Both your AI vendors filed S-1s

The Volunteer Pricing Era Is Over: Both Your AI Vendors Filed S-1s This Week

Anthropic filed a confidential S-1 with the SEC on June 1. OpenAI followed on June 8. For the first time in this industry's history, the two dominant enterprise AI vendors are in the IPO pipeline simultaneously. The foundation model market just acquired a clock.

For four years, enterprises have been buying AI services below cost. OpenAI's reported internal projections show a $14 billion operating loss in 2026 and no path to profitability before 2029. Both companies have been pricing to win market share rather than recover costs. Public-market shareholders require a different calculus: quarterly margin improvement and a visible path to profitability. That pressure lands on you, because you are the revenue.

API pricing will stabilize at or above current rates. The era of quarterly price cuts ends when analysts start grading gross margins. Queue the multi-vendor comparison before the IPO lockup period; the negotiating leverage you hold right now is higher than it will be after the roadshow. Anthropic's revenue is growing faster than OpenAI's at comparable stages. If your stack is OpenAI-only, two publicly-traded frontier vendors now makes the first genuine competitive bid possible.

Two other things change immediately. Every enterprise MSA with OpenAI needs a legal review: OpenAI converted from a capped-profit LLC to a proposed public benefit corporation before this filing. The indemnification language, SLA terms, and data residency provisions in your current agreement were drafted under a different legal structure. Separately, Microsoft holds approximately 49% of OpenAI. A public OpenAI has independent shareholder obligations that may conflict with Microsoft's interests as both investor and competing AI platform vendor. The Azure OpenAI versus direct API pricing tension becomes visible to analysts every quarter.

Treat the current pricing and terms as the high watermark, not the floor. Every enterprise organization negotiating AI contracts in the next 90 days is doing so in the best commercial window of this cycle. Brief procurement, queue the contract legal review, and put the multi-vendor evaluation on the roadmap this quarter.

The data in this issue came from priority submissions by 5,000+ enterprise IT leaders. If you run IT or security at a $100M+ company and want to see what your peers are funding — and earn rewards for participating in vetted meetings with the vendors worth your time — apply to join DoGood.

CVE-2026-45657: The June Patch Tuesday Flaw That Cannot Wait

Microsoft's June 9 Patch Tuesday addressed 208 CVEs, the largest single release in the program's 23-year history. One flaw in that release requires action ahead of your normal patch cycle: CVE-2026-45657 is a use-after-free vulnerability in the Windows Kernel TCP/IP stack, rated CVSS 9.8, exploitable remotely with no credentials and no user interaction. Microsoft labels it "Exploitation Less Likely," but security researchers worldwide are actively reverse-engineering the patch. The window between release and a working public exploit is measured in days on vulnerabilities of this class. Affected builds: Windows 11 versions 23H2 through 26H1, Windows Server 2022, Windows Server 2025. Patches: KB5095051, KB5094126, KB5093998, KB5094125, KB5094128. Deploy this weekend.

August 2 Is 52 Days Away: EU AI Act High-Risk Enforcement Starts Then

The EU AI Act's full enforcement provisions for high-risk AI systems take effect August 2, 2026. AI systems in hiring, credit scoring, critical infrastructure management, and biometrics are in scope. Conformity assessments must be complete before that date, not in progress. A separate congressional bill introduced in the United States on June 4 proposes a three-year preemption of state AI laws, but a federal bill in committee does not pause EU enforcement. Enterprises with EU operations still in the planning phase need to compress their timelines immediately. This deadline does not move.

Cisco SD-WAN and Arista EOS Hit CISA KEV on the Same Day

On June 9, CISA added three vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2026-20245 affecting Cisco Catalyst SD-WAN Manager, CVE-2026-7473 affecting Arista Extensible Operating System, and CVE-2026-11645 affecting Google Chromium V8. The Cisco and Arista entries are the operational priority: SD-WAN Manager is the configuration control plane for enterprise network segmentation, and Arista EOS is deployed in most large enterprise data centers. KEV addition confirms active exploitation. Patch both, and verify that management interfaces are not accessible from the internet.

OpenAI's projected 2026 operating loss, per internal projections reported ahead of the S-1 filing. The company's path to profitability, per the same reports, runs through 2029. The current IPO target valuation exceeds $1 trillion. The arithmetic between those three numbers is the subsidy your organization has been receiving in below-cost API pricing. When shareholders have a say in the business, they will ask management to close the gap. That is how the price of AI services rises: not by announcement, but by quarter-over-quarter pressure on margins.

The enterprise IT leaders in the DoGood network currently evaluating AI vendor portfolios are navigating exactly this backdrop. If you run IT or security at a $100M+ organization, the window to benchmark your stack before the IPO changes the terms is open right now.

The CXO Brief is powered by the DoGood network, 5,000+ IT leaders sharing what they are actually working on.

Know a CIO who needs this? Forward it and they can subscribe here.

Enterprise IT leader at a $100M+ company? Apply to join DoGood.