Quanta Bits - April 11, 2026

Hi everyone,

Finally getting some Spring in Boston. Between a busy week of meetings and Anthropic's continued torrid pace of new features, the theme kept coming back to the same thing: focus and prioritization. What does the business actually need? What can AI actually do? Those two questions are harder to align than most vendor demos suggest.

Agentic adoption is outpacing governance. Snyk scanned over 500 enterprise AI environments in Q4 2025 and found that 28% of organizations are already running agentic architectures in production. The more important finding is what's sitting around those agents: when Snyk counts the full AI footprint, models plus tools, packages, datasets, and orchestration layers, the total is roughly three times larger than a model-only view would show. More than half of those models have no tracked data provenance at all.

AI agent infrastructure is now a managed service. On April 8, Anthropic launched Claude Managed Agents, a cloud service that handles containerized sandboxes, state management, tool orchestration, and error recovery at $0.08 per agent runtime hour. What used to require months of scaffolding is now a managed service. That removes the infrastructure barrier. It doesn't remove the governance one. When an agent runs autonomously against live financial data, someone still needs to monitor what it's doing and intervene when it drifts. The cost of running the agent is $0.08 an hour. The cost of governing it is a headcount question nobody has budgeted for yet.

Source: Anthropic — Claude Managed Agents (April 8, 2026)

The software market is pricing AI disruption indiscriminately. Holden Spaht, Managing Partner at Thoma Bravo, pushed back on the broad narrative at his LP meeting last week. Public SaaS is down 30% from its September 2025 peak, but his argument is that the market is conflating two different categories of software. Software built around generalist knowledge work and limited switching costs is genuinely vulnerable. Software built around zero-tolerance-for-error workflows, compliance requirements, and embedded cross-system integration is not.

AI purchasing doesn't usually follow normal procurement patterns. A lot of it bypasses procurement entirely: a team lead expenses a tool, a vendor offers a free tier that quietly becomes standard, a pilot gets approved and never formally reviewed. By the time finance or IT sees it, the tool is already embedded. The standard sequence, feature demonstration, integration checklist, security questionnaire, price negotiation, still happens, but often after the decision is already made in practice. And even when the process runs properly, it tends to skip the questions that determine whether the tool actually works once it's deployed. Not whether it can do the job. Whether it fits the way the organization actually runs.

Where does your user live?

Sales teams live in Salesforce. Finance teams live in their ERP. Customer success teams live in whatever platform holds their customer records. For execution-layer users, an AI tool that surfaces its output in a separate interface creates a habit problem. The rep who has to open a second application to see deal guidance, then switch back to Salesforce to act on it, stops opening the second application within a few weeks. The tools gaining traction are the ones that deposit output where the user already is: insights in the opportunity record, summaries written directly into fields. The AI does its work elsewhere, but the rep never leaves their system.

This is less of a constraint for manager-layer tools. Forecasting platforms like Clari run as separate applications and get used, because the manager reviewing pipeline is willing to work in a dedicated analytical surface. The question to ask in evaluation is which kind of user you're deploying to. If the person who needs to act on the AI's output is an execution-layer user, the interface question matters as much as the capability question.

Access is scoped to a use case. Use cases expand.

AI tools get access to your systems through a point-in-time decision. A specific use case is defined, access is scoped to it, a security review happens, and the ticket closes. What rarely gets scheduled is a review of whether the access still matches the use case six months later.

Use cases expand in two ways. Sometimes deliberately: a tool approved for read access to Salesforce opportunities gets a new vendor feature, someone enables it, and it starts writing back to update fields. Sometimes through what you might call the departing champion problem: the person who scoped the original access grant understood why the boundaries were set where they were. When that person leaves, that reasoning leaves with them. The team inheriting the tool doesn't know what they don't know. The exposure that results tends to be quiet rather than sudden. A tool approved for call recording review is now summarizing emails, and nobody made a decision to expand the scope.

IBM's 2025 security report puts a hard number on this. Of organizations that reported an AI model or application breach, 97% lacked proper AI access controls. The exposure wasn't a sophisticated attack. It was an open door. The question worth adding to every AI access decision: who reviews this tool's permissions in six months, and what prompts them to do it? If the answer is truly nobody and nothing, the access will outlive the intention behind it.

Load-bearing vs. substitutable

Not every tool warrants the same evaluation process. Running the same six-week procurement sequence on everything means you're either too slow on tools that don't need it or not rigorous enough on tools that do.

A tool is load-bearing if the data lives there rather than just passing through, if an error carries real business consequences, and if replacing it means re-plumbing multiple downstream integrations. Your CRM, your ERP, your core ITSM platform fall here. When an AI vendor is proposing to displace or significantly modify one of these, the proof-of-concept needs to be long and the integration test needs to be hard. Gartner's April 2026 research found that 57% of leaders who reported a failed AI project said they expected too much, too fast. That's the load-bearing mistake in a single stat.

A tool is substitutable if it handles one task, isn't the authoritative source for any data, and could be replaced within a quarter without significant disruption. For these, speed of adoption matters more than exhaustive evaluation. Start there, prove the value, and earn your way into the harder integrations.

None of this is exotic. The vendor review meeting is already scheduled. The question is whether anyone in that room is asking where the user actually works, who owns the access grant when the champion leaves, and whether this tool is holding data or just touching it. Most of the time, nobody is. That's a problem.

Sources:

Ramp's AI Index, based on $100 billion in annual card and invoice spending across 50,000 US businesses, shows Anthropic closing the gap faster than most expected. Nearly one in three US businesses paid for Anthropic's tools in March, up more than 6 percentage points from February, while OpenAI held flat at 35%. Claude app downloads tripled to 21 million; ChatGPT downloads grew just 5%, and its weekly active US users fell month-on-month for the first time since early 2024. The driver is Claude Code and Anthropic's developer-first strategy.

Sources:

Source: @devops_nk on X

Salesforce bets $18B that security is the trust layer for agentic AI. Salesforce acquired Wiz for $18 billion to embed cloud security posture management directly into the Agentforce platform. Marc Benioff is framing this as closing the "trust gap" that prevents enterprises from letting AI agents operate autonomously with sensitive data. That is a bet on where cloud security is heading: embedded inside AI platforms, not sold as standalone tools. For CIOs: if your AI platform vendor is absorbing security into the stack, your third-party security architecture needs rethinking.

Sources:

Atlassian built an AI coding agent. Their own engineers refused to use it. Rajeev Rajan, Atlassian's CTO, told The Rundown AI that early versions of Rovo Dev felt like "magic in the wrong way." Engineers couldn't see what the agent was doing or why, so they wouldn't touch it. Atlassian scrapped it and rebuilt with full transparency: inspectable sessions, step-by-step visibility, the ability to steer at every stage. Rajan's line: "If we can't understand or observe how an AI is behaving, it doesn't belong in a critical path." That's not caution. That's an operational principle. Most companies deploying agents right now are skipping exactly this step.

Sources:

To hire humans, companies are going back to hiring like humans. AI-generated applications have broken the traditional screening funnel. Deel data shows 40% of employers now extend probation periods because they cannot assess real skills during the application process. The response? Companies are going analog. L'Oréal "sanctuarized the interview" as an AI-free zone: in-person, 45 minutes minimum, no AI tools permitted. EY trained 20,000+ interviewers to probe how candidates actually reason in real time, not just whether they can recite a polished answer. AI was supposed to make hiring more efficient. The best employers are now investing more human time, not less.

Sources:

Chess grandmasters now prepare with AI engines so thoroughly that when two similarly prepared players meet, they neutralize each other - draws have surged at the elite level. The response from the best players: deliberately play "suboptimal" moves. Not mistakes, but intentional detours into territory where memorized computer lines are useless and human creativity takes over. Two ways to read this: the hopeful one is that knowing when not to follow the machine is becoming the differentiating skill. The cautionary one is that if everyone defaults to the same AI recommendations, we all converge on the same answers. Both point the same direction: the competitive edge isn't in having the best AI tools, it's in knowing when to trust your instincts over the algorithm.

Sources:

▶️ Claude Cowork Tutorial from Cowork's Design Lead (Jenny Wen, via Peter Yang). A 40-minute walkthrough of Claude Cowork from someone on the Cowork team. How Anthropic is thinking about collaborative AI workflow, from the people building it.

🗞️ Tips from the head of Claude Code on how to use it better (Boris Cherny, X). Tips and tricks from the head of Claude Code. Practical, from the person who built it.

🗞️ Multi-Agent AI Systems: The Architectural Shift Reshaping Enterprise Computing (Dhruv Roongta, Forbes). The case that multi-agent systems are this decade's mainframe-to-distributed-computing shift. Best parts: the economics paradox (15x more tokens, yet lower cost per transaction at scale), and the Klarna stat ($40M projected savings, 2.3M conversations in month one).

🎙️ How to Build a Personal Context Portfolio and MCP Server (Nathaniel Whittemore, The AI Daily Brief). What personal context management actually means: ten structured markdown files that act as an operating manual for every AI you work with, portable across Claude, ChatGPT, Gemini, or whatever comes next. The MCP deployment piece is the practical punchline. Worth reading before you explain to clients why their AI tools keep forgetting who they are.

Tan Twan Eng, 2023 | 306 pages | ★★★★★

A real joy to read. Set in 1920s colonial Penang, the real W. Somerset Maugham visits a British couple and gets drawn into their secrets, a murder trial, and the undercurrents of revolution. The doors of the title feel like metaphors for the paths in life we choose and the many we leave unopened.

I loved Maugham's character as observer, turning real people into immortals through his stories. There is a beautiful scene where Maugham tells the main character about a time, when he thought he was done with writing, he was sitting by a beach watching the sunset, feeling elated to realize he would never have to describe one again in a book. That moment was his and his alone. That image stayed with me.

The prose and pacing were excellent, descriptive without overdoing it. The ending was too quiet for my taste, but the final scene was a lovely, understated close.

I collaborate with Spock, my AI agent. He researches extensively: scanning, filtering, and surfacing what's relevant across my business. I read, listen, and watch what resonates, and decide what matters. I provide direction, we draft together. The editorial judgment is mine. He'd tell you the same. Most logical. 🖖

Prefer to listen? Quanta Bits is also available on Apple Podcasts and Spotify.