Anthropic took Stainless from its rivals, the EU delayed high-risk AI until 2027, and Google opens I/O—three control points redefined in 72 hours

Three operators made control claims in the last 72 hours that test the same hypothesis from different angles: whether the systems built to constrain AI deployment can keep pace with the operators redesigning the infrastructure those systems depend on.

Anthropic announced Monday it has acquired Stainless, a startup founded by former Stripe engineer Alex Rattray whose software is widely used by rival AI labs, including OpenAI and Google . The Information reported last week that the company was in talks to acquire Stainless, which is backed by Sequoia Capital and Andreessen Horowitz, for more than $300 million . The company told TechCrunch it will wind down all hosted Stainless products, including its SDK generator —removing from OpenAI, Google, Cloudflare, and other competitors the tooling they used to connect AI agents to external software.

On May 7, 2026, the Council of the EU and the European Parliament announced their provisional agreement on targeted amendments to the EU AI Act, as part of the European Commission's Digital Omnibus initiative launched in late 2025, which proposed to delay the implementation of rules governing high-risk AI until 2027/28 . The provisional agreement also introduces a fixed timeline for the delayed application of high-risk rules: the new application dates would be 2 December 2027 for stand-alone high-risk AI systems and 2 August 2028 for high-risk AI systems embedded in products . And the provisional agreement adds to the EU AI Act's prohibited AI practices, by banning AI systems that create child sexual abuse material (CSAM) or that depict, without that person's consent, the intimate parts of an identifiable person or an identifiable person engaged in sexually explicit activities , with compliance required by December 2, 2026.

And Google's annual developer conference opens today, May 19, 2026, at the Shoreline Amphitheatre in Mountain View, California . This year's schedule is structured almost entirely around a single strategic argument: that Gemini is no longer a product layered onto Google's platforms, but the operating layer beneath them .

All three events involve operators making claims about control, capacity, or compliance that can be graded when the contracts terminate, the regulations enforce, or the integrations ship. And all three landed within a week of each other.

3 Claims

Claim 1 — Anthropic: Acquired Stainless for over $300M and will wind down hosted products used by OpenAI, Google, Cloudflare

Anthropic announced Monday it has acquired Stainless, a startup founded by former Stripe engineer Alex Rattray whose software is widely used by rival AI labs, including OpenAI and Google. Anthropic didn't disclose terms of the deal . However, The Information reported last week that the company was in talks to acquire Stainless, which is backed by Sequoia Capital and Andreessen Horowitz, for more than $300 million .

The company told TechCrunch it will wind down all hosted Stainless products, including its SDK generator. An Anthropic spokesperson said Stainless customers will still own the SDKs they've generated to date and have full rights to modify and extend them however they wish . The technology is particularly valuable to companies like Anthropic, OpenAI, Google, Replicate, Runway, and Cloudflare that are building AI agents that can connect to external software and complete tasks on behalf of users. Stainless's SDK tools are an easy way to build and maintain those connections — but going forward, the tools will only be available to Anthropic, not its competitors .

The claim is gradeable on whether Stainless's hosted SDK generation service is operationally unavailable to non-Anthropic customers by August 18, 2026; whether OpenAI, Google, or Cloudflare disclose in earnings calls, developer blogs, or public statements that they've rebuilt SDK tooling or switched providers; and whether the acquisition materially degrades competitor velocity in shipping agent-to-software integrations.

Grade by: 2026-08-18 (3 months)

Claim 2 — EU: High-risk AI obligations delayed to December 2027 and August 2028; nudification apps banned by December 2026

Today, the Council presidency and European Parliament negotiators reached a provisional agreement on a proposal to streamline certain rules regarding artificial intelligence (AI). The proposal forms part of the so-called 'Omnibus VII' legislative package in the EU's simplification agenda. The package includes proposals for two regulations aiming to simplify the EU's digital legislative framework and the implementation of harmonised rules on AI .

The provisional agreement also introduces a fixed timeline for the delayed application of high-risk rules: the new application dates would be 2 December 2027 for stand-alone high-risk AI systems and 2 August 2028 for high-risk AI systems embedded in products . The co-legislators added a new provision in the AI act, prohibiting AI practices regarding the generation of non-consensual sexual and intimate content or child sexual abuse material (CSAM) . Effective December 2, 2026, the Agreement extends these prohibitions to "nudifier" applications — AI systems that generate or manipulate sexually explicit or intimate images, video, or audio without explicit consent, or that create CSAM. Providers and deployers may not use or place on the EU market AI systems designed to create intimate deepfakes or CSAM, or that lack reasonable safeguards against such use .

The claim is gradeable on whether the EU formally publishes the Omnibus amendments in the Official Journal by August 2, 2026; whether member states enforce the nudification ban by December 2, 2026 with public takedowns, cease-and-desist orders, or prosecutions; and whether high-risk AI system obligations remain deferred until the stated dates without further legislative amendment.

Grade by: 2026-12-02 (6 months)

Claim 3 — Google: I/O 2026 positions Gemini as 'the operating layer beneath' Google platforms, opens May 19

In case you forgot, Google's I/O 2026 keynote kicks off at 10 a.m. PT / 1 p.m. ET / 6 p.m. BST on May 19 (that's today), and you can tune into the event through the YouTube stream embedded above . This year's schedule is structured almost entirely around a single strategic argument: that Gemini is no longer a product layered onto Google's platforms, but the operating layer beneath them. Whether the announcements over the next 48 hours justify that framing is the one question the published session list cannot answer .

One technical constraint that has not been officially confirmed but appeared in reporting ahead of the keynote: Gemini Intelligence may require a device with at least 12 GB of RAM and a qualified flagship system-on-chip, a hardware floor that would exclude a significant share of the existing Android installed base. Google's official rollout timing targets summer 2026 for the latest Samsung Galaxy and Google Pixel devices .

The claim is gradeable on whether Google ships Gemini Intelligence—as described in I/O 2026 sessions—to at least one flagship Android device by September 1, 2026; whether the feature requires 12 GB RAM or more; and whether Google's developer documentation, public statements, or product releases by November 19, 2026 support the "operating layer beneath" framing rather than treating Gemini as an optional feature toggle.

Grade by: 2026-11-19 (6 months)

2 Reckonings

Reckoning 1 — White House: Pre-release AI vetting executive order, briefed May 4, dismissed as "speculation" May 4, confirmed under study May 6, still unissued May 19

On May 4, 2026, The New York Times reported that President Trump's administration was considering requiring U.S. government oversight of AI models before public release, with senior officials briefing executives from Anthropic, Google, and OpenAI in meetings the prior week. A White House official told reporters the same day that discussion of potential executive orders was "speculation." Two days later, National Economic Council Director Kevin Hassett told Fox Business the White House was "studying, possibly an executive order" for a pre-release vetting process. By May 19, no executive order has been issued.

The invalidator would be a signed executive order establishing a pre-release vetting process for AI models by the stated grading horizon, or credible reporting showing the White House abandoned the proposal after internal review.

Original claim: May 4–6, 2026
Grading horizon: November 18, 2026
What happened: As of May 19, no order has been issued. Voluntary pre-deployment testing agreements were signed May 5 with Microsoft, Google, and xAI—expanding an existing program under the Commerce Department's Center for AI Standards and Innovation—but these are not binding vetting requirements. The claim remains live until November.

Grade: Incomplete—reassess November 18, 2026

Reckoning 2 — Anthropic Mythos: Six-to-twelve-month window to patch vulnerabilities, warned April 7, still no public patching tool released by May 19

On April 7, 2026, Anthropic released Claude Mythos as a launch partner for Project Glasswing and warned that frontier AI models were finding vulnerabilities at scale. Palo Alto Networks disclosed May 14 that frontier AI found 26 CVEs in three weeks—five times its usual monthly volume. Anthropic CEO Dario Amodei and Chief Product Officer stated publicly in April that the industry had a six-to-twelve-month window to patch newly discovered vulnerabilities before adversaries gained similar capability. As of May 19, Anthropic has not released a public tool to automate patching of the vulnerabilities Mythos and similar models are discovering.

The invalidator would be Anthropic or a third party releasing an open tool that automates vulnerability patching at comparable speed to Mythos discovery, or credible technical analysis showing the patching problem is structurally unsolvable within the stated timeframe.

Original claim: April 7, 2026
Grading horizon: October 7, 2026 (six months from launch)
What happened: Six weeks after the warning, no public patching tool has shipped. Organizations were told they had a window to respond, but the tool to close it at the speed required does not exist in the public domain. The claim is failing its own stated premise: capability without mitigation leaves the window open but undefended.

Grade: D — Tool promised implicitly by urgency framing, not delivered at midpoint of stated window

1 Refusal

Today I refused to treat the Omnibus delay as a policy failure rather than a compliance decision. Multiple analyses published May 7–12 framed the EU's 16-month postponement of high-risk AI obligations as evidence the regulation was "too complex to enforce" or proof that Brussels had "blinked" under industry pressure. But the provisional agreement explicitly states the delay was granted because supporting technical standards and guidance documents needed for compliance were not ready—meaning the alternative was penalizing operators for failing to meet obligations that did not yet exist in implementable form. The Omnibus also added a new prohibition on nudification apps with a seven-month compliance deadline, banned certain uses of AI-generated intimate content, and retained the high-risk system registration requirement the Commission had proposed deleting. That is not retreat—it is sequencing enforcement to match the maturity of the compliance infrastructure. I refused to frame recalibration as capitulation when the text says otherwise.

I refused to call an enforcement timeline adjustment a regulatory failure when the stated reason was missing standards, not missing will.

— Roger Grubb, Editor