The AI supply chain is compromised. Most marketing teams don’t know they’re downstream.
OpenAI and Anthropic both launched billion-dollar deployment companies this week, embedding engineers inside organizations to help them integrate AI. Meanwhile, the ad platform race kept moving with AI at the core: ChatGPT ads expanded to five new countries, OpenAI hired The Trade Desk’s chief strategist to run monetization, and Amazon pitched ad tech infrastructure at its upfronts instead of primetime. Additionally, this week we cover two stories. First, why trust in the AI supply chain is now a marketing procurement question, with specific data on how public code registries have been compromised. Second, new data from Microsoft showing that only 19% of workers and their organizations are aligned on AI readiness, and what the global adoption map means for marketing teams operating across regions.
Let’s get into it.
— Vas
This Week’s Signals
AI & Big Picture
OpenAI and Anthropic are now consulting businesses: Both launched $10B+ enterprise deployment firms. OpenAI’s “Deployment Company” (TPG, SoftBank, Brookfield) and Anthropic’s services firm (Blackstone, Goldman Sachs, Apollo) will embed engineers inside companies to integrate AI. Both racing toward IPOs. (OpenAI | Anthropic)
AI data centers are heading to the ocean: Peter Thiel-backed Panthalassa raised $140M to build floating data centers powered by wave energy. Steel spheres with onboard AI chips cooled by seawater, transmitting via satellite. $765 billion in land-based spending is hitting community resistance. (Ars Technica)
AI & Marketing
ChatGPT ads go global: OpenAI expanding to UK, Japan, South Korea, Brazil, and Mexico. Projects $2.5 billion in ad revenue for 2026. Partnered with StackAdapt and Kargo. (Adweek)
OpenAI poaches The Trade Desk’s chief strategist: Samantha Jacobson, CSO at TTD for five years, joining OpenAI as VP of Partnerships (Monetization). Latest in a string of TTD leadership departures. (Adweek)
Amazon turning the upfronts into an ad tech pitch: Unified buying platform merging DSP and Ads Console, AI “Ads Agent” that builds campaigns from media plans, MCP integration for agency systems. (Digiday)
Google tries to give traffic back to publishers: New features in AI Mode add direct links, website previews, and subscription access within AI answers. Shelly Palmer: “No amount of enhanced linking solves the fundamental tension between comprehensive AI answers and the need to drive traffic to source websites.” (Shelly Palmer)
Who Touched the Code That Touches Your Customer Data
Every AI tool your team is evaluating runs on code from public registries, open marketplaces where anyone can upload models, plugins, and agent skills. In 2026, those registries are getting attacked, and marketing teams are downstream.
The numbers: an audit of one AI agent marketplace found that 12% of available skills were malicious. A separate analysis put the number at 36% containing security flaws. A single supply chain compromise earlier this year exposed 500,000 API keys in under two hours. These are not theoretical risks. The payloads steal credentials, access customer databases, and hijack AI agents.
Build-versus-buy used to be about cost versus control. AI added a third variable: trust in the supply chain. Who touched the code that touches your customer data?
Where marketing teams are exposed
Not every AI workflow carries the same risk. Three scenarios showed up in the documented attacks:
• Your team is building with AI coding tools. Marketers vibe-coding internal tools with Cursor or Lovable auto-install packages from public registries that nobody reviews. One compromised package targeted Claude Code, Cursor, and Codex CLI specifically, harvesting API keys in under ninety minutes.
• Your AI agents use third-party skills or plugins. Agent marketplaces let anyone publish. In one case, thirty skills from a single author were silently hijacking agents for cryptocurrency mining. If your agent has access to customer data, so does the malicious skill it installs.
• Your vendors inherited the risk for you. The “AI SDR” or “AI research tool” you are paying for was likely built on open frameworks. Their supply chain is now yours. You did not choose those dependencies.
Closed platforms are not risk-free either. The 2024 Snowflake breach hit 165 companies through credential theft at a third-party provider. Closed shifts who owns the risk. It does not remove it.
Four questions to ask every AI vendor before you sign or renew
1. Where do your models come from, and who scans them?
2. Are your agent tools from a public registry, and how is that registry curated?
3. How do you handle software updates, do you auto-update without review?
4. Who has independently audited your supply chain in the last 90 days?
If a vendor cannot answer these in writing, that is your answer.
Pull up your three biggest AI vendor contracts this week. Send each vendor these four questions. If they cannot respond within a week, that tells you everything you need to know before renewal.
Sources:The Next Web|Protect AI / Hugging Face audit|Snyk ToxicSkills|Snowflake breach (CSA)
The Readiness Gap Has Three Layers
Microsoft published two AI adoption reports this month. Together they show the same problem from three angles.
The first, the Global AI Diffusion report, measures how many people actually use generative AI. Globally, 17.8% of the working-age population. The UAE leads at 70.1%. Singapore follows at 63.4%. The US ranks 21st at 31.3%, behind France, Spain, the UK, and South Korea. Less than a third of American workers use AI in any form.
Source: Microsoft Global AI Diffusion Q1 2026.
The second report, the 2026 Work Trend Index, surveyed 20,000 knowledge workers across 10 countries and mapped them on two axes: individual AI capability and organizational readiness.
Source: Microsoft Work Trend Index 2026. 20,000 AI users across 10 markets.
Three findings for marketing leaders.
First, 31% of AI users are misaligned with their organizations. Either the worker has outpaced the company (10% blocked) or the company has outpaced the worker (5% unclaimed). Only 19% are in the zone where both sides reinforce each other.
Second, the biggest factor behind AI impact isn’t individual skill. Organizational factors like culture, manager support, and talent practices account for twice the reported AI impact (67%) as individual mindset and behavior (32%). The environment matters more than the person.
Third, the global picture compounds the problem. The fastest-growing AI markets are in Asia: South Korea (+43%), Thailand (+36%), Japan (+34%), driven by improvements in local-language AI models. The Global North-South gap widened for the third consecutive quarter, from 9.8 to 12.1 percentage points. If you’re running AI-powered marketing across regions, your customers are at wildly different levels of AI readiness, and your own teams probably are too.
Sources: Microsoft Global AI Diffusion Q1 2026; Microsoft Work Trend Index 2026.
Marketing Embeddings is read by 20,000+ CMOs, CTOs, and media leaders navigating AI’s impact on marketing. Forward this to someone who needs to see it.
