SpaceX has confidentially filed paperwork with the Securities and Exchange Commission to sell shares to the public, according to multiple sources familiar with the registration, setting the stage for what would be the largest initial public offering in history and almost certainly making Elon Musk the world’s first trillionaire. The offering, internally code-named Project Apex, could come as early as June and reportedly aims to raise as much as $75 billion at a valuation of up to $1.75 trillion. That would more than double Saudi Aramco’s $29 billion listing in 2019, the current record holder, and would value SpaceX at roughly 94 times its 2025 revenue.

Twenty-one banks have lined up to manage the deal, with Goldman Sachs, JPMorgan Chase, Morgan Stanley, Bank of America, and Citigroup in senior roles, according to CNBC. Musk, who owns approximately 42 per cent of SpaceX according to PitchBook, has a current net worth estimated by Forbes at $823 billion. At a $1.75 trillion valuation, his stake alone would be worth more than $730 billion, pushing his total wealth past the trillion-dollar mark and placing him further ahead of every other person alive than any individual in modern economic history.

The company filing for this listing, however, is no longer just a rocket business. In February, SpaceX absorbed Musk’s artificial intelligence company xAI in an all-stock transaction that valued the combined entity at $1.25 trillion. That deal, a merger that raised immediate questions about optics, governance, and valuation, folded a company reportedly burning roughly $1 billion a month into one generating substantial cash flow. SpaceX also brought Musk’s social media platform X, formerly Twitter, under the same corporate roof. The result is a conglomerate spanning orbital launches, satellite internet, defence contracts, artificial intelligence, and social media, all controlled by a single individual who is simultaneously the largest financial backer of the sitting president of the United States.

The financial engine behind the valuation is Starlink, the satellite internet service that has become the most commercially successful space venture in history. In 2025, Starlink generated $10.6 billion in revenue on 54 per cent EBITDA margins, accounting for roughly two-thirds of SpaceX’s total revenue of $16 billion. The subscriber base has grown from 10,000 beta users in 2021 to more than 10 million paying customers across 150 countries as of February 2026. The Federal Aviation Administration’s January 2026 approval for up to 44 annual Starship launches has provided the operational headroom investors needed to underwrite a public valuation at this scale.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

The xAI component of the entity going public is, by contrast, a work in progress. Musk himself said in March that xAI was “not built right the first time around” and needed to be rebuilt from its foundations. Since the merger, all 11 of xAI’s original co-founders have departed the company, including researchers who had previously worked at Google DeepMind, Google Brain, and Microsoft Research. Jimmy Ba, who co-authored the Adam optimisation paper, one of the most cited in all of artificial intelligence, left in February. Critics have characterised the merger as a financial bailout that allows xAI’s mounting losses to be absorbed by Starlink’s cash flow ahead of the IPO, a framing Musk has rejected.

The conflicts of interest embedded in this offering are without precedent in American capital markets. In the past five years alone, SpaceX has won $6 billion in contracts from NASA, the Department of Defense, and other federal agencies, according to USAspending.gov. The company is NASA’s primary launch provider for crewed missions to the International Space Station and holds more than $4 billion in contracts for the Artemis lunar-landing programme. The Pentagon is reportedly preparing to award SpaceX a $2 billion contract to build a 600-satellite constellation for missile tracking as part of the Golden Dome missile-defence initiative, a programme Trump announced would cost $175 billion and begin initial operations within three years.

Musk was the largest individual donor to Trump’s 2024 presidential campaign and led the Department of Government Efficiency, or DOGE, a temporary body that unilaterally cancelled more than 10,000 federal contracts it deemed wasteful. Ethics observers noted that none of the cancellations affected Musk’s own companies. Among SpaceX’s current investors is Donald Trump Jr, the president’s eldest son, who holds shares through 1789 Capital, a venture firm that made him a partner shortly after his father won the presidency for a second time. That fund, which has crossed $1 billion in assets, has invested approximately $50 million in SpaceX and xAI and has backed at least four companies that subsequently received government contracts during the current administration. The White House has repeatedly denied any conflicts of interest between the presidency and the Trump family’s business activities.

The governance risks do not end at the political boundary. SpaceX under Musk has operated as a private company with minimal public disclosure for more than two decades. Going public will force it to file quarterly earnings, disclose executive compensation, open its books to auditors, and face shareholder lawsuits of the kind Tesla already contends with regularly. Tesla shareholders are currently suing Musk over the company’s $2 billion investment in xAI, arguing he directed shareholder capital into his own private venture. The SpaceX-xAI merger, in which both the buyer and seller were controlled by Musk, presents a similar structure of self-dealing that public-market investors and regulators already struggling with the pace of AI-era consolidation will scrutinise closely.

One unusual feature of the planned offering is the reported intention to allocate up to 30 per cent of shares to retail investors, roughly triple the typical 5 to 10 per cent. The move echoes Google’s unconventional 2004 IPO, which used a Dutch auction to broaden access, and appears designed to build a base of loyal individual shareholders who may be less inclined to challenge management. For a company whose founder has cultivated a large and vocal online following, the retail allocation could serve as both a democratisation of access and a governance insulation mechanism.

SpaceX’s listing would be the first of what could be a trio of mega-IPOs from the companies that defined the current era of AI and deep tech. OpenAI and Anthropic are both reportedly considering public offerings, though neither has filed. Together, the three listings would represent a concentration of market value in a handful of companies whose products, from orbital internet to frontier AI models, now intersect with national security, global communications, and the basic infrastructure of economic life.

The scale of what SpaceX is attempting is difficult to overstate. A $75 billion raise would exceed the gross domestic product of more than half the world’s countries. A $1.75 trillion valuation would make SpaceX more valuable at listing than every company in the S&P 500 except Apple, Microsoft, Nvidia, Amazon, and Alphabet. And at the centre of it all is a single individual who builds the rockets that carry American astronauts, runs the satellites that provide internet to war zones, leads an AI company he admits needs rebuilding, owns a social media platform that shapes political discourse, and has the mobile-phone number of the president.

Whether that concentration of power, capital, and government dependency can survive the scrutiny of public markets is the question Project Apex will ultimately answer. The defence-tech sector is already drawing record investment on the thesis that the next generation of military capability will be built by private companies rather than government labs. SpaceX is the largest and most consequential test of that thesis. If the IPO succeeds on the terms being discussed, it will not merely be the biggest stock offering in history. It will be a statement about the degree to which twenty-first-century governments have outsourced their most critical capabilities to the private sector, and about the price of getting them back.

from the the-internet’s-infrastructure-is-under-attack dept

Last month Walled Culture wrote about an important case at the Court of Justice of the European Union, (CJEU), the EU’s top court, that could determine how VPNs can be used in that region. Clarification in this area is particularly important because VPNs are currently under attack in various ways. For example, last year, the Danish government published draft legislation that many believed would make it illegal to use a VPN to access geoblocked streaming content or bypass restrictions on illegal websites. In the wake of a firestorm of criticism, Denmark’s Minister of Culture assured people that VPNs would not be banned. However, even though references to VPNs were removed from the text, the provisions are so broadly drafted that VPNs may well be affected anyway. Companies too are taking aim at VPNs. Leading the charge are those in France, which have been targeting VPN providers for over a year now. As TorrentFreak reported last February:

Canal+ and the football league LFP have requested court orders to compel NordVPN, ExpressVPN, ProtonVPN, and others to block access to pirate sites and services. The move follows similar orders obtained last year against DNS resolvers.

The VPN Trust Initiative (VTI) responded with a press release opposing what it called a “Misguided Legal Effort to Extend Website Blocking to VPNs”. It warned:

Such blocking can have sweeping consequences that might put the security and privacy of French citizens at risk.

Targeting VPNs opens the door to a dangerous censorship precedent, risking overreach into broader areas of content.

Indeed: if VPN blocks become an option, there will inevitably be more calls to use them for a wider range of material. The VTI also noted that some of its members are considering whether to abandon the French market completely. That could mean people start using less reliable VPN providers, some of which have dubious records when it comes to security and privacy. The incentive for VPNs to pull out of France is increasing. In August last year the Paris Judicial Court ordered top VPN service providers to block more sports streaming domains, and at the beginning of this year, yet more blocking orders were issued to VPNs operating in France. To its credit, one of the VPN providers affected, ProtonVPN, fought back. As reported here by TorrentFreak, the company tried multiple angles:

The VPN provider raised jurisdictional questions and also requested to see evidence that Canal+ owned all the rights at play. However, these concerns didn’t convince the court.

The same applies to Proton’s net neutrality defense, which argued that Article 333-10 of the French sports code, which is at the basis of all blocking orders, violates EU Open Internet Regulation. This defense was too vague, the court concluded, noting that Proton cited the regulation without specifying which provisions were actually breached.

ProtonVPN also argued that forcing a Swiss company to block sites for the French market is a restriction of cross-border trade in services, and that in any case, the blocking measures were “technically unrealizable, costly, and unnecessarily complex.” Despite this valiant defense, the court was unimpressed. At least ProtonVPN was allowed to contest the French court’s ruling. In a similar case in Spain, no such option was given. According to TorrentFreak:

The court orders were issued inaudita parte, which is Latin for “without hearing the other side.” Citing urgency, the Córdoba court did not give NordVPN and ProtonVPN the opportunity to contest the measures before they were granted.

Without a defense, the court reportedly concluded that both NordVPN and ProtonVPN actively advertise their ability to bypass geo-restrictions, citing match schedules in their marketing materials. The VPNs are therefore seen as active participants in the piracy chain rather than passive conduits, according to local media reports.

That’s pretty shocking, and shows once more how biased in favor of the copyright industry the law has become in some jurisdictions: other parties aren’t even allowed to present a defense. It’s a further reason why a definitive ruling from the CJEU on the right of people to use VPNs how they wish is so important.

Alongside these recent court cases, there is also another imminent attack on the use of VPNs, albeit in a slight different way. The UK government has announced wide-ranging plans that aim to “keep children safe online”. One of the ideas the government is proposing is “to age restrict or limit children’s VPN use where it undermines safety protections and changing the age of digital consent.” Although this is presented as a child protection measure, the effects will be much wider. The only way to bring in age restrictions for children is if all adult users of VPNs verify their own age. This inevitably leads to the creation of huge new online databases of personal information that are vulnerable to attack. As a side effect, the UK government’s misguided plans will also bolster the growing attempts by the copyright industry to demonize VPNs – a core element of the Internet’s plumbing – as unnecessary tools that are only used to break the law.

Follow me @glynmoody on Mastodon and on Bluesky. Originally published on WalledCulture.

Filed Under: cjeu, copyright, encryption, privacy, security, vpns

Companies: canal plus, nordvpn, proton

At 6:36 pm Cape Canaveral time, NASA’s SLS rocket lifted off without incident with the four members of the Artemis II spacecraft aboard. During the first few hours, Orion will complete its journey into Earth orbit and, throughout the first day, will conduct critical navigation and systems tests. Around the third or fourth day, the spacecraft will begin its trajectory toward the moon and cross its gravitational sphere of influence. In total, the mission will last approximately 10 days.

The mission includes the first woman and the first Black person on a crewed mission to lunar orbit. The launch comes 53 years after Apollo 17, the last crewed mission to the Moon.

The Artemis II crew will not land on the moon (that will happen on Artemis IV ). Instead, their capsule will fly at altitudes between 6,000 and 9,000 kilometers above the surface of the far side of the moon, circle it, and begin the return journey to Earth. The mission’s main objective is to demonstrate that the space agency has the technological capability to send people to the Moon safely and without incident.

Once they achieve this, NASA will begin preparations for new moon landings in the following years, which will aim to establish the first lunar bases in history and, with them, the sustained and sustainable presence of humans on the satellite.

The launch was successful and occurred on schedule. The launch window opened on Wednesday, April 1, at 6:24 pm Eastern Time (EDT) and could have been extended for two hours, if necessary. NASA would have had five more days to attempt another launch.

Every enterprise running AI coding agents has just lost a layer of defense. On March 31, Anthropic accidentally shipped a 59.8 MB source map file inside version 2.1.88 of its @anthropic-ai/claude-code npm package, exposing 512,000 lines of unobfuscated TypeScript across 1,906 files.

The readable source includes the complete permission model, every bash security validator, 44 unreleased feature flags, and references to upcoming models Anthropic has not announced. Security researcher Chaofan Shou broadcast the discovery on X by approximately 4:23 UTC. Within hours, mirror repositories had spread across GitHub.

Anthropic confirmed the exposure was a packaging error caused by human error. No customer data or model weights were involved. But containment has already failed. The Wall Street Journal reported Wednesday morning that Anthropic had filed copyright takedown requests that briefly resulted in the removal of more than 8,000 copies and adaptations from GitHub.

However, an Anthropic spokesperson told VentureBeat that the takedown was intended to be more limited: “We issued a DMCA takedown against one repository hosting leaked Claude Code source code and its forks. The repo named in the notice was part of a fork network connected to our own public Claude Code repo, so the takedown reached more repositories than intended. We retracted the notice for everything except the one repo we named, and GitHub has restored access to the affected forks.”

Programmers have already used other AI tools to rewrite Claude Code’s functionality in other programming languages. Those rewrites are themselves going viral. The timing was worse than the leak alone. Hours before the source map shipped, malicious versions of the axios npm package containing a remote access trojan went live on the same registry. Any team that installed or updated Claude Code via npm between 00:21 and 03:29 UTC on March 31 may have pulled both the exposed source and the unrelated axios malware in the same install window.

A same-day Gartner First Take (subscription required) said the gap between Anthropic’s product capability and operational discipline should force leaders to rethink how they evaluate AI development tool vendors. Claude Code is the most discussed AI coding agent among Gartner’s software engineering clients. This was the second leak in five days. A separate CMS misconfiguration had already exposed nearly 3,000 unpublished internal assets, including draft announcements for an unreleased model called Claude Mythos. Gartner called the cluster of March incidents a systemic signal.

What 512,000 lines reveal about production AI agent architecture

The leaked codebase is not a chat wrapper. It is the agentic harness that wraps Claude’s language model and gives it the ability to use tools, manage files, execute bash commands, and orchestrate multi-agent workflows. The WSJ described the harness as what allows users to control and direct AI models, much like a harness allows a rider to guide a horse. Fortune reported that competitors and legions of startups now have a detailed road map to clone Claude Code’s features without reverse engineering them.

The components break down fast. A 46,000-line query engine handles context management through three-layer compression and orchestrates 40-plus tools, each with self-contained schemas and per-tool granular permission checks. And 2,500 lines of bash security validation run 23 sequential checks on every shell command, covering blocked Zsh builtins, Unicode zero-width space injection, IFS null-byte injection, and a malformed token bypass discovered during a HackerOne review.

Gartner caught a detail most coverage missed. Claude Code is 90% AI-generated, per Anthropic’s own public disclosures. Under the current U.S. copyright law requiring human authorship, the leaked code carries diminished intellectual property protection. The Supreme Court declined to revisit the human authorship standard in March 2026. Every organization shipping AI-generated production code faces this same unresolved IP exposure.

Three attack paths, the readable source makes it cheaper to exploit

The minified bundle already shipped with every string literal extractable. What the readable source eliminates is the research cost. A technical analysis from Straiker’s Jun Zhou, an agentic AI security company, mapped three compositions that are now practical, not theoretical, because the implementation is legible.

Context poisoning via the compaction pipeline. Claude Code manages context pressure through a four-stage cascade. MCP tool results are never microcompacted. Read tool results skip budgeting entirely. The autocompact prompt instructs the model to preserve all user messages that are not tool results. A poisoned instruction in a cloned repository’s CLAUDE.md file can survive compaction, get laundered through summarization, and emerge as what the model treats as a genuine user directive. The model is not jailbroken. It is cooperative and follows what it believes are legitimate instructions.

Sandbox bypass through shell parsing differentials. Three separate parsers handle bash commands, each with different edge-case behavior. The source documents a known gap where one parser treats carriage returns as word separators, while bash does not. Alex Kim’s review found that certain validators return early-allow decisions that short-circuit all subsequent checks. The source contains explicit warnings about the past exploitability of this pattern.

The composition. Context poisoning instructs a cooperative model to construct bash commands sitting in the gaps of the security validators. The defender’s mental model assumes an adversarial model and a cooperative user. This attack inverts both. The model is cooperative. The context is weaponized. The outputs look like commands a reasonable developer would approve.

Elia Zaitsev, CrowdStrike’s CTO, told VentureBeat in an exclusive interview at RSAC 2026 that the permission problem exposed in the leak reflects a pattern he sees across every enterprise deploying agents. “Don’t give an agent access to everything just because you’re lazy,” Zaitsev said. “Give it access to only what it needs to get the job done.” He warned that open-ended coding agents are particularly dangerous because their power comes from broad access. “People want to give them access to everything. If you’re building an agentic application in an enterprise, you don’t want to do that. You want a very narrow scope.”

Zaitsev framed the core risk in terms that the leaked source validates. “You may trick an agent into doing something bad, but nothing bad has happened until the agent acts on that,” he said. That is precisely what the Straiker analysis describes: context poisoning turns the agent cooperative, and the damage happens when it executes bash commands through the gaps in the validator chain.

What the leak exposed and what to audit

The table below maps each exposed layer to the attack path it enables and the audit action it requires. Print it. Take it to Monday’s meeting.

AI-assisted code is already leaking secrets at double the rate

GitGuardian’s State of Secrets Sprawl 2026 report, published March 17, found that Claude Code-assisted commits leaked secrets at a 3.2% rate versus the 1.5% baseline across all public GitHub commits. AI service credential leaks surged 81% year-over-year to 1,275,105 detected exposures. And 24,008 unique secrets were found in MCP configuration files on public GitHub, with 2,117 confirmed as live, valid credentials. GitGuardian noted the elevated rate reflects human workflow failures amplified by AI speed, not a simple tool defect.

The operational pattern Gartner is tracking

Feature velocity compounded the exposure. Anthropic shipped over a dozen Claude Code releases in March, introducing autonomous permission delegation, remote code execution from mobile devices, and AI-scheduled background tasks. Each capability widened the operational surface. The same month that introduced them produced the leak that exposed their implementation.

Gartner’s recommendation was specific. Require AI coding agent vendors to demonstrate the same operational maturity expected of other critical development infrastructure: published SLAs, public uptime history, and documented incident response policies. Architect provider-independent integration boundaries that would let you change vendors within 30 days. Anthropic has published one postmortem across more than a dozen March incidents. Third-party monitors detected outages 15 to 30 minutes before Anthropic’s own status page acknowledged them.

The company riding this product to a $380 billion valuation and a possible public offering this year, as the WSJ reported, now faces a containment battle that 8,000 DMCA takedowns have not won.

Merritt Baer, Chief Security Officer at Enkrypt AI, an enterprise AI guardrails company, and a former AWS security leader, told VentureBeat that the IP exposure Gartner flagged extends into territory most teams have not mapped. “The questions many teams aren’t asking yet are about derived IP,” Baer said. “Can model providers retain embeddings or reasoning traces, and are those artifacts considered your intellectual property?” With 90% of Claude Code’s source AI-generated and now public, that question is no longer theoretical for any enterprise shipping AI-written production code.

Zaitsev argued that the identity model itself needs rethinking. “It doesn’t make sense that an agent acting on your behalf would have more privileges than you do,” he told VentureBeat. “You may have 20 agents working on your behalf, but they’re all tied to your privileges and capabilities. We’re not creating 20 new accounts and 20 new services that we need to keep track of.” The leaked source shows Claude Code’s permission system is per-tool and granular. The question is whether enterprises are enforcing the same discipline on their side.

Five actions for security leaders this week

1. Audit CLAUDE.md and .claude/config.json in every cloned repository. Context poisoning through these files is a documented attack path with a readable implementation guide. Check Point Research found that developers inherently trust project configuration files and rarely apply the same scrutiny as application code during reviews.

2. Treat MCP servers as untrusted dependencies. Pin versions, vet before enabling, monitor for changes. The leaked source reveals the exact interface contract.

3. Restrict broad bash permission rules and deploy pre-commit secret scanning. A team generating 100 commits per week at the 3.2% leak rate is statistically exposing three credentials. MCP configuration files are the newest surface that most teams are not scanning.

4. Require SLAs, uptime history, and incident response documentation from your AI coding agent vendor. Architect provider-independent integration boundaries. Gartner’s guidance: 30-day vendor switch capability.

5. Implement commit provenance verification for AI-assisted code. The leaked Undercover Mode module strips AI attribution from commits with no force-off option. Regulated industries need disclosure policies that account for this.

Source map exposure is a well-documented failure class caught by standard commercial security tooling, Gartner noted. Apple and identity verification provider Persona suffered the same failure in the past year. The mechanism was not novel. The target was. Claude Code alone generates an estimated $2.5 billion in annualized revenue for a company now valued at $380 billion. Its full architectural blueprint is circulating on mirrors that have promised never to come down.

Samsung could be about to make its most expensive phones even pricier, at least in its home market.

A new report suggests the company is planning price increases for select high-end Galaxy models in South Korea. Changes could potentially kick in as early as today, April 1.

The devices in question include the Samsung Galaxy Z Fold 7, Samsung Galaxy Z Flip 7, and Samsung Galaxy S25 Edge — all firmly at the top end of Samsung’s lineup. But the increases won’t hit every version. Instead, Samsung appears to be targeting only higher storage tiers. The base 256GB models will remain unchanged.