Anthropic at $852B, Adobe's zero-day, and SumUp picks London

Morning Edition — Thursday 16 April 2026 · Compare the Cloud

Compare the Cloud · First taste

CTC Newsroom

The plumbing of global finance just moved onto public cloud — and the SEC is fine with it.

DTCC, the post-trade infrastructure firm that cleared $3.7 quadrillion of US securities activity last year, has committed to migrate specified core clearing and settlement systems onto AWS, and extended its Microsoft Azure arrangement to cover its entire digital assets business. The move follows a Notice of No Objection from the SEC and marks one of the largest public-cloud migrations financial services has ever attempted.

$3.7qn

securities value cleared in 2024

$99tn

assets under DTCC custody

150

countries with securities in the depository

Read the subtext: the SEC has signed off on systemically important clearing running on hyperscaler infrastructure. That is the moment public cloud stops being 'a choice' for regulated finance and starts being the default posture. Every UK financial services CIO sitting on a private-data-centre strategy should have spent this morning re-reading their board paper. And note the dual-vendor split — AWS for clearing, Azure for digital assets — that is not diplomacy, it is concentration-risk management written in contract form. Expect the FCA to be watching closely, because wherever DTCC treads, the operational-resilience playbook follows.— Kate Bennett · CEO, Compare the Cloud

Source · Compare the Cloud · 15 Apr 2026

UK · Sovereign Compute

Stargate slips in Britain, and the grid is the reason.

Sifted reports OpenAI has paused the UK leg of its Stargate data-centre programme — the headline project Whitehall had been leaning on to evidence its AI-growth narrative. Power availability, planning consents and multi-year grid-connection queues are named as the proximate blockers. The wider question is whether the UK can host any of the compute class its ministers keep announcing.

We have been saying this for three years on the podcast: you cannot build a sovereign-compute story on a grid that queues new connections in years rather than months. The UK's problem is not ambition, it is the unsexy plumbing — substation capacity, permitted-development reform, water licensing for liquid cooling. If Stargate slips here, that is not OpenAI's failure. It is ours.— Kate Bennett · CEO, Compare the Cloud

Source · Sifted · 3d ago

China · Autonomy

· · ·

Xiaomi's XLA pivot is China's self-driving race moving past the Tesla copybook.

Xiaomi has re-architected its assisted-driving stack around an XLA — cross-modal large-action — cognitive model, moving beyond the end-to-end and rule-based approaches that defined the 2024–25 Chinese autonomy race. The pitch is humanlike decision-making under ambiguous road conditions; the mechanism is a single model reasoning across vision, language and action tokens rather than a pipeline of bolted-together perception and planning stages.

In Xiaomi's telling, rule-based was the first move, end-to-end was the second, and XLA is the third — with the explicit claim that pure data-scaling on end-to-end systems has already hit a ceiling. It is the same architectural shift the Tesla FSD team signalled mid-2025, arriving in a mainstream Chinese consumer vehicle first.

Two things to watch here. One: the Chinese EV pack is no longer copying Tesla, it is running ahead on the model architecture — XLA shipped on a consumer car before it landed in a US flagship. Two: the same VLA/XLA pattern is about to turn up in enterprise robotics, warehouse automation and industrial control, because the cognitive step is decoupled from the vehicle. If your business case for AI assumes the frontier models all come from San Francisco, it is time to rewrite it.— Kate Bennett · CEO, Compare the Cloud

Source · KrASIA · 2d ago

Subscriber access · The rest of today's edition

Seven more stories, plus Kate's full commentary.

You've read the top three. Subscribe — free — and the rest of today's edition unlocks immediately. Tomorrow's lands in your inbox before 10am.

Daily · Free · Unsubscribe in one click

Europe · Quantum / Compute

$139M · Series A

Sygaldry's Series A is Breakthrough Energy's bet that compute is now a climate problem.

2027

first silicon

Hybrid

quantum / classical rack

BEV

lead investor

Two patterns worth pulling out of this. First: Breakthrough Energy is writing compute cheques — the 'AI is a climate problem' framing has fully crossed over into capital allocation. Second: the people who built the first quantum wave are recycling into hybrid plays, which is what happens when pure-quantum timelines slip. Watch it, do not buy into it yet.— Kate Bennett · CEO, Compare the Cloud

Source · Tech Funding News · 13h ago

CVE · Agentic

Security · Agent Supply Chain

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.

A now-disclosed CVE across Microsoft Copilot Studio and Salesforce Agentforce allowed indirect prompt-injection via tool-call chains to exfiltrate content an agent was nominally authorised to read. Microsoft has patched the primary vector; VentureBeat's own testing confirms the secondary path — exfil via a second connected tool — still works under specific scopes.

"Every agentic platform in production should re-audit its tool-call permissions today, not this quarter."

Prompt injection is the new SQL injection and we are sitting exactly where the industry was in 2004 — patching one syntax while three others stay open. If you have bolted an agentic layer onto Microsoft 365 or Salesforce, the right question today is not 'is our patch level current' but 'what is the blast radius of every read-scope we have granted an agent'. Inventory first, then turn things off.— Kate Bennett · CEO, Compare the Cloud

Source · VentureBeat · 7h ago

cat /data/sql-agent.policy

Microsoft · Data API Builder

Microsoft quietly surrenders NL2SQL — and publishes the replacement.

Instead of pushing natural-language-to-SQL translation further — error-prone in production since GPT-3 — Microsoft has re-tooled Data API Builder (DAB) into a Model Context Protocol server that exposes a schema-aware, deterministic query surface to an LLM. The agent supplies intent, DAB generates the SQL, the database does only what the schema permits.

pattern: LLM intent → DAB resolver → parameterised SQL
determinism: schema-bound, not prompt-bound
classification: replacement for NL2SQL chat-over-warehouse experiments

The interesting bit is not the MCP — it is Microsoft publicly giving up on NL2SQL. For anyone running a data team, this is cover to stop the 'can we bolt a chat window onto the warehouse' conversations. The answer is no, and now there is a reference architecture for doing it the grown-up way. Steal the pattern, do not wait for it to arrive as an Azure SKU.— Kate Bennett · CEO, Compare the Cloud

Source · iThome Taiwan · 6d ago

Hyperscaler · Silicon

Intel and Google widen their AI silicon pact — and the hyperscalers quietly rebuild second-sourcing.

Intel and Google have expanded an existing AI-infrastructure agreement: Google commits to Intel's Gaudi 3 accelerators inside Cloud TPU-adjacent regions, and Intel agrees to joint silicon-level optimisation for Google's training stack. It is a reorientation for Intel — which has lost generative-AI mindshare to Nvidia and AMD — and a diversification bet for Google.

Hyperscalers are quietly rebuilding the second-sourcing playbook they pretended they did not need during the Nvidia boom. If you are procuring AI compute across 2026–2027, treat this deal as permission to stop single-vendor-ing on Nvidia. Ask your cloud rep what the Gaudi and TPU price-performance looks like for your workloads — not their marketing benchmark.— Kate Bennett · CEO, Compare the Cloud

Source · eeNews Europe · 1d ago

UK · Fintech listings

Sterling.

SumUp picks London over New York — a continental fintech puts the City back on the IPO map.

German-British payments group SumUp, valued at roughly €8bn at its last private round, has appointed Goldman Sachs, JPMorgan and Morgan Stanley for a potential London listing. It would be one of the largest European fintech IPOs in London since Deliveroo, and is the first time in two years a continental fintech has walked past the New York listing path.

The last three years of fintech IPO narrative have been 'if you can list in New York, you list in New York'. SumUp choosing London is a meaningful break from that — and it is a direct dividend of the FCA's listings reform from last year. It does not reverse the two-year drought on its own, but it is the first credible test that the reformed regime can actually win a deal. For UK SMBs, a deeper City fintech bench also means more competitors eventually underwriting their payment rails.— Kate Bennett · CEO, Compare the Cloud

Source · Sifted · 1d ago

ALERT · PATCH NOW

Adobe Acrobat zero-day has been exploited since December — patch Reader and Acrobat inside 72 hours.

Adobe has confirmed active exploitation of CVE-2026-34621, a prototype-pollution flaw in Acrobat and Acrobat Reader that has been weaponised in the wild since December 2025, initially against the Russian energy sector. CVSS 8.6, both Windows and macOS clients affected, patched 11 April 2026. Adobe is telling enterprise IT to update within 72 hours.

Force-update Acrobat and Acrobat Reader (Windows + macOS) across the estate this week, not next.
Treat PDF attachments from untrusted senders as untrusted payloads until rollout completes.
Hunt for suspicious Reader/Acrobat child-process creation on high-value endpoints back to December 2025.
Check managed-device baselines — many corporate images still carry the pre-patch build.

The uncomfortable part here is not the CVE, it is the dwell time. Four months of active exploitation before the patch lands means whoever wanted in has already been in. The update is the first step, not the fix. If Reader is deployed on executive endpoints — and it almost always is — assume compromise and hunt backwards, do not just patch forwards.— Kate Bennett · CEO, Compare the Cloud

Source · ITmedia Enterprise · 2d ago

Policy desk

CLAUSE X

Security

South Africa · Infosec practice

Werner Lindemann: AI has rewritten the attacker playbook, and compliance is eighteen months behind.

In a long-form TechCentral interview, Werner Lindemann — a South African financial-services security leader — argues that the perimeter-and-playbook model is breaking under generative-AI-assisted social engineering, and that infosec leaders must rebase on behavioural, data-centric defences. He is blunt that compliance frameworks lag the real threat curve by at least eighteen months.

South African banking fought AI-enabled fraud at scale earlier than most European peers — attack volumes forced it. The piece is one of the clearer African-voice reads on where AI practically changes security practice.

§1 Shift from perimeter to data-centric controls. §2 Assume your regulator is 18 months behind your attacker. §3 Treat staff as the primary attack surface, not a compliance footnote.

It is worth paying attention to the security thinking coming out of South Africa specifically — their banking sector fought AI-enabled fraud at scale earlier than most European peers, because the attack volumes forced it. Lindemann's eighteen-month lag is, in my view, conservative. Do not wait for your regulator to tell you to move to data-centric controls; your attackers already have.— Kate Bennett · CEO, Compare the Cloud

Source · TechCentral ZA · 20h ago