Good afternoon. Five stories today, and four of them rhyme: capital and engineering are pouring into the layer above the model — the agents that actually do the work. Salesforce is buying one, OpenAI is building the channel to deploy them, a fresh startup raised to secure their identities, and India minted a new unicorn to build sovereign versions. The fifth story is the bill that comes due: the same reasoning that makes agent guardrails smart also makes them attackable. Start with the biggest check: Salesforce's $3.6B move on Fin. Prefer this once a week? Subscribe to the weekly brief.
1. Salesforce buys Fin (formerly Intercom) for $3.6B
Salesforce signed a definitive agreement to acquire Fin — the customer-service AI company formerly known as Intercom — in a deal valued at about $3.6 billion, Bloomberg and TechCrunch reported. Salesforce says it will fold Fin's customer-agent technology into Agentforce, its own fast-growing AI-agent platform, with the deal expected to close in the fourth quarter of Salesforce's fiscal 2027, subject to regulatory clearance. Per TechCrunch, Fin's agent handles support end-to-end across live chat, email, WhatsApp, SMS, phone and Slack, runs on Fin's own model — branded "Apex" — and brings more than 30,000 business customers; the company claims Apex resolves, on average, 76% of support volume without a human, a figure worth reading as Fin's own, not an independent benchmark.
Why it matters. This is the clearest signal yet that the agent wars are consolidating, not just expanding: rather than build a customer-service agent from scratch, the CRM leader is buying the category's most-deployed one — and the model underneath it — to bolt onto Agentforce. What to watch: the regulatory review (a multibillion-dollar acquisition of a model maker won't sail through unexamined), whether Apex stays independent of OpenAI and Anthropic inside Salesforce, and how many of those 30,000 Fin customers stay put through an integration.
2. OpenAI launches a $150M Partner Network
OpenAI announced its first formal partner program, committing $150 million and saying it aims to train and enable 300,000 certified consultants by the end of 2026. The program runs three tiers — Select, Advanced, and Elite — gated on sales performance, technical capability, co-sell engagement, and deployment experience, plus a "Forward Deployed Experts" pilot that pairs partner practitioners with OpenAI's own deployment engineers. It launches with a roster of heavyweights: Accenture, Bain, BCG, McKinsey's QuantumBlack, PwC, and Eliza. OpenAI's framing is the most interesting part — it argues the limiting factor for enterprise AI "is no longer model capabilities" but the work of finding the right use cases, redesigning workflows, and driving adoption. (As one cited example, OpenAI reports a Paychex payroll workflow built with Bain delivered an 80% reduction in wait time versus humans and a 30% reduction in human-review effort — OpenAI's figures, for one deployment.)
Why it matters. This is OpenAI building the consulting-and-systems-integrator channel that Microsoft, SAP, and Salesforce have leaned on for decades. Models are increasingly commoditized; distribution and deployment muscle are not — and a certified-partner army is how you reach enterprises that will never call OpenAI directly. What to watch: whether the 300,000-consultant target is anywhere close by December, how the program overlaps (or competes) with OpenAI's in-house Forward Deployed Engineering, and whether "exclusive frontier model" partners like Eliza pull integrators away from rivals.
3. NewCore raises $66M to give AI agents identities
NewCore emerged from stealth with $66 million at a roughly $300 million post-money valuation, in a round led by cybersecurity-focused Cyberstarts with Index Ventures and Evolution Equity Partners, TechCrunch reports. The pitch: enterprise identity systems were built for humans and service accounts, not for AI agents that can demand access to production systems within seconds. NewCore says it discovers, secures, and governs every identity in an organization — human, machine, and agentic — and ships an "Agentic Skill" integration so coding assistants like Anthropic's Claude Code, OpenAI's Codex, and Cursor reach enterprise systems as managed identities instead of through manually distributed credentials. It's early: fewer than 10 customers and more than 10 design partners, with paid plans expected to start this summer.
Why it matters. This is the plumbing the rest of today's brief implies. If agents are becoming "employees" that act on production systems, then identity, scoped access, and governance stop being afterthoughts — and a credential sprawl of API keys handed to autonomous tools is exactly the kind of risk security teams can't ignore. What to watch: whether incumbents (Okta, Microsoft Entra, CyberArk) absorb agent identity as a feature or whether startups like NewCore define the category — and how fast "managed agent identity" becomes a checkbox in enterprise security reviews.
4. Sarvam becomes India's newest AI unicorn
Bengaluru-based Sarvam raised $234 million in the first close of a Series B round, becoming India's newest AI unicorn at a $1.5 billion post-money valuation, TechCrunch and Business Today report. IT services giant HCLTech led with $150 million, joined by Bessemer Venture Partners alongside existing backers Khosla Ventures and Peak XV. Sarvam builds models tuned for Indian languages and use cases, with deployments described across banking, insurance, government services, and defense; the stated plan is to pair Sarvam's models with HCLTech's enterprise relationships, engineering workforce, and software assets to sell AI products to businesses and governments.
Why it matters. Sovereign-AI capital keeps flowing: governments and large enterprises increasingly want models they control, in their own languages, rather than renting frontier APIs from US labs. An IT-services conglomerate writing the lead check signals a distribution-first bet, not just a research one. What to watch: whether HCLTech's enterprise reach turns Sarvam into a genuine vendor or a national-champion experiment, and whether the rest of the $300M-target round closes near this valuation.
5. Researchers turn LLM guardrails into a denial-of-service weapon
A new arXiv preprint flips the usual security story: the reasoning that makes LLM guardrails effective against prompt injection and jailbreaks is itself a vulnerability. The authors show that a crafted input can trap a reasoning-based guardrail in extended reasoning loops — a denial-of-service that exhausts time and compute rather than manipulating the model's output. They built a beam-search optimization framework to generate natural-language payloads and report the attack generalizes across eight LLM families. Covering the work, CSO Online captured the perverse twist plainly: the stronger the guardrail reasons, the longer it reasons — so hardening the safety layer can widen the attack surface for availability. (This is a preprint; it has not yet been peer-reviewed.)
Why it matters. As more agents get wrapped in reasoning-heavy guardrails, availability becomes a security property, not just an SRE one — a single poisoned document could stall a shared agent workflow without ever "breaking" the model. What to watch: whether guardrail vendors add reasoning-budget caps and timeouts as a default, and whether this class of attack shows up in real incidents before it's designed out. If you're thinking about your own exposure, our sister site Smart Secure Haven covers the practical side of hardening the systems you actually run.
What to take from today
The connective tissue is that the action — and the money — has moved up a layer, from the model to the agent that uses it. Buying an agent (Salesforce), building the channel to deploy agents (OpenAI), securing what agents are allowed to touch (NewCore), and funding a sovereign stack to run them on (Sarvam) are four faces of the same bet. The fifth story is the reminder that the bet has a cost: the reasoning that makes agents capable also makes their guardrails a target. The builder's takeaway is the one we keep returning to — treat the agent layer like infrastructure now. Identity, governance, and availability are no longer things you add later; they're the things that decide whether an agent in production is an asset or a liability. And as always: don't single-thread on one model, one vendor, or one assumption that today's setup is permanent.
Tomorrow's brief lands by 15:30 UTC. If you'd rather read this in your inbox once a week — just the stories that actually matter — subscribe here.