Automation Gets a Framework — OpenAI Blinks on Stargate Self-Build

1. NAF Network Automation Framework — Practitioners Finally Have a Shared Vocabulary

TL;DR: The Network Automation Forum's six-block reference architecture and companion "Automation Map" maturity tool were formally presented at SwiNOG 41, giving practitioners a vendor-neutral framework for diagnosing where their automation program sits and — more importantly — what to build next.

Key Points:

• Six building blocks: Intent, Observability, Orchestrator, Executor, Collector, Presentation
• The Automation Map is the maturity-assessment layer built on top — maps current state across all six dimensions to identify investment priorities
• Designed to work regardless of what tools you already have (Ansible, Nornir, Nautobot, Batfish — all fit)
• AutoCon 5 (Munich, June 8–12, 2026) features a dedicated NAF deep-dive track
• SwiNOG 41 also featured ETH Zurich spin-off NetFabric.ai presenting an honest, research-grounded assessment of what AI can and cannot do in network operations

The NAF Framework solves a problem that's been quietly blocking adoption for years: without shared vocabulary, every organization reinvents the wheel when justifying automation investments. The six building blocks are not new concepts — anyone who's built automation at scale knows they need something to express desired state (Intent), observe actual state (Observability), coordinate workflows (Orchestrator), push changes (Executor), pull telemetry (Collector), and give humans a usable interface (Presentation). What the framework adds is a formal, vendor-neutral taxonomy that makes it possible to have the conversation with management and across teams.

The Automation Map companion is the maturity tool built on this taxonomy. You map your current state across the six dimensions, identify which gaps are blocking progress, and prioritize accordingly. This is more actionable than generic maturity models because it ties directly to specific tooling choices: an organization that has Executors (Ansible/Nornir) but no Intent layer (Nautobot/Infrahub as source of truth) now has a precise label for its gap and a defensible justification for investing in a source-of-truth platform.

The SwiNOG 41 context reinforces the value here. Damien Garros (OpsMill, co-founder of Infrahub) presented the Framework alongside Tobias Bühler (NetFabric.ai) presenting "What AI Can and Can't Do" in agentic network operations. NetFabric combines LLMs with mathematical network models — explicitly not a chat interface onto a config file — and Bühler was candid about failure modes. That pairing — structured architecture vocabulary plus an honest AI capability assessment from academic researchers, not a vendor sales team — is exactly what automation teams need before evaluating any agentic network management pitch.

So What? Run your team through the six building blocks this week. Map what you have against each dimension. If you do not have an Intent layer with API-accessible, version-controlled desired state, that is your highest-leverage investment regardless of which tools you already run. Download the SwiNOG 41 slides — they're publicly available.

SourcesNAF Framework (GitHub), SwiNOG 41 — Damien Garros slides, NetFabric SwiNOG 41 slides, AutoCon 5

2. OpenAI Misses Revenue Targets — Stargate Is Now a Leasing Umbrella, Not a Build Program

TL;DR: OpenAI missed internal monthly revenue targets for early 2026, fell short of ChatGPT weekly active user goals, and has quietly pivoted Stargate from a self-build data center program to an umbrella term for third-party compute leases — while halting construction in Texas, the UK, and Norway.

Key Points:

• Internal gap: ~$20B 2026 revenue target versus $1.4T+ in infrastructure commitments — twenty-to-one leverage
• Construction halted in Abilene TX, UK Stargate project, and Norway (the Nscale 230 MW Narvik deal was not closed; Microsoft absorbed the capacity)
• Official pivot: "Stargate is an umbrella term" for leased compute from Microsoft, Oracle, CoreWeave, and others
• CFO Sarah Friar and CEO Sam Altman reportedly at odds over whether revenue growth can support the committed spend
• IPO preparation is a live backdrop — the balance sheet needs cleaning before going public

Two weeks ago this newsletter covered the $630B combined five-hyperscaler 2026 capex number and framed it as evidence of unlimited AI confidence. The OpenAI revenue miss is the first visible crack in that narrative from the demand side. OpenAI is simultaneously the most important single driver of AI compute demand and a company with a gap between committed infrastructure spend and revenue large enough to force a visible strategic retreat. The Stargate pivot — from ownership to leasing — is the rational response: preserve balance sheet flexibility and avoid stranded asset exposure.

The downstream effects on the data center industry are immediate. OpenAI's Stargate commitments were load-bearing for Oracle, SoftBank, and several real estate partners. Microsoft absorbing the Norway Nscale capacity is the clearest signal of what "hyperscaler with diversified revenue" means when AI-native demand falters: the hyperscaler becomes the floor. Contrast this with the Applied Digital Delta Forge 1 story below: an unnamed investment-grade hyperscaler signed a $7.5B, 300 MW, 15-year lease the same week OpenAI pulled back. Demand is real — but the premium goes to investment-grade counterparties, not AI-native startups projecting revenue trajectories they cannot sustain.

So What? Any infrastructure planning that depended on OpenAI's Stargate timeline is now unreliable. More broadly: when a vendor or AI provider cites infrastructure commitments as evidence of demand confidence, verify the revenue trajectory behind those commitments. Commitment and demand are now demonstrably different things.

SourcesDataCenter Dynamics, Tom's Hardware, CNBC, Fortune

3. Five Eyes Publish First Coordinated Agentic AI Security Framework

TL;DR: CISA, NSA, and partners from the UK, Australia, Canada, and New Zealand published "Careful Adoption of Agentic AI Services" — the first multi-government security framework specifically targeting autonomous AI agents. The headline recommendation: prioritize resilience over productivity, and the current state of enterprise agentic deployment doesn't come close.

Key Points:

• Six publishing bodies: CISA + NSA (US), NCSC-UK, ASD's ACSC (Australia), Canadian Cyber Centre, NCSC-NZ
• 23 distinct risk categories, 100+ best practices
• Core controls: cryptographic agent identity, human escalation gates at system design level, minimum permissions, mandatory audit logging
• Explicit admission: prompt injection may never be fully solved at the model layer — defense must be architectural
• Supply chain flagged as primary attack surface: integrated MCP servers, external APIs, tool-calling chains
• Notable gap: OWASP and MITRE ATLAS frameworks target LLMs broadly, not autonomous agents specifically

The timing is not coincidental. Last week's coverage documented 91% of organizations with agents in production reporting confirmed incidents (April 28), the architectural necessity of zero-trust egress for AI agents (April 30), and NIST drafting SP 800-53 control overlays for agentic systems (April 28). The Five Eyes guidance formalizes what those individual signals were pointing at: the enterprise AI agent deployment wave is outrunning security practice, and the agencies are now formally saying so in a document that carries weight with procurement and compliance teams.

The prompt injection acknowledgment is the most important clause in the document. The guidance explicitly states that some researchers believe the problem may never be fully solved — which means defense-in-depth at the network and credential layer is not optional while model-layer solutions remain immature. That is a meaningful shift in posture compared to vendor claims that guardrails are sufficient. For network engineers specifically: any AI agent that can execute actions on network devices or APIs needs the same trust model as an elevated user account — cryptographic identity, scoped credentials, mandatory audit trail, and human approval gates for high-impact operations.

So What? Run the three-question audit today: Does every agent have a cryptographic identity? Are high-impact operations gated on human approval at the system design level — not the agent's own judgment? Can you parse your agent audit logs in real time? If any answer is no, you have the specific gaps the Five Eyes guidance targets.

SourcesCISA guidance document, CISA newsroom, The Register

Iran's 2026 Shutdown Reveals BGP-Invisible Null-Routing — A Lesson for Every Network Monitor

TL;DR: A new arXiv paper shows Iran's January 2026 internet blackout was enforced via forwarding-plane null-routing while BGP announcements remained globally stable — making the shutdown invisible to every standard BGP-based outage detection tool.

Key Points:

• 96.5–97.4% of Iranian prefixes null-routed, but BGP routes remained visible and stable globally
• IPv6 handled differently: routes withdrawn via BGP (detectable); IPv4 null-routed while routes stayed up (invisible to BGP monitors)
• Data from five vantage points, RIPE RIS BGP snapshots (33 sessions, 2019–2026), Censys passive scans
• Control/forwarding plane decoupling used deliberately to defeat BGP-based monitoring infrastructure
• Same architectural pattern underlies microsegmentation enforcement gaps — policy applied at forwarding plane may not surface in control-plane telemetry

This is the fourth major Iranian shutdown, and the first to demonstrate deliberate BGP retention as a deception layer against the global monitoring infrastructure. The technique itself is elementary (null-routing is basic); the architectural insight is that every BGP-based outage tool — IODA, Cloudflare Radar, RIPE RIS — showed Iran as "reachable" while essentially no traffic moved. The paper's methodology combined passive BGP data, active TCP probing from multiple vantage points, and Cloudflare Radar traffic — and only the active probing caught the discrepancy.

So What? If BGP reachability is your primary outage detection signal — whether for your own WAN, for customers, or for monitoring third-party reachability — you have this exact blind spot. Active probing (real traffic paths, ICMP probes) cannot be replaced by passive BGP observation in high-integrity monitoring. This is also worth reading as a microsegmentation audit lesson: enforcement applied at the forwarding plane without corresponding control-plane visibility creates the same gap at enterprise scale.

SourcesarXiv 2605.00187, Kentik analysis

IETF BESS Advancing EVPN RFC 7432bis + New First-Hop Security Extension

TL;DR: RFC 7432bis is at revision 14 and close to publication, incorporating a decade of EVPN operational experience. A brand-new draft proposes distributing DHCP snoop databases across EVPN fabrics via BGP — filling a real operational gap that today leaves first-hop security state siloed on individual access switches.

Key Points:

• RFC 7432bis (draft revision 14) incorporates operational clarifications that currently live only in implementation notes; this will be the normative EVPN BGP specification superseding the 2015 original
• draft-ietf-bess-evpn-first-hop-security-00: proposes BGP distribution of DHCP snoop / ARP inspection tables across all PEs in an EVPN fabric — eliminates the need for each PE to independently build local snooping state
• draft-lrss-bess-evpn-group-policy-02: adds group-based policy tags to EVPN routes, enabling microsegmentation via group IDs rather than per-host ACLs
• draft-ietf-bess-evpn-ipvpn-interworking-18: D-PATH attribute for loop prevention at EVPN-to-IPVPN handoffs — relevant for DC edge gateway configurations

So What? Read the RFC 7432bis draft revision 14 against your implementation's behavior before it publishes as normative text. Deviation from the forthcoming text is a future interop risk. The first-hop security draft matters specifically if your fabric today disables DHCP snooping at the access layer because centralized BGP distribution of snoop state was not an option — that equation changes if this draft progresses.

SourcesIETF BESS — RFC 7432bis, EVPN first-hop security draft, EVPN group policy draft

6G Researchers Solve "Uncertainty Neglect Bias" in Agentic Network Slicing

TL;DR: A new arXiv paper proposes risk-aware LLM agents for 6G network slice negotiation that use Conditional Value-at-Risk (CVaR) from extreme value theory — forcing agents to plan for tail events rather than average outcomes. The failure mode it addresses is the same one behind every "agent did something catastrophic in the p99 case" incident.

Key Points:

• LLM agents use Digital Twins to predict full latency distributions; CVaR (not mean) is the optimization objective
• Results: SLA violations eliminated; URLLC p99.999 latency reduced ~11%; energy savings rationally traded to 17% rather than ignored
• "Uncertainty neglect bias" — LLMs optimizing for averages while ignoring tail risk — is formally defined and experimentally validated
• Direct conceptual link: this is the same failure mode as the Cursor/PocketOS agent database deletion (April 28), where the agent executed a destructive action it statistically estimated as low-probability

So What? When designing any agentic automation system for infrastructure operations, specify tail-risk SLAs, not average-performance targets. Include "what does the agent do in the p99 case" as an explicit evaluation criterion. CVaR is the mathematical framework that operationalizes this — the paper is worth reading even if 6G is not on your roadmap.

SourcesarXiv 2511.19175

SwiNOG 41 Automation Depth: NetFabric's Honest AI Assessment + Zebbra's E2E Test Methodology

TL;DR: Beyond the NAF Framework (Top 3 above), SwiNOG 41 published two more immediately useful automation resources: NetFabric.ai's practitioner-grounded "what AI can and can't do" talk, and Zebbra AG's vendor-agnostic E2E testing reference built on netlab.

Key Points:

• NetFabric.ai (ETH Zurich / NSG Group spin-off): combines LLMs with mathematical network models for structured observability over live network state — not a chat interface. Bühler was direct about failure modes, which is more useful for evaluation than any vendor pitch.
• Zebbra E2E testing: topology.yml → multi-vendor virtual lab (Arista/Cisco/Juniper/Nokia/FRR) → automated test harness → pre-production validation. Directly extends the April 30 netlab partial-config generation story to the full test methodology.
• Both talks have publicly available slides. SwiNOG 41 content quality was high across the board.

So What? Download both slide decks. NetFabric's "what AI can't do" framing is more useful than any feature matrix when evaluating agentic ops vendors. Zebbra's E2E methodology is the missing link between "we have Ansible" and "we can safely deploy Ansible changes without production incidents."

SourcesNetFabric slides, Zebbra slides, SwiNOG 41, netlab documentation

GLM-5 Reaches Frontier on Huawei Ascend — Export Controls Miss the Mark

TL;DR: Zhipu AI's GLM-5 (MIT license, 744B-parameter MoE) scores 77.8% on SWE-bench Verified — trained entirely on 100,000 Huawei Ascend 910B chips with zero NVIDIA dependency. Priced at $1/M input tokens versus $15/M for comparable Western frontier models.

Key Points:

• Architecture: 744B total parameters, 40B active per token (MoE), 200K token context window
• Training: 28.5 trillion tokens on 100,000 Huawei Ascend 910B chips using MindSpore framework — largest confirmed training run on non-NVIDIA hardware
• Benchmarks: 77.8% SWE-bench Verified (above GPT-5.2 at 75.4%, Gemini 3 Pro at 76.2%; below Claude 4 Opus at 80.9%)
• Production today: Z.ai API and OpenRouter; inference also runs on Moore Threads, Cambricon, Kunlunxin — a fully domestic China silicon stack
• Cost: $1/M input tokens, $3.20/M output tokens — five to eight times cheaper than comparable Western frontier models

US export controls on NVIDIA H100/H200 hardware are not containing frontier AI capability — they are accelerating China's domestic silicon ecosystem toward production maturity. GLM-5 is not a research artifact; it is in production and priced competitively with Claude Sonnet for coding tasks. The domestic inference stack (Moore Threads, Cambricon, Kunlunxin) is the more significant signal: if inference-at-scale works on domestic silicon, export controls on training hardware become largely irrelevant within a few model generations.

So What? GLM-5's cost differential ($1 versus $15 per million tokens at comparable coding performance) is now a procurement-level question for enterprise AI buyers, not a geopolitical observation. Evaluate on benchmarks relevant to your actual workloads, not headline model rankings.

SourcesHuggingFace Blog — GLM-5, Awesome Agents — GLM-5 on Huawei

AI Inference Splits Along the Prefill/Decode Boundary — Fabric Planning Changes

TL;DR: The AI chip market is structurally bifurcating between compute-heavy prefill (GPU-optimized) and memory-bandwidth-constrained decode (SRAM-optimized), creating disaggregated inference architectures that generate new inter-stage network traffic patterns infrastructure teams haven't planned for.

Key Points:

• Prefill = compute-heavy matrix operations → GPUs well-matched
• Decode = memory bandwidth-constrained token generation → SRAM architectures outperform (Groq's thesis, now absorbed into NVIDIA)
• NVIDIA's $20B Groq acquisition makes architectural sense: GPU prefill + Groq SRAM decode = disaggregated pipeline
• SambaNova SN50: 5x faster than prior generation, 4x more network bandwidth — three-tier memory architecture for 10T+ parameter models
• OpenAI-Cerebras: 10B+ deal, 750 MW compute through 2028 — another data point on the decode-specialized market

So What? When speccing AI inference fabric, ask vendors explicitly how they handle bandwidth between prefill and decode nodes. Disaggregated architectures generate inter-stage traffic that is architecturally different from all-to-all GPU training collectives — your fabric planning needs to account for both patterns.

SourcesThe Register — inference chip startups

Applied Digital Locks In $7.5B, 300 MW Hyperscaler Lease at Delta Forge 1

TL;DR: Applied Digital announced a 15-year lease for 300 MW of critical IT load at its Delta Forge 1 Louisiana campus with an unnamed investment-grade hyperscaler — $7.5B total contract value, mid-2027 operations. Same week OpenAI pulled back, demonstrating that AI datacenter demand is real but increasingly concentrated in investment-grade counterparties.

Key Points:

• 300 MW critical IT load, 15-year primary term + three five-year renewal options
• Total campus: 430 MW, 500+ acres, Louisiana; initial operations mid-2027
• Applied Digital total contracted revenue now exceeds $23B
• Hyperscaler identity undisclosed; "investment-grade" is the operative qualifier
• Lease structure (leaseback, not self-build) is increasingly the preferred model across the industry

So What? The data center demand thesis is intact — what's changing is the counterparty qualification. Investment-grade hyperscalers (Microsoft, Google, AWS, Meta) are locking in capacity that AI-native companies are retreating from. If you are evaluating data center partnerships or colocation agreements, counterparty credit quality is now a material contract consideration, not an afterthought.

SourcesDataCenter Dynamics — Applied Digital, GlobeNewswire

SpaceX Files for Million-Satellite Orbital Data Center — and Researchers Just Solved the Network Problem

TL;DR: SpaceX filed with the FCC in January 2026 for up to one million satellites as distributed AI compute nodes, while independent researchers simultaneously published Space-XNet — a framework for sharding LLM inference across satellite constellations. The network engineering problems involved are extraordinary, and they are structurally identical to problems that exist in terrestrial multi-site AI deployments today.

Key Points:

• SpaceX FCC filing: up to 1 million satellites at 500–2,000 km altitude, solar-powered continuous compute, connected via existing Starlink optical inter-satellite links
• Space-XNet (arXiv 2605.00515): distributes Mixture-of-Experts model layers across orbital rings, routes inference traffic along satellite-direction topology, places high-activation experts on lowest-latency nodes — 3x latency improvement over naive placement
• Network topology changes continuously (Keplerian mechanics) — topology-aware placement is mandatory, not optional
• Energy advantage: space-based compute runs on near-continuous solar, entirely sidestepping the terrestrial power crisis
• Latency: approximately 20–40 ms round-trip to most of Earth's surface

The Space-XNet paper reads almost like an academic preview of the engineering challenge SpaceX is actively pursuing. The topology-aware inference placement algorithms the paper develops — where model experts are mapped to orbital nodes based on activation frequency and inter-satellite link latency — apply directly to terrestrial multi-site AI inference over WAN. The satellite case is the extreme version of the same workload placement problem that exists in any distributed enterprise AI deployment with heterogeneous compute nodes and variable interconnect bandwidth.

So What? If you are designing AI inference fabric across multiple sites or regions, the expert/workload placement principles in Space-XNet translate from orbital to CLOS and Clos-derived fabrics. High-activation model components belong on the lowest-latency paths — the satellite case just makes the constraint visible in a way terrestrial architectures often obscure.

SourcesarXiv 2605.00515 — Space-XNet, DataCenter Dynamics — SpaceX orbital DC, SpaceNews

Caltech-Oratomic Research Shrinks Fault-Tolerant QC Requirements 100x

TL;DR: New research from Caltech and startup Oratomic suggests fault-tolerant quantum computers capable of breaking RSA and elliptic curve cryptography may need only 10,000–20,000 physical qubits — roughly 100x fewer than prior estimates — compressing the realistic threat window to within this decade.

Key Points:

• Prior estimates: ~1,000 physical qubits needed per logical qubit for fault tolerance
• Caltech-Oratomic result: ~5 physical qubits per logical qubit via neutral-atom array technique
• Net: encryption-breaking fault-tolerant quantum computing may arrive by end of decade
• Directly extends the April 27 coverage: first ECC key broken on accessible commercial hardware + Google KMS Quantum Safe Key Imports preview

So What? The harvest-now-decrypt-later threat is now measured in years, not decades. NIST finalized ML-KEM and ML-DSA in 2024. If your organization holds data with confidentiality requirements longer than five years — healthcare records, financial transactions, government communications — PQC migration is an active engineering project, not a roadmap item.

Sourcesphys.org, Nature News

• RIPE 92 — Edinburgh, May 20–22: Next major European operator forum. BGP security, RPKI ROA coverage data, and IPv6 deployment rates. The Iran shutdown paper makes BGP monitoring blind spots a timely topic for the routing security working group. Register now for online participation. RIPE 92
• SOFWEEK 2026 — Tampa, FL: Network to Code's software-focused networking conference. Watch for automation tooling announcements and practitioners sharing real-world automation patterns. SOFWEEK
• NVIDIA telco AI survey: 65% of operators report AI is driving their network automation; 89% plan increased AI spend in 2026; 89% consider open-source models important to their strategy. NVIDIA-sponsored, so directional rather than precise — but the open-source preference signal is independently credible. NVIDIA Blog

SourcesRIPE 92, SOFWEEK, NVIDIA Blog

• AutoCon 5 (Munich, June 8–12): NAF Framework deep-dive track, alongside the broader network automation community. Likely to surface practical adoption patterns for the six-block architecture.
• RIPE 92 (Edinburgh, May 20–22): BGP monitoring methodology and RPKI data. Watch for papers building on the Iran shutdown control/forwarding plane findings.
• OpenAI IPO timeline: Any revised Stargate commitments or revenue guidance published as part of IPO preparation will recalibrate the entire hyperscaler capex narrative.
• PJM interconnection queue: First major approval cycle under reformed FERC Order 2023 — watch approval timelines as a proxy for AI grid connection timelines across other RTOs.

5 domains researched | ~14 web searches | 14 items published | 3 quick takes | Quality score: 4.5/5 | RSS digest: 29 articles, max score 5.2