The Great Language Reset

The tech industry is entering a fascinating inflection point where the primary constraint isn’t capability anymore—it’s control. Microsoft wants to rewrite its entire codebase in Rust by 2030 to eliminate security vulnerabilities at scale. ServiceNow just paid 7.75 billion dollars to bolt cybersecurity directly into its workflow engine. China is running 2,000-question ideological tests on chatbots. The Trump administration is blocking content moderators from entering the US while rewriting H-1B visa rules. What connects these stories isn’t technology—it’s the realization that the systems we built during the move-fast-break-things era are now broken in ways that matter: they’re vulnerable to adversaries, they’re uncontrollable at scale, and they’re leaking value in directions nobody planned for. We’re witnessing the professionalization of tech through constraint. The question is whether companies can rebuild fast enough before the cost of not doing so exceeds the cost of doing it.

Deep Dive

Microsoft’s 2030 Bet: Rewriting Security Into the Foundations

The real signal here isn’t that Microsoft wants to eliminate C and C++ by 2030. It’s that they’ve already concluded it’s cheaper and faster to rewrite billions of lines of code than to keep patching memory-safety bugs. Galen Hunt’s LinkedIn post about reaching “1 engineer, 1 month, 1 million lines of code” represents a fundamental shift in how enterprise software gets built. Instead of incremental security fixes layered on top of insecure foundations, Microsoft is betting that AI-assisted code translation paired with algorithmic analysis can compress a generational rewrite into a five-year window.

The stakes here are enormous. Microsoft has already signaled that memory-safe languages like Rust are non-negotiable for future infrastructure. The company’s Azure CTO called Rust the default for new projects back in 2022. But migration only matters if it’s survivable—and for a company with 500+ active product portals and massive legacy systems, survivability means automation. Microsoft’s secret weapon isn’t Rust itself. It’s the combination of “powerful code processing infrastructure,” algorithmic graph analysis, and AI agents working in concert. They’re not asking humans to rewrite everything. They’re building a system that learns the patterns in legacy C code, understands the architectural constraints, and generates idiomatic Rust that preserves behavior while eliminating entire classes of vulnerabilities.

The competitive implication is immediate. Every other cloud provider—AWS, Google Cloud, Oracle—will eventually face the same calculus. The first company to successfully eliminate memory-safety vulnerabilities at scale gets a massive security narrative advantage in a world where nation-states are actively hunting for exploitable flaws. Microsoft’s hiring of a Principal Software Engineer to build these tools isn’t incremental. It’s a declaration that memory-safe infrastructure is now a strategic differentiator worth billions in investment.

ServiceNow’s 7.75B Bet: Security as Workflow

ServiceNow’s acquisition of Armis for 7.75 billion dollars is being read as a security company buying a visibility tool. That’s backwards. It’s workflow-as-a-platform buying a real-time threat intelligence feed at a price point that signals belief that security-without-workflow is becoming commodity. The deal pairs ServiceNow’s Configuration Management Database—which maps every IT asset in an organization—with Armis’ capability to discover and monitor those assets in real-time. Combined, they create something entirely different: a system that sees every device, understands every vulnerability, and can execute remediation workflows across millions of devices automatically.

The economics are instructive. Armis has 340 million in ARR and is growing fast. ServiceNow hopes to triple security revenue from 1 billion to 3 billion within reach. But the price-to-revenue multiple here (22.5x) is stratospheric for what’s ostensibly a security company acquisition. That multiple only makes sense if ServiceNow is buying something far larger than a product. Charles Betz from Forrester nailed it: Armis gives ServiceNow “massive volumes of data they have never previously had” and makes their discovery tools “an order of magnitude more powerful.” Pair that with the Data.World acquisition from earlier this year—a data catalog and governance platform—and the strategy becomes clear. ServiceNow is building toward a world where enterprises can ask questions like “show me every unpatched system that handles customer financial data” and get executable answers across their entire estate. That’s not security software. That’s operational intelligence infrastructure.

The deeper play is in how ServiceNow is consolidating the enterprise operating system. IT teams currently stitch together a dozen tools: asset discovery, configuration management, vulnerability scanning, identity and access management, incident response. Each tool creates data silos. ServiceNow is absorbing these silos by acquiring the best-of-breed players and grinding them into a unified platform. Armis’s real-time visibility layer is the missing piece that makes the CMDB actually useful for continuous security. What looked like scattered acquisitions—Veza for identity, Armis for assets, Data.World for data governance—now reads as a coherent bet that the enterprise software winner will be whoever owns the integrated view of risk across the entire operational environment.

China’s AI Ideology Test: Control as a Competitive Advantage

The most important story isn’t that China requires chatbots to pass a 2,000-question ideological test. It’s that entire specialized agencies have spawned to help AI companies pass them. This is the inverse of what’s happening in the US. While the Trump administration is sanctioning content moderators and researchers, China is building industrial infrastructure around content control. The difference matters: one approach kills the legitimacy of moderation, the other industrializes it.

Here’s why this matters for the global AI competition. Ideology-filtered AI systems are brittle in ways that American consumers don’t face. But they’re also predictable in ways that give state-backed companies enormous competitive advantages in certain markets. If a Chinese AI company knows exactly which outputs are acceptable to the state, they can optimize aggressively around that constraint. They can hire specialists, build testing infrastructure, create feedback loops that make their systems more reliably compliant. American companies are fragmenting: they face pressure to be neutral, pressure to satisfy activist groups, pressure to comply with EU regulations, pressure to avoid offending Trump’s government. The lack of a clear, enforceable rule set makes it harder to optimize at scale.

This is particularly important in the enterprise AI market outside the US. A company in Singapore or Vietnam or Indonesia that wants to deploy an AI system needs to navigate their own local regulations. Chinese AI companies have experience meeting the most stringent censorship regime on earth. That operational capability—the ability to say “yes, we can make this system pass your ideological requirements”—becomes a form of technical differentiation. The US position that content moderation is illegitimate or that AI should be “neutral” makes it harder for American companies to sell into markets where governments demand accountability. China is building toward a world where their AI exports come with built-in compliance architecture. That’s not a bug. That’s a feature.

Signal Shots

Aflac’s 22.6 million person breach reshapes insurance liability calculus — Aflac confirmed hackers stole personal and health data on a scale that makes it one of 2025’s largest disclosed breaches. This signals that legacy healthcare and financial institutions remain catastrophically vulnerable to coordinated attacks. Watch for class action suits and whether this accelerates demand for zero-trust architecture among Fortune 500 companies in regulated industries.

FCC drone import ban eliminates DJI’s newest models from US market starting today — The Federal Communications Commission’s import restrictions on Chinese drones take effect, blocking the latest generation from domestic sale. The strategic move consolidates US drone maker competitiveness but leaves American hobbyists and commercial operators stuck with older, less capable hardware. This is the first instance of component-level tech decoupling hitting consumer markets visibly.

Trump bars content moderators and researchers from US via State Department sanctions — The administration issued visa restrictions on Thierry Breton and four anti-disinformation researchers, framing content moderation as censorship of American viewpoints. This eliminates the intellectual middle ground in the moderation debate by making it a national security issue rather than a policy question. Expect tech companies to fragment globally as US platforms abandon moderation standards that conflict with government preference.

H-1B visa system shifts from lottery to salary-weighted selection starting February 27 — The Trump administration will prioritize higher-paid workers in the new H-1B allocation system. This reshapes the economics of tech hiring by making offshore cost arbitrage less viable and incentivizing higher-wage roles. Watch for acceleration in AI engineering and ML specialist hiring while mid-market developer roles see compression.

Bitcoin miners pivot data centers to AI compute, driving 90% gains in mining ETFs — Mining infrastructure originally built for hash generation is being retooled for large-scale GPU compute. This reveals massive unutilized GPU capacity coming online as mining becomes less economically attractive, which could meaningfully increase competitive pressure on cloud providers’ AI pricing through 2026.

South Korean prosecutors allege CXMT mass-produced advanced DRAM using stolen Samsung technology — Ten former Samsung employees allegedly transferred hundreds of process steps to the Chinese chipmaker, enabling 10nm-class production outside South Korea. This crystallizes the risk of human capital migration in chip manufacturing and validates concerns about technology leakage from US and allied semiconductor companies into Chinese production chains.

Scanning the Wire

• US imposes tariffs on Chinese semiconductors starting 2027, but at 0% initially — The administration’s approach signals negotiation leverage rather than immediate economic punishment for legacy chip dominance. (The Register)

• Snowflake in talks to acquire app monitoring startup Observe for ~1 billion — The data platform is expanding observability capabilities to compete with integrated cloud native stacks from AWS and Google Cloud. (Techmeme)

• Zoox issues software recall for autonomous vehicle lane-crossing behavior — Amazon’s robotaxi unit discovered safety issues in its driving stack, signaling that autonomous systems still have edge case vulnerabilities. (TechCrunch)

• Starlink satellite fails and is shedding debris into orbit — SpaceX’s constellation demonstrated vulnerability to component failure, with spacecraft set to burn up in weeks but not before creating collision hazards. (The Register)

• Authors including John Carreyrou reject Anthropic settlement, sue six major AI companies directly — High-profile rejection of class action terms signals that authors are pursuing individual copyright claims with higher settlement expectations. (TechCrunch)

• Hackers stole over 2.7 billion in cryptocurrency during 2025, marking third consecutive record year — Crypto theft continues to accelerate, with 2025 establishing itself as the worst year in theft history. (TechCrunch)

• France’s postal and banking services knocked offline by suspected DDoS attack — Critical infrastructure in allied nations continues to show vulnerability to distributed attack campaigns. (TechCrunch)

• China executes second reusable rocket launch in three weeks — Beijing is compressing reusable launch capability development on an aggressive timeline. (Ars Technica)

• Judge blocks Texas age verification requirement for app stores from taking effect January 1 — Federal courts continue striking down state-level app store regulation attempts as constitutional overreach. (The Verge)

• Apple to allow third-party app stores in Brazil following competition settlement — Brazil joins EU in forcing Apple to open iOS ecosystem, accelerating inevitable fragmentation of app distribution globally. (The Verge)

Outlier

Waymo published an entire technical breakdown of how their autonomous system handled the PG&E blackout that cut power to one-third of San Francisco — What’s remarkable isn’t that Waymo kept running—it’s that they published it. The company detailed how their vehicles navigated dark intersections, handled uncertain traffic signals, and made safe decisions with degraded sensor inputs. This is the opposite of the Trump administration’s approach to content moderation: radical transparency about how systems work in failure modes. Waymo is betting that building public trust through technical honesty beats opacity. That’s a very different bet than what most of the industry is making right now, and it signals that some companies understand that the real competitive advantage in the AI era isn’t better models—it’s better explanations of how your models fail.

See you all in the next issue. Until then, keep your codebase memory-safe and your data breaches imaginary.