Oracle cut 21,000 jobs to fund AI

Oracle Just Showed Everyone How the AI Buildout Gets Paid For

Oracle's annual filing landed June 22. Two facts shared the same document. The company posted $3.7 billion in quarterly net income, a record. And it confirmed it cut about 21,000 jobs over the year, roughly 13% of its workforce. The filing did not treat these as unrelated. It named AI deployment as a direct cause of the headcount reduction, and warned more cuts may follow.

This is the funding model becoming visible. Oracle's capital spending hit $55.7 billion this fiscal year, almost all of it AI cloud and data centers. Next year it guides to roughly $70 billion. That money has to come from somewhere. The filing connects the dots in its own language: AI is trimming the operating cost base, and the savings pour into GPUs and concrete.

For anyone who buys infrastructure, the number that matters is the backlog. Oracle's remaining performance obligations now sit at $553 billion. A single five-year capacity deal with OpenAI accounts for about $300 billion of that. Read it as a buyer. Oracle has pre-sold years of AI capacity to a handful of very large customers. Your workloads compete for what is left.

The headline reads as a labor story. It is really a concentration story. The AI buildout is consolidating into a few hyperscalers, paid for by cutting the people who ran the old business. Capacity, pricing power, and roadmap leverage are pooling in fewer hands. When you negotiate your next cloud or database renewal, you are sitting across from a vendor whose backlog dwarfs its annual revenue, and whose biggest customer is not you.

Two things to do next week. First, ask your Oracle or OCI rep where your capacity sits relative to the mega-commitments, and get reserved-capacity terms in writing before the renewal. Second, treat "AI cut our costs" as a claim you can audit. Oracle just told the market it works. Your board will ask whether it works for you, and the honest answer is a plan, not a press release.

The data in this issue came from priority submissions by 5,000+ enterprise IT leaders. If you run IT or security at a $100M+ company and want to see what your peers are funding — and earn rewards for participating in vetted meetings with the vendors worth your time — apply to join DoGood.

Multi-Cloud Did Not Save Anyone on Monday

On June 22, X, Microsoft Teams, Zoom, Reddit, Canva, and a long list of others went dark at the same time. The common thread was Cloudflare, which reported elevated errors across its edge. None of those companies share a cloud provider. They share a CDN. If your resilience plan maps redundant clouds but ignores the edge and DNS layer underneath, you have a single point of failure that never made it onto the diagram. Spend an hour this week tracing which "independent" vendors in your stack actually terminate through the same CDN.

Your SIEM Became the Breach

CISA added Splunk Enterprise CVE-2026-20253 to its Known Exploited list on June 18, the first Splunk flaw ever to make the catalog. Patches shipped June 10. Attackers were exploiting it eight days later, and WatchTowr published a working exploit that drops the barrier to near zero. The flaw hands an unauthenticated attacker remote code execution, and AWS-hosted Splunk is vulnerable by default. The uncomfortable part: the tool you bought to spot intrusions is now the intrusion. Patch to 10.2.4 or 10.0.7 now, and start giving security tooling the same emergency-patch SLA you give internet-facing apps.

The 72-Hour Clock Is Almost Real

CISA reopened public town halls on CIRCIA in mid-June, the last lap before the final rule. Once it lands, covered critical-infrastructure operators get 72 hours to report a substantial cyber incident and 24 hours to report a ransom payment. Most teams still treat incident reporting as a post-mortem task, not a same-day one. Build the workflow before the rule forces it: decide now who declares an incident, who files, and how you hit 72 hours when the people who know are the same people fighting the fire.

62% of organizations now name security and risk as the top barrier to scaling AI agents, ahead of technical limits and regulatory uncertainty by 24 points, per Stanford's 2026 AI Index. That relocates the bottleneck. The thing blocking AI return is not model quality, it is whether you can govern what the agents touch. For the reader, the next dollar of AI budget buys more in identity, logging, and access control than in another pilot. The pilots already work. The controls around them are what is missing.

This week's quiet theme was concentration: in AI capacity, in uptime, in your security stack. The DoGood network exists so you can see where 5,000+ enterprise IT leaders are placing their bets before you place yours.

Know a CIO who needs this? Forward it and they can subscribe here.

Enterprise IT leader at a $100M+ company? Apply to join DoGood.