Last week the ROI story cracked — AI’s return got doubted by its own backers. This week the doubt got concrete. The failures stopped being about whether the spend pays off and started showing up in the places the pitch was most confident: safety, security, efficiency, and cost savings. An AI camera sold to stop school shootings missed an armed student. Surveillance data that was supposed to catch criminals instead failed to free an innocent one. The supply chain everyone calls “official” became the road malware travels. And the cost curve that was supposed to keep falling reversed. Underneath it all, the same government that can’t secure its own infrastructure converted 8,000 federal workers to at-will employment by fiat.

Five arcs:

  1. At-will by fiat — the civil service shakedown enters a new phase.
  2. Microsoft became the infrastructure malware travels on.
  3. Surveillance tech failed where it mattered and expanded where it shouldn’t.
  4. The cheap-AI era ended before the expensive one proved itself.
  5. The neighborhoods underneath the data centers organized.

1) At-Will by Fiat

Two weeks ago the federal-workforce story was about silencing — NDAs, an “anti-technology extremist” label, political appointees moving into Inspector General offices. This week the administration skipped the silencing and reached for the kill switch.

Government Executive reported that Trump’s edict making 8,000 feds at-will employees drew swift outcry, and AFGE framed it directly: the administration is stripping due process rights from thousands of federal workers in a continued push to politicize the civil service. At-will conversion doesn’t gag the workforce — it removes the legal floor beneath it. There’s no whistleblower protection to litigate when there’s no cause requirement to fire.

The counter-mobilization is the genuinely new part. AFGE locals elected a new slate of district National Vice Presidents and Human Rights Officers — not ceremonial, but the command structure for whatever comes next. The AFL-CIO opened its 30th Constitutional Convention in Minneapolis, and labor jumped full-force into the 2026 election battles, explicitly tying workforce defense to the midterm cycle.

For a federal-union audience, the tactical shift is the whole story. The fight moved from defense — fighting gag orders — to mobilization — building the structure to contest the next round at the ballot box. The open question is whether the institutional response can move as fast as an executive that governs by edict.

2) Microsoft as Malware Delivery Infrastructure

Last week’s supply-chain arc was general — the Red Hat npm worm, the Palo Alto VPN bug. This week it narrowed to a single vendor, and the lens got uncomfortable.

Three Microsoft-vector compromises hit in the same cycle. The Register reported that GitHub nuked 70+ Microsoft repos and broke CI/CD pipelines following suspected worm infections. Ars Technica documented that for the second time in weeks, Microsoft packages were laced with a credential stealer. And 404 Media reported the sharpest one: Microsoft infrastructure was compromised to deliver malware specifically targeting Claude and Gemini users. For good measure, suspected North Korean operators blasted 250+ fake developer job offers over six weeks to snarf credentials and crypto.

The Claude/Gemini targeting is the signal worth sitting with: attackers have worked out that AI-tool users are high-value marks with broad system access, and they picked Microsoft’s platform as the road in.

For anyone running agentic workflows on Microsoft-hosted dependencies — and that’s most shops — the operational question is blunt: what’s your blast radius if your package source is the vector? This is the un-glamorous case for seam-based architecture. One container per client, swappable dependencies, no single platform you can’t walk away from. The boring discipline is the moat.

3) Surveillance Tech: Wrong When It Matters, Unstoppable When It Shouldn’t Be

Two stories from opposite failure modes defined the week’s surveillance arc, and they turn out to be the same story.

An AI-powered school surveillance system — sold as the answer to mass shootings — failed to spot an armed student walking into a building, per Futurism. And Ars Technica reported that a man sat jailed for a month even though Flock license-plate-reader data proved he was five miles from the crime scene. The system missed the threat it was built to catch; the system’s exculpatory data was ignored when it mattered.

Meanwhile the same tech expanded its reach. 404 Media reported a company will add phone, AirPod, and smartwatch trackers to license-plate-reader networks. Meta quietly deleted the face-recognition system from its smart-glasses app after getting caught building exactly the panopticon everyone warned about, and NSO Group was caught allegedly violating a spyware injunction with new WhatsApp attacks.

The school-camera miss and the wrongful jailing aren’t opposites. They’re both what happens when a system is optimized for coverage and sales rather than accuracy and accountability. The surveillance pitch is always “if we’d been watching, the bad thing wouldn’t have happened.” This week they were watching. The bad thing happened anyway, the exonerating data got ignored, the capacity expanded, and the legal limits didn’t hold. The structural incentive is growth, not performance.

4) The Cheap AI Era Is Over — and the Expensive One Hasn’t Proved Itself

Last week’s headline was “AI doesn’t have ROI.” This week the cost side of the ledger caught fire.

Jacobin declared the era of cheap AI over, tracking how the VC-subsidized inference pricing that drove adoption is giving way to real-cost pricing. Futurism reported that more than 150 mathematicians signed a letter warning governments not to “believe the hype” — not a vibes check, but domain experts in the field most central to AI’s theoretical foundations saying the claims outrun the math. Gary Marcus documented the slop-productivity paradox, and Cory Doctorow published a comprehensive takedown of the “everything machine”.

In the middle of it, Microsoft’s AI chief said superintelligence is near but won’t take your job — a statement that manages to be both grandiose and reassuring in a way that satisfies no one. That’s the tell. When your answer to “will it take jobs?” is “no” and your answer to “is it superintelligent?” is “nearly,” you’ve stopped describing a product and started describing a religion.

The revenue side collapsing and the cost side escalating are a pincer. The credibility gap between vendor claims and observable results is now wide enough for institutions to start writing policy inside it — procurement standards, disclosure rules, public skepticism. For an operator, the lesson is the same one that’s held all year: price the work honestly, build what measurably pays for itself, and don’t bet the shop on inference staying subsidized.

5) Data Centers vs. the Neighborhoods Underneath Them

The resistance to AI infrastructure went hyperlocal this week, and the most important number in the roundup is a ratio.

Blood in the Machine reported that working-class neighborhoods are resisting data centers at five times the rate of wealthy ones. New York advanced a one-year moratorium on datacenter permits, and Texas grid operators flagged voltage risks as data centers and crypto sites failed voltage tests.

That 5x figure is the week’s quietest and sharpest data point, because it reveals the class structure of the buildout: the infrastructure goes where the political resistance is cheapest, and the communities have figured that out. Every model that gets bigger needs more compute, more cooling, more power, more land — and the people who live next to the substations and cooling towers are the first to feel the cost. When Arc 4 says the cheap era is over, this is part of why. It isn’t just inference pricing that’s expiring. The social license is, too.

What to Watch Next Week

  • Whether the at-will conversion draws an immediate legal challenge from AFGE or other federal unions.
  • The GitHub post-mortem on the repo nuking — actual worm, or false-positive overreaction.
  • Whether the AI school-surveillance failure leads to contract cancellations or just a PR cycle.
  • The Flock wrongful jailing as a possible test case for license-plate-reader admissibility and reliability standards.
  • Whether other outlets pick up Jacobin’s “cheap AI is over” frame as the cost narrative consolidates.
  • The New York datacenter moratorium: does it pass, and does it trigger copycat legislation.

The grounded read, since you asked. Five arcs, one throughline: the gap between what’s being sold and what’s being delivered. AI school cameras that miss shooters. Surveillance data that doesn’t keep an innocent man out of jail. Supply chains that ship malware through official channels. Cost curves that only go up. And a civil service being converted to at-will employment by the same government that can’t keep its own infrastructure secure. The sharpest signal this week isn’t any single failure — it’s that the failures are landing in exactly the domains where the pitch was most confident: safety, security, efficiency, cost. The honest posture — build carefully, measure what works, admit what doesn’t — keeps getting validated by the distance between everyone else’s promises and their results. That’s the whole bet: stay in the game long enough, with clean enough seams and honest enough accounting, to still be standing when the real breakthroughs land.