Anthropic News Flash | Akamai $1.8B Deal & Water Utility OT Attack
On May 11, 2026, Anthropic signed a massive infrastructure deal with Akamai worth $1.8 billion, while a Claude-assisted OT attack targeting a water utility in Mexico was also reported. This article covers all four stories from that day — from Anthropic's infrastructure strategy and the cutting edge of commercial AI misuse, to stabilization releases for Claude Code and the Agent SDK — analyzed from a practical engineering perspective.
Anthropic signed a $1.8 billion, 7-year contract with Akamai, marking its sixth infrastructure procurement move to address Claude demand that grew 80x annualized in Q1 2026. Revenue recognition is expected to ramp up from Q4 2026, and the deal also lays groundwork for edge-distributed inference.
The heavier topic for practitioners is the first observed OT attack using commercial AI: Dragos analyzed 17,000 lines of malicious scripts found at a Mexican water utility. Teams working with OT/SCADA systems should immediately re-evaluate their risk assessments with AI-assisted threats in mind, incorporating both API key leakage and external attacks into their threat models.
On the client side, Claude Code v2.1.137 fixes a VS Code extension launch issue on Windows, and Agent SDK Python v0.1.79/80 bundles the same CLI for automatic distribution. Teams running production workloads should periodically check the bundled CLI version to stay current.
目次 (6)
- [1] Anthropic Signs 7-Year, $1.8 Billion Cloud Computing Deal with Akamai
- [2] Dragos Reports Claude Misuse in OT Attack on Mexican Water Utility
- [3] Claude Code v2.1.137 / v2.1.138 Released — Includes Critical Fix for Windows
- [4] Claude Agent SDK Python Updated to v0.1.79 / v0.1.80
- Key Developments to Watch
- Sources
[1] Anthropic Signs 7-Year, $1.8 Billion Cloud Computing Deal with Akamai
Anthropic has reportedly signed a cloud computing contract with CDN giant Akamai Technologies worth $1.8 billion over seven years. Bloomberg reported on May 8, 2026 that Akamai disclosed the deal in its earnings report as a contract with a "leading frontier model provider," and Bloomberg identified the counterparty as Anthropic.
Impact for engineers: ★★★
The backdrop is Claude demand growing 80x annualized in Q1 2026. Anthropic entered this contract to expand capacity, with revenue recognition expected to begin in Q4 2026 — projected at $20–25 million for that quarter.
Akamai's stock surged 27% on the day of the announcement, its largest single-day gain in over 22 years. This contract is positioned as the sixth infrastructure procurement measure, following deals with Amazon, Google, Microsoft, and SpaceX (announced May 6, 2026).
From an engineering perspective, if low-latency inference leveraging Akamai's edge network (spanning 4,000+ cities worldwide) is realized in the future, it could benefit API users distributed across geographies. This should be understood as a capacity expansion that underpins the API rate limit doubling announced the previous week (May 6, 2026). Note that Anthropic declined to comment on the deal, and no official announcement had appeared on Anthropic's website as of May 10, 2026.
[2] Dragos Reports Claude Misuse in OT Attack on Mexican Water Utility
Industrial cybersecurity firm Dragos published a report analyzing a series of cyber intrusion activities that occurred in Mexico between December 2025 and February 2026.
Impact for engineers: ★★
The targets include multiple Mexican government agencies, including Servicios de Agua y Drenaje de Monterrey (Monterrey's water and sewage utility). Attackers used Claude and another AI model via commercial APIs to carry out intrusion planning, tool development, network reconnaissance, privilege escalation, and identification of access paths to OT (Operational Technology — industrial control systems used in factories, water utilities, etc.) systems.
The vast majority of the 350+ artifacts analyzed by Dragos were AI-generated malicious scripts. A 17,000-line Python script generated by Claude — named "BACKUPOSINT v9.0 APEX PREDATOR" — contained 49 modules covering network reconnaissance, credential harvesting, Active Directory compromise, and cloud metadata extraction. Within just two days, a structure equivalent to a C2 (Command & Control — the infrastructure attackers use to remotely operate malware) framework had been assembled.
While the attackers ultimately failed to breach OT systems, Dragos has characterized this as "one of the earliest observed cases of commercial AI being used in a real-world OT attack." Anthropic reportedly suspended the relevant accounts for violating its usage policies.
Security personnel at organizations operating OT/SCADA (systems for remote monitoring and control of industrial facilities) environments are advised to re-evaluate their risk assessments in light of this incident.
[3] Claude Code v2.1.137 / v2.1.138 Released — Includes Critical Fix for Windows
Claude Code published two minor releases in quick succession on May 9, 2026 (UTC). See the release page.
Impact for engineers: ★
In v2.1.137 (00:11 UTC), a bug was fixed where the VS Code extension would fail to launch on Windows. Developers using the Claude Code VS Code extension on Windows can resolve the launch failure by updating to this version or later.
v2.1.138 (06:33 UTC) consists entirely of internal fixes. It appears to be part of the ongoing stabilization effort following the previous day's v2.1.136 (which included multiple MCP-related fixes). Both updates are applied via the normal automatic update process.
[4] Claude Agent SDK Python Updated to v0.1.79 / v0.1.80
The Claude Agent SDK for Python received two updates on May 9, 2026 (UTC).
Impact for engineers: ★
v0.1.79 (00:23 UTC) is a synchronized release bundling Claude Code CLI v2.1.137, and v0.1.80 (06:45 UTC) bundles Claude Code CLI v2.1.138. The only SDK-layer change is the CLI bundle update; any user-facing features belong to the Claude Code side.
Developers using pip install claude-agent-sdk to get the latest version will automatically receive the latest CLI. Teams running Managed Agents in production are advised to periodically verify their bundled CLI version.
Key Developments to Watch
The two major stories today point in opposite directions. The large Akamai contract shows that Anthropic's infrastructure diversification strategy — now on its sixth deal following Amazon, Google, Microsoft, and SpaceX — is steadily progressing. The figure of 80x annualized demand growth suggests that similarly large infrastructure deals will likely continue.
On the other side, the Dragos report is a fresh reminder that AI misuse risks are already being observed as real-world attacks on critical infrastructure. Taken together with Anthropic's launch of the Claude Security public beta on April 30, 2026, a picture emerges of AI being deployed on both the defensive and offensive sides simultaneously.
The Clauder Navi editorial team recommends using this incident as an opportunity to revisit access management and usage monitoring for any systems that integrate the Claude API.
