OpenAI and Anthropic have battled for workers, customers, and public attention. The rival AI labs have been on opposite sides of policy proposals, and their CEOs were the only ones not to link hands among a dozen industry leaders at a business summit earlier this year. But they do have one big area of overlap: their investors.

About 90 venture capital firms and other money managers have invested in both OpenAI and Anthropic over the past few years, according to a WIRED analysis of data from PitchBook, a platform that tracks startup investments. OpenAI shares about 42 percent of its overall investors with Anthropic, according to the data. Roughly a third of Anthropic investors are also OpenAI backers, including major firms like Sequoia Capital, Greylock, Founders Fund, Redpoint Ventures, Emerson Collective, and Sound Ventures.

Just last week, Anthropic made a fundraising announcement that named 31 investors—at least 13 of which have stakes in OpenAI, according to the PitchBook data and WIRED reporting. The number of common investors may be an undercount, because collecting information about private investments is challenging. WIRED identified at least a couple of investors missing from OpenAI’s roster in the PitchBook data, including Amazon.

The amount of overlap is astonishing for two fierce competitors that began their fundraising within a couple of years of one another. Three experts who study the venture capital industry described the commonality as unusual, or even unprecedented. The phenomenon reflects the recent evolution of the venture capital industry, the emergence of two extraordinary companies that have raised unheard-of sums of money, and the wide-open competition among them and others in AI.

“The ownership structure you are seeing right now is a real insight into how sophisticated investors are viewing this market, and the answer seems to be that few are convinced this will be a winner-take-all market, or if it is, who the dominant player will be,” says Tom Nicholas, a Harvard Business School professor and author of VC: An American History.

The intersection of investors is also notable as Anthropic and OpenAI aim to make their stock market debuts this year. Initial public offerings are often a chance for investors to realize gains in their ownership of a startup. But last year, just two-thirds of IPOs attracted a significant pop in value. With bets in both OpenAI and Anthropic, investors may be doubling their odds of success.

“Rather than looking at these companies as overlapping technologies, what these large investors are doing is protecting their ability to create returns,” says Kyle Stanford, director of venture capital research at PitchBook.

OpenAI and Anthropic didn’t respond to requests for comment. Several venture capital firms that invested in OpenAI and Anthropic also declined or didn’t respond to requests for comment about why they decided to back both.

A few would speak only on the condition of anonymity to avoid jeopardizing industry relationships, and each called the dueling investment opportunities with OpenAI and Anthropic unlike any circumstance they had encountered before.

Historically, venture capital firms have concentrated their bets on one company in an area of competition to avoid conflicts of interest, Stanford says. Companies sometimes share proprietary information with investors or lean on them for advice or governance, and having stakes in rivals invites awkward conversations.

Just when you thought the AI data center boom couldn’t get any crazier, Meta has gone and built data centers in tents. The strategy appears to borrow in equal parts from Tesla and xAI.

In a bid to cut construction time in half, Meta has built six tents — or “rapid deployment structures” as the company describes them — outside of New Albany, Ohio, according to Michael Thomas, founder of Cleanview, which tracks data center deployments.

Thomas’ findings aren’t totally new. Meta CEO Mark Zuckerberg spoke to The Information last year about his plan to use weatherproof tents to house the company’s multi-gigawatt data centers.

But Thomas’ images and review of local permits showcase the speed of construction and scale of the project. According to city permits reviewed by Thomas, Meta started building five 125,000-square-foot tents between April and June. The satellite images he shared in his post on X show the structures have all been built.

The use of tents is reminiscent of those Tesla built in the parking lot of its Fremont, California factory when it was rushing to roll out the Model 3. The site is also powered by 200 megawatts of modular gas turbines nearby, a tactic popularized by competitor xAI.

Inside the tents, AI chips, likely worth billions of dollars, will go about their business.

The tents have sprung up as Meta has struggled to release its AI models to developers. A recent report in The Wall Street Journal found that Meta’s latest model, Muse Spark, is complete, but the APIs that developers rely on to access it have been repeatedly delayed.

Meta has said it intends to spend up to $145 billion on data centers and other capital expenditures. Wall Street hasn’t liked the sound of that, with Meta’s stock trading down 5% this year. Putting AI chips in tents is one way to trim the bill. 

TechCrunch has reached out to Meta for comment and will update this article if it responds.

databases

SQL Server licenses can now be consumed in the rival cloud’s DBaaS

Microsoft now lets customers apply existing SQL Server licenses toward SQL Server usage on AWS’s managed relational database service (RDS).

The move promises to give customers who decided to go with AWS an easier path to consuming their SQL Server systems as a service, rather than in virtual machines.

In a blog post, Amazon explained that customers paying with Microsoft’s Software Assurance licensing program could only previously bring their SQL Server licenses to AWS on self-managed Amazon EC2 through the Redmond vendor’s License Mobility program.

“If you wanted a fully managed database like Amazon Relational Database Service (Amazon RDS), and you already had SQL Server licenses, you had to pay for licensing a second time through the License Included model,” RDS database engineer Srikanth Katakam said.

Amazon’s Bring Your Own Media (BYOM) for RDS for SQL Server lets customers use existing SQL Server Enterprise or Standard Edition licenses to cover both installation media and licensing on the managed service, with no additional fees.

The process includes three steps, Amazon told The Register: customers submit a License Mobility Verification Form to Microsoft to confirm eligibility; they upload their SQL Server Release to Manufacturing media to Amazon S3; and in the Amazon RDS Console, users should select their SQL Server major version, point to the media file in S3, choose their minor version, and create the database.

Customers can track their Microsoft SQL Server license usage with AWS License Manager.

Microsoft has declined to comment on why it got involved in the deal. For Amazon, the self-interest is clear: it wants to get the data nearer to its AI tech.

“Once that operational data is in the cloud, it sits alongside AWS AI and analytics services — so teams can build agentic AI applications that reason directly over their business data without complex data pipelines or infrastructure constraints,” AWS said in a statement.

Microsoft has its own equivalent technology in Fabric, its data lake and analytics environment, which also offers a control console to manage databases.

In the absence of any firm statement from Redmond, it seems reasonable to assume that SQL Server is no longer the strategic priority it once was for the Microsoft. It is inviting users to migrate to its database services, Azure SQL and SQL database in Fabric. Like AWS, users can also choose from a bunch of database services, including those running MySQL and PostgreSQL, which Microsoft has been increasingly vocal about

SQL Server remains third in the DB-Engines ranking, although its popularity has been on the slide for more than five years, and it looks like it will be overtaken by PostgreSQL in the near future.

However that may not be of great concern to Redmond’s accountants. As a database vendor, Microsoft is doing fine.

As Adam Ronthal, vice president analyst at Gartner, pointed out: “Of the leading vendors in 2011 (Oracle, IBM, Microsoft, and SAP), only Microsoft has grown their market share in the last 15 years.” ®

This yen for experimentation can extend into brand partnerships. The meal I was least excited about in this season’s testing was actually the one I was initially most excited about. EveryPlate has been experimenting with a series of partnerships with boutique food brands, including New York Chinese–inspired dumpling brand Mimi Cheng’s. In this case, the flavors didn’t quite gel, and many of the dumplings arrived broken. In the meantime, EveryPlate has moved on and is now making dishes using flavored chickpeas and beans from craft canning brand Heyday.

I’ve had few mishaps with ingredients, but they do happen. A zucchini on my most recent order got some moisture or stray water in its bag. By the time I got to it, at the end of the week, this was death to the zucchini. I had to use my own, which luckily was already in the crisper.

I also had to make a special trip for eggs to fill out that turkey-ponzu rice bowl, because I’d neglected to look ahead at the recipe. There aren’t too many ingredients you need to have on hand to make EveryPlate’s dishes, but milk, eggs, and butter are sometimes among them. Look ahead when ordering recipes, or when receiving them.

Photograph: Matthew Korfhage

The seams can show more often on EveryPlate’s recipes than with premium kits like HelloFresh or Marley Spoon. I find myself improvising slightly: adding extra flavors after the fact, using my meat drippings on a side course, or swapping the order of operations. If I had my druthers, I would have used my own preferred prep on brussels sprouts rather than risk obliterating stray leaves in the oven.

But mostly, what EveryPlate offers is a baseline to work from. It offers an escape from my own tired routines: thought put into my meals by someone who is not me. A $7 meal where I buy an egg is still an economical meal—and a much more filling one than I would have had otherwise. EveryPlate remains the most budget-friendly meal kit I’d happily eat on a regular basis, a signal achievement for uncertain times.

Blackstone-backed data center operator AirTrunk said on Thursday it would invest $30 billion in India by 2030, adding to a wave of commitments from technology and infrastructure groups seeking to expand computing capacity in the country.

The Australian company said it would develop 5 gigawatts of new data center capacity in India, one of the largest commitments to the South Asian nation’s digital infrastructure sector. AirTrunk entered India earlier this year through the acquisition of Lumina CloudInfra.

AirTrunk’s commitment underlines India’s growing appeal as a destination for AI infrastructure, as tech companies and investors seek new geographies to expand computing capacity. Data center capacity in the country is projected to rise to as much as 8GW by 2030 from about 1.5GW today, according to research firm Bernstein.

The Indian government has also taken steps to attract investment in AI infrastructure. Earlier this year, New Delhi offered foreign cloud providers tax exemptions through 2047 on services sold overseas if those workloads are run from Indian data centers.

AirTrunk has already begun laying the groundwork for its expansion in the country. Earlier this week, Maharashtra Chief Minister Devendra Fadnavis said in a post on X that the western Indian state had exchanged a letter of intent for land allotment at the Raigad Pen Growth Center, where AirTrunk is planning a 3GW data center involving an investment of about ₹2 trillion (around $21 billion). The company already has a development pipeline of about 600MW across Mumbai, Chennai and Hyderabad.

AirTrunk did not respond to questions on whether the proposed Raigad project would account for most of the planned 5GW capacity, or whether it plans to make additional developments elsewhere in India.

The announcement follows a meeting between AirTrunk CEO Robin Khuda and Prime Minister Narendra Modi, who said in a post on X that the planned investment would help strengthen India’s position as a global hub for cloud computing and artificial intelligence.

AirTrunk joins a growing list of companies investing in infrastructure in the country. Amazon, Google, Microsoft, OpenAI, and Uber have announced major investments in cloud and AI infrastructure, while Indian companies Reliance Industries, Adani Group, and TCS have laid out ambitious plans to expand data center capacity.

However, data centers require vast amounts of electricity, water and land, and industry executives and analysts have pointed to resource issues as a potential bottleneck, particularly regarding power.

Deloitte estimates data center build-outs in the Asia Pacific could require tens of terawatt-hours of additional electricity by the end of the decade.

AirTrunk’s investment thesis is underpinned by government support, a large pool of technical talent, and access to renewable energy, Khuda said.

A new Magecart campaign is using Stripe’s API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages.

The entire malicious activity relies on Google Tag Manager and Stripe domains – googletagmanager.com and api.stripe.com – that are trusted implicitly by online stores.

The new malware family was discovered by researchers at ecommerce security company Sansec, who found that the malicious code is loaded from a Google Tag Manager (GTM) container and executes on every page that loads it.

“Both the payload and the stolen cards move through api.stripe.com. Stores allow that domain by default, so the skimmer slips past Content Security Policy rules and network filters that would otherwise flag traffic to an unknown skimmer domain,” Sansec says.

GTM is a management system that allows website owners to add and manage scripts used for analytics, ads, and tracking, without modifying the site’s source code.

Stripe is a payment processing platform widely used by online stores to accept credit cards, manage customer orders, and handle billing.

According to Sansec, the malicious code is embedded in legitimate-looking GTM containers, which activate when a shopper reaches a checkout page, queuing Stripe’s API for a specific customer record, cus_TfFjAAZQNOYENR, in this case

From the metadata fields of the record, it reads JavaScript code that it reassembles and then executes using new Function().

The card skimmer targets Magento/Adobe Commerce checkout pages and attempts to capture payment data (credit card number, expiration date, CVV code, customer name) as well as billing and email addresses, and phone number.

The stolen data is concatenated into a single string, obfuscated using the XOR operation, and stored locally instead of immediately exfiltrated.

Retrieving the data is done through a separate routine, which executes right after a page load and every minute after, by splitting the data blob in half, creating a new Stripe customer object, and storing the stolen data in metadata fields.

Every stolen payment card becomes a fake customer record in the attacker’s Stripe account, turning Stripe into a storage backend for stolen data.

Once the data is copied, the local file is wiped to eliminate traces of the attack and prevent duplicate uploads.

Sansec also discovered a variant of the attack where Google Firestore, a cloud database service for data storage and real-time retrieval, is used instead of Stripe.

In that version of the campaign, the payload is retrieved from a Firestore document named tracking/captcha in a project called braintree-payment-app. The stolen data is stored in a different localStorage key (_d_data_customer_).

The names of the document and the project help the malware blend in with legitimate payment and bot-protection traffic.

The Stripe customer record containing the skimmer was reportedly created on December 24, 2025, suggesting that the operation may have been active since at least that date.

Customers can protect themselves from such risks by using one-time virtual cards with set limits.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Advertisement

Get the whitepaper