MAGNIFICA HUMANITAS: WHEN THE CHURCH PLACES ITSELF AT THE CENTER OF THE AI DEBATE
The decision to sign Magnifica Humanitas on May 15 — the 135th anniversary of Leo XIII's Rerum Novarum — is not a coincidence of scheduling. It is a direct claim about magnitude. Rerum Novarum, published in 1891 in response to the industrial revolution's transformation of labour, wages, and the conditions of human work, became the foundational document of Catholic social teaching for the twentieth century. It articulated the rights of workers, the obligations of employers, and the moral limits of economic power in language that shaped labour movements, welfare states, and legal frameworks across the industrialised world. By signing Magnifica Humanitas on that date, Pope Leo XIV is asserting that the challenge posed by artificial intelligence is of equivalent historical weight — that the question of what AI does to human work, creativity, and dignity is as consequential as what industrial capitalism did to the labouring classes in the late nineteenth century, and that it requires a response of equivalent moral seriousness.
The content of the encyclical, as previewed in Vatican communications, centres on a principle that sounds simple but carries significant implications: AI must remain subordinate to the human person. The document argues that technology should protect workers, creativity, and moral agency — not supplant them — and that AI systems designed to replace human judgement in morally significant domains represent a category error, not merely a policy risk. The framing is important precisely because it avoids the two positions that dominate the public conversation. It does not argue that AI is inherently dangerous and should be restricted — a position that would be intellectually unserious given the evident benefits AI is already producing in medicine, science, and access to information. Nor does it embrace the techno-optimist argument that more capable AI is straightforwardly good and that human adaptation is simply a matter of reskilling. The document inserts itself into the space between those positions, where the genuinely difficult questions live: who bears the cost of AI-driven displacement, who benefits from AI-driven productivity, and what institutional structures can ensure that the gains are distributed in ways that respect human dignity rather than concentrating them in the hands of those who own the compute.
The presence of Christopher Olah — Anthropic co-founder and the researcher most associated with mechanistic interpretability, the discipline of understanding what neural networks are actually doing inside their weights — at the Vatican launch is the detail that makes this moment unusual even by the standards of an already unusual week. Olah is not a public-facing executive; he is a scientist whose work on understanding AI systems from the inside is widely regarded as foundational to the safety research that gives Anthropic's positioning its coherence. His presence at the Vatican presentation of a document arguing that AI must remain subordinate to human values is a signal that Anthropic regards the moral and religious dimension of this conversation as part of its territory, not as an external imposition on its work. Whether that represents genuine philosophical alignment, a sophisticated communications strategy, or both is a question that the contents of Magnifica Humanitas — when published — will help answer. What is clear is that the Catholic Church, with 1.4 billion members and a two-thousand-year tradition of moral philosophy, has decided that artificial intelligence is the defining ethical challenge of the current moment, and that it intends to shape the conversation about it with the same authority it brought to the labour question in 1891.
ANTHROPIC'S $30 BILLION ARR: THE GROWTH CURVE THAT HAS NO PRECEDENT
The revenue trajectory that CEO Dario Amodei described as "crazy" in his Q1 disclosure deserves the adjective. Anthropic's annualised revenue run rate was $87 million in January 2024. By December of that year it had crossed $1 billion. By the end of 2025 it had reached $9 billion. In February 2026 it was $14 billion; in March, $19 billion; in April, $30 billion. SemiAnalysis, whose methodology has tracked closely with company disclosures, estimates the figure is now approaching $44 billion — a number Anthropic has not confirmed, but which the growth rate makes plausible. The company confirmed that the number of enterprise customers spending more than $1 million annually doubled from 500 to over 1,000 in just two months. There is no software company in recorded history whose ARR has grown this fast at this scale. The nearest analogues — Salesforce in its early years, Google's AdWords in its first growth cycle, the original iPhone application economy — all grew faster in percentage terms at smaller absolute scales, but none approached this combination of velocity and size.
The engine driving the growth is Claude Code. Launched publicly in mid-2025, Anthropic's agentic coding tool has become the fastest-growing product in the company's history, and the mechanism behind that growth is worth understanding precisely. Unlike general AI assistance, where the value delivered is diffuse and the ROI case for enterprise procurement is often built on proxy metrics — employee satisfaction, hours saved on ambiguous tasks — coding agents produce a measurable artefact: working software. When an engineering team can demonstrate that Claude Code reduced the time to ship a feature by a quantifiable number of hours, the procurement decision becomes straightforward. The customer base for this kind of tool is large, spending authority is concentrated in organisations that are already accustomed to paying for developer tooling, and the willingness-to-pay scales with the cost of engineering talent. An AI tool that saves a $200,000-per-year engineer two days a week is worth far more than its API cost, and enterprise buyers have demonstrated they understand this arithmetic. Claude Code's position at the frontier of coding capability — measured by benchmarks and, increasingly, by the revealed preferences of engineering teams who switch providers — has given Anthropic a product with a durable commercial hook in the segment most willing and able to pay for it.
The competitive implication that has received less attention than the growth numbers is the claim, credibly sourced in multiple analyses, that Anthropic has now surpassed OpenAI in revenue while spending approximately four times less to train its models. If accurate, this disrupts the received wisdom about the economics of frontier AI. The industry narrative has been that building at the capability frontier requires extraordinary capital — that the tab for training runs, compute clusters, and research teams is a barrier that only the most heavily backed labs can sustain, and that competitive advantage accrues to those who can spend the most. Anthropic's trajectory suggests an alternative theory: that disciplined capital allocation, a focused product strategy, and a particular commercial insight (that coding is the highest-value near-term application of frontier AI) can generate a better revenue-per-dollar-of-training-compute ratio than maximising raw capability across all benchmarks. This does not mean Anthropic is capital-efficient in any conventional sense — the company's burn remains substantial and its approaching $1 trillion valuation requires a very large numerator. But it does mean that the assumption that scale of capital investment straightforwardly determines competitive outcome in AI is less secure than it appeared six months ago.
THE LAST ONES: WHAT IT MEANS THAT FRONTIER MODELS CAN NOW CLEAR A 32-STEP CYBERATTACK
The UK AI Security Institute's "The Last Ones" evaluation was designed to be hard. The 32-step simulation models a complete corporate network penetration: initial reconnaissance, credential harvesting, privilege escalation, lateral movement across network segments, persistence mechanisms, and full domain takeover. Human expert red-teamers require approximately 20 hours to complete it. The evaluation was built on the assumption that AI models would be able to solve individual steps but would struggle to maintain coherent multi-step planning across a long attack chain — the kind of sequential reasoning that requires holding the goal in context while adapting tactics to the changing state of the target environment. Claude Mythos Preview completed the simulation end to end in 3 of its 10 attempts. Across all attempts it completed an average of 22 of the 32 steps. GPT-5.5, evaluated subsequently, matched the benchmark with 2 of 10 completions. Claude Opus 4.6, the previous generation, averaged 16 steps. The progression is not a statistical artefact — it reflects a genuine and measurable improvement in the multi-step planning capability of frontier models at precisely the task the evaluation was designed to test.
The caveats the AISI attached to its findings are important and deserve to be stated precisely rather than waved past. The cyber range differs from a real-world enterprise environment in several significant ways: there are no active defenders, no defensive tooling, no intrusion detection systems, and no penalties for behavior that would trigger security alerts in production. A sophisticated human attacker — and, by extension, a sophisticated AI-assisted attacker — relies heavily on stealth, because noisy behavior in a real network generates detections that shut down the attack. The TLO evaluation measures autonomous multi-step reasoning through a technical attack chain at the capability level, in an environment that has been deliberately stripped of the defences that make real-world attacks difficult. This does not mean the evaluation is meaningless — it clearly measures something real and important. But translating a 3-in-10 completion rate on an undefended simulation into a claim about what these models can do against a hardened enterprise network with a mature security operations centre requires bridging a gap the evaluation itself does not cross.
What the evaluation establishes, stripped of both the hype and the dismissal, is that the capability gap between "AI can assist with individual security tasks" and "AI can autonomously plan and execute a complete multi-step attack chain" has effectively closed at the frontier. That is a meaningful statement about where the technology is, and it has two simultaneous implications that pull in opposite directions. The first is that the defensive use case — AI autonomously hunting for and patching vulnerabilities before attackers can exploit them — has now been validated in the same evaluation framework that validated the offensive capability. The reasoning that enables a model to plan and execute 22 of 32 attack steps is the same reasoning that enables it to understand attack surfaces and recommend mitigations. OpenAI's Daybreak platform and the AISI's offensive evaluation are two faces of the same underlying capability. The second implication is that the governance challenge is now concrete rather than hypothetical. The Five Eyes guidance on agentic AI published earlier this month named autonomous multi-step attack execution as a category of concern; the AISI evaluation has now provided the empirical basis for that concern. What the policy conversation has to reckon with is that the capability exists, that it is developing faster than evaluation frameworks can keep pace with, and that the distinction between a security tool and an attack tool is determined not by the model's weights but by the context in which it is deployed — a distinction that access controls, deployment policies, and international norms have not yet been designed to enforce at AI-native speeds.