Welcome to the third edition of Level.UP, brought to you by UP.Labs.

This week, we look at what's driving the enterprise AI horse race between Anthropic and OpenAI. We also look at what two Claude Code incidents reveal about the security assumptions that agentic AI has quietly broken.

Plus: Four signals from the week, from the factory floor to the drive-thru.

Think someone else needs this? Forward it to a colleague navigating the same terrain.

Anthropic and OpenAI have their sights set on enterprise. 

OpenAI just announced "Frontier Alliances" — partnerships with BCG, McKinsey, Accenture, and Capgemini to redesign workflows and deploy its agent platform inside enterprise clients. Anthropic has made similar moves with Deloitte and Accenture. And its bet on Claude Code to win technical teams is showing up in their product engagement metrics.

Last month, Anthropic's LLM adoption surged from 16.7% to 19.5%, one of its largest monthly gains on record. OpenAI, meanwhile, slipped from 36.8% to 35.9%.

Then last weekend accelerated everything. After Anthropic refused to remove safety guardrails for the Pentagon, the Defense Department flagged them as a supply chain risk and handed the contract to OpenAI. The backlash was swift: ChatGPT uninstalls jumped 295% in a single day, and Claude hit #1 on the U.S. App Store for the first time.

The enterprise AI race is still concentrated in white-collar environments: legal, finance, software development. 

Manufacturing, logistics, and energy remain largely uncontested, and the barriers there are of a different kind, not just degree. 

It's not about getting a senior associate to use a better drafting tool. It's embedding intelligence into operations where data is fragmented across machines, suppliers, shop floors, and ERPs.

Most enterprise AI deployments stall here — not because the models aren't capable, but because the underlying data was never structured for them. That’s the problem we’ve been building for at UP.Labs. PartsPulse (the first company out of our Manufacturing Venture Lab, created in partnership with Wabash) gives OEMs, dealers, and fleet operators a unified command center for inventory planning, pricing, and sales intelligence on a single platform.

The problem it addresses is a perfect illustration of why physical industries are still wide open. In aftermarket parts, pricing teams, inventory planners, and sales teams have historically operated in complete silos — the result being millions of dollars in inventory in the wrong place, priced incorrectly, or both. 

That's not an AI problem. It's a data architecture problem. And it's exactly where the next wave of enterprise AI value will be built.

Check Point researchers recently disclosed three patched vulnerabilities in Claude Code that enabled remote code execution and API key theft, triggered simply by cloning a malicious repository — no additional interaction required. Before a trust prompt appeared, the attacker already had access.

Around the same time, a software engineer accidentally gained control of roughly 7,000 DJI Romo robot vacuums all over the world — while using Claude Code to build a PS5 controller for his own. His authentication token turned out to be a skeleton key for DJI's entire fleet, exposing live camera feeds, floor plans, and location data from homes across 24 countries.

The Claude Code vulnerabilities are a useful case study, but the deeper issue isn't about a single tool or patch. It's about what happens when AI systems acquire the ability to act: to make purchases, execute code, call APIs, interact with external services — and organizations haven't updated their security assumptions to match. 

The DJI story shows how industrial environments compound identified security risks. Physical AI systems — robots, connected equipment, autonomous tools on factory floors — create attack surfaces that are qualitatively different from software vulnerabilities. A compromised robot vacuum leaks your floor plan and live camera feed. A compromised piece of industrial equipment can take down a production line or even harm human workers.

The stakes are categorically higher when the target is critical infrastructure. Early industrial AI was read-only: sensors, dashboards, monitoring. Today's agentic tools execute decisions. A bad actor accessing a dam, chemical plant, or power utility isn't just looking at data anymore; they're looking at controls. An AI hallucination in that environment isn't a wrong answer; it's a facility failure.

The stories above are precisely why humans need to stay in the loop as structural safeguards. Not every decision needs a human. But the ones that touch external systems, proprietary data, or physical operations should most certainly.

For enterprise leaders, this means two concrete things. First, AI tools integrated into development or operations workflows need the same security scrutiny as any other piece of infrastructure — what they can access, what they execute automatically, and what data flows out.

Second, agentic systems operating in physical environments require a higher bar: not just code review and access controls, but validation of how the system behaves when something goes wrong, from a miscommunication with a supplier API to an autonomous action taken faster than a human can intervene.

Source code isn't the crown jewel of corporate IP anymore: code and its surrounding automation layer matter more than ever. Control the automation, and you control the operation. Miss security vulnerabilities, and someone else will find them first.

Ready to work smarter? Here are the tools we're using to actually get more done:

OpenAI's Former Research Chief Is Building an Autonomous Factory. Bob McGrew, OpenAI's ex-chief research officer, is raising $70M at a $700M valuation for Arda, a platform to automate manufacturing and coordinate robotics. Founders Fund and Accel are co-leading. The signal: the talent that built frontier AI models is now pointing at the factory floor. The race for physical AI just got a lot more credentialed. → Read more

Burger King Puts AI in Its Employees' Ears.  BK's new "Patty" chatbot monitors whether staff say "please" and "thank you," and the reaction was swift. The learning: when AI shows up as a watchdog, trust erodes. But when it's built as a coaching tool, the dynamic flips entirely. That distinction matters for any enterprise leader deploying AI in customer-facing or frontline operations. → Read more

Jack Dorsey Cuts 4,000 Employees, Citing AI. Block recently cut 40% of its workforce. Dorsey suggested the rest of corporate America is about to follow suit, predicting that the majority of businesses will reach the same conclusion within a year. The bigger question: Will this pattern actually move beyond tech into industries with physical assets, space requirements, and unionized workforces? → Read more

Bezos Bets Big on Physical. Project Prometheus, the AI lab co-founded by Jeff Bezos, is raising tens of billions to acquire and transform industrial companies using AI. It already raised $6.2B at a $30B valuation. The signal: the buy-and-transform playbook isn't new. Private equity has been running it in healthcare and SMBs for years. What's different is the AI layer on top, and the scale of capital chasing it. The open question is whether physical industries can absorb transformation fast enough to justify the investment. Retrofitting a factory isn't a software update. → Read more