Hiding in Plain Sight

Content Warning : this post is about current (mid-2026) generative AI. I'm neither an AI neighsayer, nor evangelist. Most of my perspective is from a combined product development and economic perspective.  None of this has been written with generative AI, either directly or with assistance.

Product Dilemmas

If you rewind to the end of 2025, the AI race seems to be a questionable one, financially speaking. The cost of training models (as distinct from inference when the models are used) is astronomical, and OpenAI, Anthropic battle it out with the deep pocketed Meta and Google, as well as DeepSeek and other actors. When you combine datacenter build out, training costs and inference costs, and compare with access fees, it's pretty clear that VCs are going to be losing a ton of money. The old joke of "We're losing money of every sale, but we'll make it up on volume" seems to be directly applicable.

So let's say you're a product leader at Anthropic, and you see this arms race continuing, what might you do? Can smart product decisions get us out of this mess?

Changing the Game

My friend Loren has a great question for every new technology hype wave that hits, which is "But where's the killer app?". Whether Cloud computing, Cryptocurrency or Generative AI, it's a great question to ask. If all most people's experiences with Generative AI is ChatGPT or funny image generation using MidJourney, then I think the experience is good but not great. Hallucinations greatly impact the output, with AI slop being common place. Generative AI's use in various fields, from law through to journalism, are riddled with examples of the generative AI making something up and the work not being checked thoroughly.

So back to being a product leader at Anthropic. You're thinking about this, and thinking about the costs and the constant race with competitors, and you decide you need a plan. 

Firstly, you recognize that generative AI is actually great when applied to software development. The reason for this is that the output (naively code, HTML, markdown, schema etc) has tools around it (compilers, for example) that provide guardrails and ways of managing hallucinations. Really, when you think about it, it's just fault tolerant computing mapped at a different level. So you think, if generative AI can be good at software and Anthropic is, fundamentally, a software company, it's killer app is going to be software tools that Anthropic themselves use. Because if the story is true, then Anthropic will be able to innovate and eat its own dogfood, creating the systems and infrastructure that allow for rapid innovation.

This then leads to the realization that this is a great way out of the dilemma presented above, and it forms a great story for the run up to the IPO.

A New Story

You recognize that pace of innovation is key, and that's not just producing more code, it's managing the entropy of systems, so you focus internally on making progress on systems, processes and tooling, using generative AI, that ensures development can run quickly. You start the innovation cycle outside of training, creating tools and skills and evangelizing models (agentic development, loops) all focused on shifting the story about how generative AI is used. All the tooling and processes to manage Anthropics code is internal, as the world is still focused on models.

Next you create a new training model that is better than predecessors. Rather than release it widely, you make its release limited and say it's restricted to certain trusted companies because it's so powerful and can expose cyber security issues like a knife through butter. This is great because it's an expensive model to run inference on, so making it generally available would be a drain on cash. Maybe you can spin up a great story behind it, a fable (thanks Drew) as it were, and maybe you can release it then have the government put export restrictions on it, because it's so good.

Now you've changed the conversation because all your competitors are playing catch up with expensive model training when you've moved on. The innovation isn't just at the model training level any more, it's in the tooling, training, skills and loops around the model, that allows you to build and deploy quicker. Sure, the model can be used like most general purpose generative AI, but it's good to focus, and you're creating a system which will be the baseline for any future software company. Further, you're laying the groundwork for a disruptive wave of software companies using this new way of working. The model shifts from SaaS companies building per user per month software subscriptions to Anthropic charging per agent per month GenAI subscriptions to solution providers who can out innovate and replace the SaaS companies at a much lower cost basis with low entropy code bases.

The IPO

On the run up to the IPO, the story is really coming together. Your use of your own tools means that you product release calendar is far more rapid than any others, perhaps even releasing daily. You have the mindshare around these mythological models that are better than anything else out there, when in reality you can tell investors that you expect your ongoing training costs for new models to reduce as the investment shifts from model differentiation to full-range tool differentiation. You also start talking about how generative AI is just one piece of the puzzle needed to create AGI, and that that's what Anthropic has been building. The groundwork, the infrastructure, the components and tools. You also start to have a roster of killer app companies, all using your models, skills, loops and mindset to create solutions that have low maintenance costs and can respond rapidly to changing requirements and user demands. All those killer app companies are subscribers to inference and tools, allowing further revenue upside. Potential investors concerned that people are just going to run models locally if the per seat cost gets too high? Yes, that would be a problem if you're just a model company (cough OpenAI).  But you're Anthropic, you're not just a model company, you've been a next generation software company hiding in plain sight all this time.

The Email/Browser marriage needed a prenup

 Those of you who know me may know I have an early Gmail address that beyond being very easy to guess is also exceptionally easy for people who aren't me to use as a throwaway. Being cornered by an aggressive car salesman, or a pesky free wifi access point? Look no further!

Over the years I'm dealt with an increasing number of spam messages, as well as a number of confused people who don't understand that my courtesy in replying to their heartfelt personal email (or legal action) doesn't correspond to the person they're really trying to reach. Mostly they're grateful, often polite but belligerent and confused isn't helpful to anyone really.

I've noticed that there are general classes of service that do a poor job with email verification or double-opt in. Car dealerships are one, realtors are another. I understand that requiring opt-in reduces your conversion rate, but... is it really if the person who clicked the link isn't the person at the other end of the email.

My email situation has degraded so much that I'm working on migration off Gmail. This is partly Gmail's fault too as their spam protection is no longer great. Whilst they may move a lot of messages to the Spam folder, they regularly flag legitimate messages from Instagram, Twitter, Facebook, Snapchat and Google as spam - and yes, I double checked the messages very carefully on the last one. At scale (and I stress, at scale - my spam folder has a steady state of ~60k messages in it, with the 30 day delete window) this system fails since looking at my spam folder for a legitimate message, when they're arriving 1-2 every minute, isn't feasible.

There's a hand off here between a browser visiting a web page and 'signing up' and the email round trip that is problematic. There is no standard, no ground rules or firm agreement, no prenup as it were, on how a web server can verify a user. It's understandable that a web site wants to be able to have a firm 'handle' on its users - email was first, mobile phone numbers are coming up quickly. The issue remains - at the limit, requiring a roundtrip and a handshake with the email account is broken.

Just to document a recent incident that illustrates all this coming together, I have (or rather had) a reddit account that I used mainly for browsing - the Seattle reddit, the Apple reddit, the usual. Rarely posted in over 14 years, barely squeaked over 200 karma (not a big fan of fake internet points). When I set it up over 14 years ago, I'd associated it with my very common gmail account. The gmail account that marks any email coming from Reddit as spam.

It turns out (I didn't know, because - never received emails) that it's quite easy to establish other reddit accounts using my email. I'm not clear if the individuals used a different email account to 'verify' and then switched to mine, or whether reddit still allows the user to post when waiting for verification (got to bump up those conversion numbers! Can't have friction!). Either way, a number of other users had my gmail account associated with them. Reddit also has this (on the surface rational) policy that being banned on one (maybe multiple) account(s) associated with the same email address will result in all accounts associated with that email account being banned. 

Which is what's happened to my old reddit account. I've tried the Reddit messaging system to appeal but the first 'you've been banned message' didn't have any details, nor did the appeal result, so I think that's that. As I said, low usage account so no great loss, but interesting failure at scale (and absolutely no recourse). Now that I trawl my Gmail spam folder for reddit messages I see spam messages for u/thinkofothers, u/appletinisforyourmom, u/MikeSmith328 and u/Darnold2375 telling them they've been banned (I can only search back so far), so clearly that's at least 4 other users with my email address that I haven't clicked on any verification link. Actually, none of those messages were addressed to me. Another delightful design decision consequence, Gmail's choice to ignore periods in email addresses means that the email address I use to sign in and send email from (with a period between names) is not in the email addresses that these four chuckleheads used. And yes, that means you can create two (or more) different accounts in the browser with just one email address, depending on how you sprinkle periods around.

My conclusions beyond the New Years social media detox and migrating from Gmail is that the identity handshake between browser and email is plain broken and needs a divorce.