Big Tech is Spending $725B on Artificial Inteligence

May 12, 2026 | Technology

Share:

Facebook
X
Whats app
Email

Summary

The industry is betting the house on artificial intelligence — pouring record capital into infrastructure while cutting the workforce, ignoring security fundamentals, and quietly reshaping the internet’s plumbing. This week’s tech news isn’t five separate stories. It’s one.

The $725 Billion Question Nobody Is Asking

The headline number is eye-watering: Google, Amazon, Microsoft, and Meta have collectively committed roughly $725 billion in capital expenditure for 2026 — up 77% from the already-record $410 billion they spent in 2025. Microsoft alone has budgeted $190 billion, attributing $25 billion of that figure directly to rising memory and chip costs. Amazon sits at $200 billion. Meta’s top-line projection has climbed to $145 billion, roughly four to five times what it spends on total employee compensation.

The mainstream narrative frames this as proof that AI is real, that demand is insatiable, and that any analyst still questioning the ROI of this spending is — in the words of one Wall Street note — pushing “garbage” arguments. The earnings calls have been sycophantic. AWS grew 24% in Q1 2026, its fastest pace in 13 quarters. Azure and Google Cloud are accelerating. The infrastructure thesis is, on the surface, intact.

But the question the cheerleaders are not asking is a simple one: what exactly is being built, for whom, and at what cost? Power availability — not chip supply — is now the primary constraint on data center expansion. Blackstone and Halliburton are putting $1 billion into VoltaGrid, a Houston company building gas-powered microgrids specifically to feed AI clusters. The energy grid is being quietly rebuilt around AI demand, and the cost of that rebuild will not appear on a quarterly earnings slide.

The Paradox on the Balance Sheet

While the capex numbers go up, the headcount numbers go down — and the divergence is now impossible to ignore.

Over 102,000 tech employees have been laid off across 130 companies in the first five months of 2026, with April alone accounting for more than 45,000 cuts — the worst month for tech layoffs in nearly two years. Meta is cutting 8,000 jobs effective May 20, targeting recruiting and HR at rates of 35–40%. Microsoft is offering voluntary buyouts to approximately 8,750 US employees — around 7% of its domestic workforce. Amazon cut roughly 16,000 corporate roles in Q1, more than half of all tech sector cuts in that quarter.

Both Meta and Microsoft have explicitly cited AI automation as enabling the reductions — particularly in content moderation, customer support, software testing, and certain engineering roles. Nikkei Asia’s analysis attributed 47.9% of Q1 2026 tech layoffs to AI and automation, not restructuring or economic headwinds.

“Meta’s AI capex is roughly four to five times what the company spends on total human employee compensation.”

— Invezz analysis of Meta filings, May 2026

The arithmetic makes the stated logic shaky. Even if every laid-off employee were replaced by AI doing the same work for free, the cost savings would total roughly $27 billion across all four companies — a fraction of the $725 billion infrastructure commitment. The real dynamic is not “AI replacing workers to save money.” It is structural: tech sector job postings requiring AI skills are up 67% year-over-year, while postings for traditional software engineering roles have fallen 23%. The companies are not cutting costs. They are changing what kind of work they want to pay humans to do.

5,000 Apps Just Left the Door Unlocked

If AI is transforming who writes code, it is also transforming how badly that code is secured.

Israeli cybersecurity firm RedAccess, reporting to WIRED and Axios this week, identified roughly 380,000 publicly accessible assets built using AI-assisted development platforms — Lovable, Base44, Replit, and Netlify among them. Of those, approximately 5,000 contained sensitive corporate or personal data, indexed by Google and accessible to anyone with a search bar. Researchers found hospital staff rosters, bank financials, shipping manifests listing vessel routes, and unredacted customer service conversations.

The root cause is structural, not incidental. “Vibe coding” platforms — tools that let non-technical users deploy applications through natural-language prompts — default to public accessibility. The concept of authentication is simply absent from the mental model of most users deploying through these tools. Researchers note that basic configurations like “private access” were either not set by default or not understood by the users who needed to set them.

“5,000 vibe-coded apps just proved shadow AI is the new S3 bucket crisis.”

— VentureBeat, May 2026

The S3 bucket comparison is apt. A decade ago, misconfigured Amazon S3 storage buckets became the defining embarrassment of the cloud era — companies leaked terabytes of sensitive data simply because they did not understand that “cloud storage” did not mean “private storage.” The pattern is repeating itself, one Lovable deployment at a time. The platforms involved — Replit, Wix (owner of Base44) — have pushed back, arguing that public URLs are expected behavior for tools designed to share content. That response will age poorly.

The Firewall at the Center of Everything Is Currently Broken

While vibe-coded apps leak data at the application layer, the network perimeter itself is under attack.

CVE-2026-0300, a critical buffer overflow vulnerability in Palo Alto Networks’ PAN-OS — the operating system running hundreds of thousands of enterprise firewalls globally — carries a CVSS score of 9.3. It allows an unauthenticated attacker to execute arbitrary code with root privileges by sending specially crafted packets to the User-ID Authentication Portal, which is frequently exposed to the internet. Exploitation has been active since at least April 9, 2026. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog on May 6, requiring US federal agencies to apply mitigations by May 9. A patch is scheduled for release on May 13 — meaning every organisation running an exposed Palo Alto firewall has been operating with an unpatched, actively exploited root-level hole for over a month.

The timing is notable. CVE-2026-0300 lands in the same week as the RedAccess findings, the same month that over 100,000 tech security and engineering roles have been cut across the industry. The people responsible for patching these systems are, in many cases, the same people being handed buyout packages.

The Infrastructure Layer That Nobody Talks About

One story this week cuts against the grain of the doom scrolling: a genuinely meaningful technical advance that will shape how AI is trained for years.

OpenAI, in partnership with AMD, Broadcom, Intel, Microsoft, and Nvidia, has published the Multipath Reliable Connection (MRC) specification through the Open Compute Project — an open networking protocol purpose-built for large-scale GPU clusters. The problem MRC solves is unglamorous but consequential: in training runs involving tens of thousands of GPUs, a single late data transfer can stall the entire process, leaving expensive hardware sitting idle. MRC addresses this by spraying packets from a single transfer across hundreds of paths simultaneously, routing around failures in microseconds, and allowing GPUs to place data directly into memory regardless of packet arrival order.

MRC is already deployed across all of OpenAI’s largest Nvidia GB200 supercomputers, including its Abilene, Texas facility and Microsoft’s Fairwater supercomputers. The decision to publish it as an open standard — rather than maintain it as a competitive moat — is significant. It suggests the bottleneck the industry is now trying to solve is not model capability or chip availability, but the reliability of the interconnect fabric between chips. At $725 billion in annual infrastructure spend, idle GPUs are an expensive problem.

“Even a single transfer arriving late can disrupt the entire process, causing GPUs to sit idle.”

— OpenAI MRC technical documentation

The Pattern Underneath Five Stories

Read these five developments together and a consistent pattern emerges.

The industry is in a race to build infrastructure at a scale and speed that has historically created the conditions for systemic failure. Capital is concentrated into four companies. Power grids are being restructured around AI demand without public debate. The security implications of democratising software development are being externalised onto users who don’t know what they’re externalising. Enterprise perimeter security has a critical unpatched zero-day in active exploitation. And the engineers who would normally be responsible for patching, securing, and auditing all of this are being asked whether they’d like to take a buyout.

None of this means the AI investment thesis is wrong. AWS accelerating to its fastest growth in 13 quarters is a real data point. MRC is a real technical advance. The productivity gains being cited to justify layoffs may, over time, prove real. But the current moment — $725 billion committed, 100,000 jobs cut, 5,000 apps leaking data, one firewall OS with a root exploit in the wild — is not the moment to assume that speed and scale are sufficient substitutes for care and discipline.

The history of technology is littered with cycles where the build-out moved faster than the safeguards. We are, by most available evidence, in one of those cycles now.

Sources:

Advertisement — sample screenshot 300 × 250 px (not site branding)
Advertisement — sample screenshot 300 × 250 px (not site branding)