwarf most companies in existence is the question every investor will be asking when the prospectus eventually goes public.
Source: WIRED
SECURITY
Meta's Own AI Helped Hackers Steal Celebrity Instagram Accounts
For months, hackers were stealing and selling high-value Instagram accounts using nothing more than a VPN and a polite conversation with Meta's own AI chatbot. No sophisticated code. No zero-day exploit. Just words.
The vulnerability, which Meta patched on May 29, allowed attackers to walk through a shockingly simple process: use a VPN to roughly match the geographic location of the target account, initiate a password reset, and then ask Meta's AI support chatbot to swap the email address tied to the account. That's it. The chatbot — apparently operating with broad account-management permissions and very little skepticism — would comply.
Videos of the technique circulated openly in Telegram groups frequented by hackers and security researchers. According to reporting by 404 Media, the exploit had been active since at least February, meaning it was quietly running in the background for months before high-profile compromises forced it into public view. The Barack Obama White House account and a Space Force official's account were both briefly hijacked and used to post pro-Iranian content — the kind of incident that tends to accelerate emergency patching.
The accounts targeted weren't always famous ones. Hackers also went after handles with short, desirable usernames — the type that carry serious value on gray markets. The accounts @hey and @jowo were reportedly compromised, with a combined estimated resale value north of $1 million. Short handles are digital real estate, and a few days of ownership is apparently enough to make the scheme worthwhile through resale or brand impersonation.
Security researchers have a name for what happened here: the confused deputy problem. It's a classic vulnerability where a program with elevated privileges gets tricked into acting on behalf of someone who shouldn't have those privileges. The twist in this case is that the "program" was a large language model — one that, unlike traditional software, doesn't operate on hard rules. It makes probabilistic judgments based on how a request is framed. And it turns out you can nudge those judgments with the right words.
That's a fundamentally different threat surface than what security teams are used to dealing with. Traditional access control bypasses require code. This one required a convincing sentence.
The good news, if you can call it that, is the exploit had a simple countermeasure that actually worked: multi-factor authentication. Every account that had MFA enabled reportedly stopped the attack cold. Hackers confirmed this themselves. It's a reminder that the oldest advice in consumer security — turn on two-factor authentication — remains stubbornly relevant even as the threat landscape gets stranger.
Meta has patched the vulnerability, but the episode raises a broader question the industry hasn't fully answered yet: when AI systems are given real permissions to take real actions, who's responsible for auditing what they'll actually do when someone asks nicely?
Source: Ars Technica
Enjoyed this?
Get stories like this delivered every Tuesday — free.