SpaceX just bought your AI coding tool

Your Engineers' Default Tool Now Belongs to a Rocket Company

SpaceX agreed on Monday to buy Anysphere, the maker of Cursor, for $60 billion in an all-stock deal that closes in Q3 pending regulatory review. If your engineering org standardized on Cursor, read that sentence again as an operator: your default coding environment is now owned by a privately held rocket and defense company controlled by one person, and its roadmap answers to that company's needs first.

The reason SpaceX gave is the tell. It said software is the primary bottleneck in its mission velocity, and it wants Cursor embedded across its Starship, Starlink, and defense codebases. That is an honest answer, and it should change how you read the purchase. Cursor was bought to accelerate its owner, not to win the enterprise developer market it currently leads. The product's center of gravity just moved from "win external customers" to "serve the parent."

The deal also removes the last independent AI coding tool from the open market. The mainstream alternatives left standing, GitHub Copilot, Gemini Code Assist, and Amazon CodeWhisperer, are each owned by a hyperscaler you may already be working to stay neutral from. "Independent dev tooling" is turning out to be a structurally unstable category. The IDE is where code, context, and developer behavior concentrate, which is exactly why it keeps getting acquired. Whoever owns the place your engineers spend their day owns more than a text editor.

You just inherited three exposures

For an enterprise running Cursor today, three things changed this week. Roadmap: the features you depend on now compete for attention against an internal customer with very different priorities. Data governance: your code and prompts now flow through a new corporate parent with defense ties, which your security and legal teams have not reviewed. Closing risk: the transaction does not close until Q3 and is subject to regulatory review, so a tool you run in production now carries an open question over its future.

The move is not to rip Cursor out on Monday. It is to treat your AI coding tool as a sourcing decision with real concentration risk, because that is what it has become. Inventory how deep Cursor sits in your software lifecycle: who uses it, what repositories and secrets it touches, whether it runs in your pipelines. Pull the contract and read the change-of-control and data-handling clauses. Then decide, deliberately, whether Cursor stays your standard or whether you hedge with a second tool, before the switching cost compounds into a decision you no longer get to make.

The broader signal is the one worth carrying into your next architecture review. AI coding tools are no longer being priced or acquired as productivity software. They are being treated as strategic control points, contested by the largest companies on the planet. Standardizing an entire engineering org on any single one of them is now a concentration bet, and this week the neutral option left the board.

The data in this issue came from priority submissions by 5,000+ enterprise IT leaders. If you run IT or security at a $100M+ company and want to see what your peers are funding — and earn rewards for participating in vetted meetings with the vendors worth your time — apply to join DoGood.

An Unauthenticated Hole in the Tool That Watches Everything

Splunk disclosed CVE-2026-20253, a pre-authentication remote code execution flaw in Splunk Enterprise rated 9.8. The weakness lives in the PostgreSQL sidecar service introduced in version 10: it exposes file-operation endpoints with no authentication, and the main web app proxies requests straight to them, so anyone who can reach the instance over the network can write files and run code without credentials. The detail that should drive your prioritization: the sidecar is off by default on on-prem Windows, but enabled out of the box on AWS-hosted Splunk Enterprise. Exploitation in the wild began June 15. This week, confirm your version is at or above 10.2.4 or 10.0.7, and if you run Splunk on AWS, treat it as exposed by default and move it to the front of the patch queue.

ServiceNow Held the Report for Six Weeks

ServiceNow patched an unauthenticated-access flaw in a customer-instance API endpoint on June 5, after attackers used it to query data from hosted instances. The operational fact worth holding: ServiceNow received a bug-bounty report describing the issue on April 22 and shipped the fix on June 5, after activity against customer instances had already started. On a vendor-managed platform, that timeline was the vendor's to set, and customers found out after the patch landed. The action is concrete: read ServiceNow's advisory, confirm your instance received the update, and pull access logs on the affected endpoint to check for anomalous calls during the exposure window.

Your AI Outputs Get a Labeling Obligation on August 2

The European AI Office published its Code of Practice on Transparency of AI-Generated Content on June 10. It is the implementation guide for Article 50 of the AI Act, which becomes enforceable August 2: generative AI outputs that reach the public must be identifiable as AI-generated, deepfakes and AI-generated text on matters of public interest must be labeled, and users must be told when they are talking to a chatbot. The Code names the accepted mechanisms, signed metadata and imperceptible watermarking, with optional fingerprinting. If you deploy generative AI that produces customer- or public-facing content, this is the checklist your engineering and compliance teams can build against now instead of guessing at the obligation in July. Map which of your generative-AI deployments produce public-facing output and assign a labeling mechanism to each before the deadline.

Across most enterprises, machine identities now outnumber human ones by 109 to 1, per Palo Alto Networks' 2026 Identity Security Landscape. Service accounts, API tokens, and AI agents make up that population, with agents now a meaningful share of it. Hold that ratio against this week's two worst enterprise flaws. The Splunk and ServiceNow holes were both unauthenticated access: no human credential required, just a machine reaching an endpoint that assumed the caller belonged there. That is the 109-to-1 layer failing in production. Most identity programs were built to govern the 1, not the 109, and the incidents that bite hardest now live in that gap. The number worth bringing to your next architecture review is not how many employees you have. It is how many non-human identities can already reach your crown-jewel systems without a password.

Across the DoGood network, the question this week is not which AI coding tool is best. It is which one you can still count on owning your roadmap a year from now. If you run engineering or platform at a $100M+ company, that is a call worth comparing with peers facing the same one.

The CXO Brief is powered by the DoGood network, 5,000+ IT leaders sharing what they are actually working on.

Know a CIO who needs this? Forward it and they can subscribe here.

Enterprise IT leader at a $100M+ company? Apply to join DoGood.