The clearest signal today is not a new model benchmark, but AI coding economics getting less polite. Between DeepSeek’s 75% discount, Xiaomi’s new MiMo token-plan push, and reports that Microsoft is pulling back internal Claude Code licenses, the old assumption that coding help is both premium and effectively unlimited looks shakier by the week.
AI coding economics shift as DeepSeek cuts prices
DeepSeek’s AI coding economics story is straightforward on the facts and messy on the hype. Per DeepSeek’s pricing page, deepseek-v4-pro is currently priced at $0.003625 per 1M input tokens on cache hit, $0.435 per 1M input tokens on cache miss, and $0.87 per 1M output tokens, with the rates labeled 75% off from 2026/4/26 12:15 UTC through 2026/05/31 15:59 UTC. After that, DeepSeek says pricing will settle at one-quarter of the original price. Computerworld reports that the move is being read as an escalation in the AI pricing war.
Xiaomi matters here less because the notes prove a one-to-one price match, and more because they do not. Xiaomi’s official MiMo site now lists Xiaomi MiMo-V2.5-Pro as a “Flagship foundation model” with 1T total params, 42B active, and 1M extended context, but it presents the product through subscription and token-plan options rather than a clean API rate card, according to mimo.mi.com. That means the popular claim that MiMo 2.5 Pro now costs the same as DeepSeek V4 Pro is still unproven from the vendor docs in hand. What is proven is enough: DeepSeek has cut hard, Xiaomi is packaging aggressively, and coding models are starting to look more like metered infrastructure than premium software.
Microsoft reportedly shifts internal coding to Copilot
Microsoft has reportedly started canceling most internal Claude Code licenses and steering employees toward GitHub Copilot CLI after a trial period, according to Windows Central’s summary of a Verge report published May 16, 2026. The evidence level matters here. Anthropic’s own docs still present Claude Code as an active product, with current pages for overview, setup, costs, billing controls, and release notes, and Microsoft’s March 9 blog post still says Claude is available in Copilot through the Frontier program. So this looks like an internal licensing decision, not a public Microsoft-Anthropic breakup.
The more useful signal is cost visibility. Anthropic’s documentation says Claude Code team billing is based on API token consumption and includes workspace spend limits and usage tracking, per docs.anthropic.com. That lines up with the user reports in the research notes that companies are now bracing for much tighter usage allowances and far higher effective costs than flat monthly pricing implied. The exact repricing figures in those comments are not independently verified, but the broader point is: once enterprises move from trial-style access to token-accounted usage, coding agents stop looking unlimited very quickly.
Netherlands blocks sale tied to national ID infrastructure
The Dutch government blocked Kyndryl’s takeover of Solvinity on May 26, 2026, and Reuters reports the deal was worth €100 million, or $113 million. The important distinction is that Solvinity does not own the Dutch identity system. DigiD says on its official site that it is a service from Logius, which is responsible for availability, continuity, and security. Solvinity says its role is narrower: delivering and managing the platform on which the DigiD software runs, hosted in a dual secure government data center in the Netherlands.
That is still enough to get the deal stopped. Reporting from Reuters, TechCrunch, and Dutch outlets is consistent that the rationale was public interest and security. Kyndryl had announced the acquisition agreement on November 5, 2025, per its investor relations page, so this was not a speculative bid. The broader point is plain enough: European governments are starting to treat the companies operating identity infrastructure as strategic assets, even when the state still owns the service on paper.
Renamed files can still hit 7-Zip NTFS parser
A newly disclosed 7-Zip flaw widens the attack surface in a way most users will not expect. GitHub Security Lab says GHSL-2026-140 affects 7-Zip 26.00, with a fix shipped in 26.01 on 2026-04-27. The bug is a heap buffer overflow in the NTFS handler, and the advisory says it can lead to arbitrary code execution or application crashes. The vendor’s own site confirms 26.01 as the current release and lists NTFS among supported unpacking formats.
The sharp edge is detection behavior. According to the GitHub Security Lab advisory, 7-Zip uses signature-based fallback detection, so a crafted NTFS image can still reach the NTFS handler even if it is renamed to something that looks harmless, including .7z, .zip, .rar, or no extension. In other words, extension hygiene is not a complete defense when the parser is willing to inspect the contents and guess the format anyway.
Source: securitylab.github.com
Homework-style prompt injection is now easy to imagine
The specific Claude homework incident in the notes is anecdotal, but the underlying security issue is not. OpenAI’s official guidance calls prompt injection “a type of social engineering attack specific to conversational AI” and says malicious instructions can be embedded in third-party content, according to openai.com. A later OpenAI post from March 11, 2026 says the most effective real-world attacks increasingly resemble social engineering rather than simple prompt overwrites.
That is why this category of story matters even without a clean postmortem for one student’s chat log. The everyday version of prompt injection is no longer a red-team demo with a toy webpage; it is untrusted text inside documents, course material, pasted content, or anything else a model is asked to read. OpenAI’s December 22, 2025 post on hardening ChatGPT Atlas goes further and calls prompt injection one of the most significant risks for browsing and tool-using agents. As these systems gain more context and more permissions, weird text in ordinary files stops being weird and starts being an attack surface.
Cheap tokens, visible bills, hidden instructions, and governments rediscovering critical infrastructure. Normal week.
Sources
- Chinese coding models are collapsing in price again, api-docs.deepseek.com
- Microsoft customers face a 15x jump in Claude Code costs, windowscentral.com
- Dutch government blocks US bid for its national ID supplier, wincountry.com
- A renamed file can still trigger 7-Zip’s NTFS exploit path, securitylab.github.com
- Claude surfaced a hidden prompt injection in homework, openai.com
Related reading
- DeepSeek Tests Open Model Economics; Foreign Coauthors (2026-05-23)
- Canva’s AI pivot deepens just as the senior team walks (2026-05-26)
- Heretic Turns Guardrails Into Forks; AI Security Adds Another Alert Stream; Transformer Doubt Goes Public (2026-05-26)