BCDiancobcdianco / operator

— Writing · May 22, 2026

npm hit Claude Code's hooks. I/O changed everything else.

signalweekly-digestgoogle-iosecurityagentic-tools

The week's signal was dominated by Google I/O 2026 — Gemini 3.5 Flash, AI Mode at 1 billion monthly users, Workspace AI agents, and a 27-day clock running on Gemini CLI. But two quieter stories will shape operator decisions longer: a supply chain attack that specifically targeted Claude Code's SessionStart hooks by name, and Anthropic's first profitable quarter paired with a $1.25B/month compute bill that explains why API pricing isn't heading toward zero.

Models + launches

Google I/O 2026 dropped Gemini 3.5 Flash. [1] The new frontier speed model ships with parallel agentic execution loops, improved coding benchmarks, and multi-turn coherence — live now on Vercel AI Gateway and backing the AI Mode product that just crossed 1 billion monthly users. Google Workspace got the same treatment: native Gemini agents across Docs, Sheets, and Meet, plus conversational voice search in Gmail. Any SMB already paying for Workspace is getting production agentic capabilities on the same timeline as standalone AI tools that cost extra.

Three agentic coding models on one gateway. [2][3] Grok Build 0.1 — xAI's first dedicated agentic coding model, mandatory reasoning, no non-reasoning fallback — and Alibaba's Qwen 3.7 Max — built for long-horizon execution, multi-file engineering, and office workflow automation — both landed on Vercel AI Gateway this week. That puts three architecturally distinct agentic coding models (Claude Sonnet 4.6, Grok Build 0.1, Qwen 3.7 Max) in one gateway without separate API contracts.

flowchart LR
  D["Your agentic<br/>coding workflow"] --> A["Claude Sonnet 4.6<br/>(Anthropic)<br/>General agentic + coding"]
  D --> B["Grok Build 0.1<br/>(xAI)<br/>Mandatory reasoning<br/>No fallback mode"]
  D --> C["Qwen 3.7 Max<br/>(Alibaba)<br/>Long-horizon execution<br/>Multi-file + office workflows"]

The agentic coding market went from "Claude or Codex" to a three-way benchmark decision in a single week. Worth running your production task categories against all three before locking in contracts.

Tooling shifts

Gemini CLI is dead on June 18. [4] Google is discontinuing Gemini CLI and all individual-tier Code Assist IDE extensions — free, Pro, and GitHub-integrated. Migration target is Antigravity CLI. Enterprise Code Assist Standard and Enterprise licenses are unaffected. You have 27 days. Any dev team running AI coding workflows on the free or Pro tier needs a migration plan this week or their pipelines break mid-month.

SMB angles

Attackers found Claude Code's hooks — by name. [5] The Shai-Hulud threat actor's second npm supply chain wave hit 317 packages on May 19 — including size-sensor (4.2M downloads/month) and echarts-for-react (3.8M/month). The payload specifically hijacks Claude Code SessionStart hooks in .claude/settings.json and VS Code task configs to execute remote commands and exfiltrate AWS, Kubernetes, GitHub, and SSH credentials. This isn't a generic attack that happened to brush Claude Code. The attacker read the docs.

Shai-Hulud npm supply chain attack diagram showing the delivery mechanism from poisoned package to credential exfiltration Source: safedep.io — Mini Shai-Hulud Strikes Again: 314 npm Packages Compromised

The attack path is specific:

flowchart TD
  A["npm install\n(affected package)"] --> B{".claude/settings.json\nSessionStart hook present?"}
  B -->|"Yes — Claude Code in env"| C["Hijack SessionStart hook\nExecute 498KB Bun payload"]
  B -->|"No — VS Code only"| D["Hijack VS Code\ntask configs"]
  C --> E["Exfiltrate: AWS keys, K8s creds,\nGitHub tokens, SSH keys"]
  D --> E
  E --> F["Remote attacker endpoint"]
  style C fill:#cc3333,color:#fff
  style D fill:#cc3333,color:#fff
  style E fill:#cc3333,color:#fff

Three actions, do them today: audit .claude/settings.json for unexpected hooks, check lockfiles for packages published between 01:44–02:06 UTC on May 19, and rotate all CI/CD secrets.

Anthropic crossed into profit — with a $1.25B/month asterisk. [6][7] Anthropic projected $10.9B in Q2 2026 revenue and its first operating profit. The same week, SpaceX's S-1 SEC filing revealed Anthropic's compute contract with xAI's Colossus facility in Memphis: $1.25B/month through May 2029, totaling over $40B for one facility's 300MW of compute.

Anthropic's first profitable quarter and its $1.25B/month compute bill are the same story: the infrastructure layer of AI is settling into permanent expensive-normal.

That's $15B/year sitting above every token served. Any operator modeling Claude API pricing as declining hasn't priced in the supply side. Budget API costs as stable through at least 2029.

Intuit cut 3,000 employees to rebuild on AI. [8] Intuit laid off 17% of its workforce on May 20. CEO Sasan Goodarzi framed it explicitly as a pivot to rebuild QuickBooks, TurboTax, and Credit Karma from scratch around AI. The numbers make this a funded transition, not distress — Q2 revenue was $4.65B (+17%), net profit $693M (+48%). Any SMB whose financial stack runs on Intuit products will live through that rebuild on Intuit's schedule. Expect workflow disruptions and interface changes over the next 6–18 months.

Adjacent to watch

Your Google ad strategy has a new gap. [9] Google Marketing Live 2026 shipped four Gemini-powered ad formats for AI Mode: Conversational Discovery Ads, Highlighted Answers, AI-Powered Shopping Ads, and a "Business Agent for Leads" chatbot embedded directly in ads for real-time lead qualification. AI Mode serves 1 billion monthly users. Any operator running standard Search or Shopping campaigns without AI Max is now opting out of the surfaces Google is routing those users through.

This week's action items

| Story | Who it affects | Action required | Urgency | |---|---|---|---| | npm Shai-Hulud (317 packages, Claude Code hooks) | Dev teams on npm + Claude Code or VS Code | Audit .claude/settings.json, check May 19 lockfile versions, rotate CI/CD secrets | Immediate | | Gemini CLI deprecated June 18 | Teams on free/Pro Gemini CLI or Code Assist | Migrate to Antigravity CLI | 27 days | | Google AI Mode + AI ad formats | Businesses running Google Search or Shopping ads | Add AI Max to active campaigns | This quarter | | Anthropic + xAI $1.25B/month compute | Anyone modeling API pricing as declining | Budget Claude API costs as stable through 2029 | Next planning cycle | | Intuit AI rebuild | SMBs on QuickBooks, TurboTax, Credit Karma | Expect product disruption on Intuit's schedule | 6–18 months |

What I'm watching

The three-model agentic coding lineup on Vercel AI Gateway is the benchmark decision that didn't exist last week. Claude Sonnet 4.6 vs Grok Build 0.1 vs Qwen 3.7 Max — worth running against actual production task categories before the next contract review. The differentiation is architectural, not just performance: one enforces reasoning, one optimizes for long-horizon execution, one is the general default. Pick the one that matches your failure mode, not the one with the best headline number.

Sources

[1] Google — Gemini 3.5 Flash — https://blog.google/innovation-and-ai/models-and-research/gemini-models/gemini-3-5/

[2] Vercel Changelog — Grok Build 0.1 now available on Vercel AI Gateway — https://vercel.com/changelog/grok-build-0-1-now-available-on-vercel-ai-gateway

[3] Vercel Changelog — Qwen 3.7 Max now available on Vercel AI Gateway — https://vercel.com/changelog/qwen-3-7-max-now-available-on-vercel-ai-gateway

[4] Google Developers Blog — Transitioning Gemini CLI to Antigravity CLI — https://developers.googleblog.com/an-important-update-transitioning-gemini-cli-to-antigravity-cli/

[5] safedep.io — Mini Shai-Hulud Strikes Again: 314 npm Packages Compromised — https://safedep.io/mini-shai-hulud-strikes-again-314-npm-packages-compromised/

[6] TechCrunch — Anthropic says it's about to have its first profitable quarter — https://techcrunch.com/2026/05/20/anthropic-says-its-about-to-have-its-first-profitable-quarter/

[7] TechCrunch — Anthropic will pay xAI $1.25 billion per month for compute — https://techcrunch.com/2026/05/20/anthropic-will-pay-xai-1-25-billion-per-month-for-compute/

[8] TechCrunch — Intuit to lay off over 3,000 employees to refocus on AI — https://techcrunch.com/2026/05/20/intuit-to-lay-off-over-3000-employees-to-refocus-on-ai/

[9] Google — Google Marketing Live 2026: Gemini AI ad formats — https://blog.google/products/ads-commerce/google-marketing-live-search-ads/

The short version

  • npm attackers specifically targeted Claude Code's SessionStart hooks via 317 poisoned packages — audit .claude/settings.json and rotate CI/CD secrets now.
  • Gemini CLI and free Code Assist extensions die June 18. Migrate to Antigravity CLI in the next 27 days.
  • Anthropic's first profitable quarter is real, but the $1.25B/month xAI compute contract reveals why API pricing won't fall through 2029.
  • Claude Sonnet 4.6, Grok Build 0.1, and Qwen 3.7 Max are all on Vercel AI Gateway — the agentic coding benchmark race just became a real decision.
  • Intuit cut 17% of staff to rebuild QuickBooks and TurboTax on AI. If your financial stack runs on Intuit, you're on their schedule.
  • Google AI Mode hit 1B users. Standard Search and Shopping campaigns without AI Max now miss the surface Google is routing that traffic through.

— Drafted with Claude, reviewed and edited by Bryan before publish.

← All writing
tactic