This time, I thought I’d add a few points beyond what we covered in our Giant Swarm internal chat because there is a lot going on. So let’s start there.

First off I need to start by The Aimery Investment Letter that came out just now, around how to value ServiceNow. First of all, I can only suggest subscribing no matter what, but Alex has touched upon some good things in it, namely that we are moving away from just Chips and LLMs being the narrative, but rather, that we now need to move to real value being created on the user side. I just did a quick take on it on my LinkedIn.

It’s fits with something that we came across in Giant Swarm around Shannon’s piece on the seven things enterprises actually want from an MCP gateway. Obot is reportedly seeing a lot of meetings on this in the US — the market is warming up fast and the requirements are starting to crystallise. For those not knowing what MCP is, think of it as an API to a Service with Context for the AI to work with. It fits to the ServiceNow narrative and in short, has these specific points that companies are looking for and based on our experience, I can only agree:

• vendor-neutral control plane (multi-model, multi-provider): You will switch between LLMs or Providers, you need your MCP Model to be seperate

• identity-anchored access (SSO, auth), tool-level permissions, content filtering at the gateway (PII and worse): And this is not easy and we are banking on standards that will push this forward. You want your agents to be specific, and so you want the access to be as well.

• skills as first-class objects: They need to be as far model independent as possible.

• audit logs that reach the SIEM: ok, I think I don’t need to explain why audit logs are important.

• and deployment flexibility across hosted, private, and on-prem: Because you will have private data and want to use a local (open-source) LLM for it. Long term, you will want to be able to move your things freely between LLMs for performance and cost reasons.

I will add one thing to it that we feel is very powerful. Our MCP Product has a Workflow Engine that allow it to build code on things it learned, like new limited MCPs, that will allow it to query those with a lot less context, saving considerable LLM costs and creating more reliable outcomes. You need your agents to be free to do research, but some things are clear and can be moved to code that is a lot easier to run and a lot less variable.

A more fun one: the first AI boss launched in San Francisco. Andon is an autonomous AI agent operating as a manager, and it has already hired two real humans to work for it. Yes, really. Let’s see how this plays out.

The structural one: GitLab Act 2, the CEO's open letter explaining how the company is rebuilding itself to be ready for AI-driven software engineering. It's a piece of corporate self-positioning, but the transparency is unusual — laid out as a letter to customers and investors, with what they think their advantages are and what they're planning to build next. Zach's reaction was the honest one: hard to tell from outside whether GitLab is at war internally over any of this, but the willingness to be this clear in public is itself reassuring.

Security Incoming

The big one that I will have to think a bit about is the security changes that are afoot. With newer AI models that are in trials, the among of security problems we find it mind blowing. The reason is that these models are good at chaining different things together, instead of just exploiting one CVE.

As one example, we had a supply chain attach and yes NPM is a landmine, again — Aikido flagged another supply-chain incident in the npm ecosystem. Dominik's line was the one I'm keeping: "NPM always was a landmine. Now we just have a metal detector." That's roughly the current security posture for half the package ecosystems we depend on.

I’ll go into more detail on things in the future, but the general direction and velocity will lead to some good headlines in the near future.