The Week AI Agents Stopped Being Free And Unregulated
Three stories, one message. The government is writing the rules. Google is grading your website. And the cheap-money phase just ended.
Segment for Episode 42 · Friday May 22, 2026 · All facts verified 2026-05-21
The thread that ties all three
This week, three different forces all said the same thing: AI agents are now real infrastructure. Real infrastructure gets rules, a report card, and a bill. All three landed in the same seven days.
STORY 01 · THE RULES
The NSA Just Wrote A Security Memo For The Way AI Agents Work
~1.5 min
On May 20, the NSA's AI Security Center published a security document on the Model Context Protocol — MCP. That is the protocol that lets an AI agent reach into real software and actually do work: pull your data, run actions, touch your systems.
Here is what the memo actually found. MCP flips the normal pattern — instead of you asking software for data, the software can now go and DO things for you. The NSA's concern: this happened fast, before anyone wrote the safety rules. They call MCP "flexible and underspecified," like the early web protocols.
They named four risks: an AI blindly trusting a tool, a tool firing when it should not, systems passing tasks to each other without checking, and the data-packaging layer underneath. Their verdict: these are systemic — they "cannot be patched at isolated endpoints." Their advice: heightened scrutiny before you put MCP into production.
The "why now" — the part worth saying on air
The government does not write security memos for toys. It writes them for things about to run everything. The week the NSA shows up is the week the technology became real. Independent research backs the caution — the MCPTox benchmark tested 45 live MCP servers and found 60%+ attack success rates. (That number is independent research, not the NSA — say so.)
Verified 2026-05-21. NSA AI Security Center, "Model Context Protocol (MCP): Security Design Considerations," May 20, 2026 — nsa.gov. MCPTox 60%+ figure: independent benchmark, 45 servers.
STORY 02 · THE REPORT CARD
Google Now Grades Your Website On Whether AI Can Read It
~1 min
Google added a new "Agentic Browsing" audit category to Chrome Lighthouse — its official website-quality tool. One of the new checks: does your site have an llms.txt file. That is a plain-text summary at your domain root that AI tools can read to understand your business — think robots.txt, but for ChatGPT, Perplexity, and Gemini instead of search crawlers.
The catch — and it's the better story
Google can't agree with itself. The Lighthouse team added the llms.txt check. The same week, Google's Search team published guidance with a mythbusting section saying you do NOT need an llms.txt file. Search Engine Journal ran the headline: "Google's llms.txt Guidance Depends On Which Product You Ask." Honest nuance: the file is optional today — if you don't have one, the audit shows "Not Applicable," not a fail.
The direction is unmistakable even if Google's messaging is split: your website is now being evaluated on whether machines can understand it. Not just humans. Not just search crawlers. Agents.
The AI Subsidy Era Is Ending — And This Week You Could Watch It Happen
~1.5-2 min
Three things happened this week that all point the same direction:
Microsoft canceled its own internal Claude Code licenses. Token-based billing made a competitor's coding tool too expensive — even for Microsoft. Developers are being moved to GitHub Copilot CLI by June 30.
Uber's CTO said the company burned its entire 2026 AI budget in four months. Adoption ran far past the forecast; the real cost per engineer was multiples of what the spreadsheet assumed.
GitHub Copilot is dropping flat-rate plans for usage-based, token-metered billing starting June 1.
And AI software prices have been rising sharply across the board over the last six months — Anthropic, OpenAI, and Google all raised effective prices. (Note: the viral tweet cited a precise "20-37%" jump — I could not source that exact range, so on air say "rising sharply," not the number.)
⭐ Prediction tie — Chris called this
Chris · Ep36"Subscription pricing has an expiration date. Everything moves to cost-per-action. AI's eating SaaS pricing."
Chris · Ep41"The all-you-can-eat subscription buffet for agentic use is ending industry-wide. Flat offerings reprice before June 15."
GitHub killing flat-rate plus Microsoft and Uber's cost blowouts is that prediction landing — hard. Not the Callback (that stays Musk), but a clean prediction hit inside the segment.
Verified 2026-05-21.Windows Central (Microsoft) · Startup Fortune (Uber) · GitHub Blog (Copilot billing). Surfaced via @hedgiemarkets on X — the three events verified; his "My Take" is opinion, the "20-37%" figure unsourced.
Why our audience should care
Three stories, one message for a business owner. AI agents are now infrastructure — and infrastructure comes with three things you have to deal with.
Rules: know the security risks the NSA flagged before you let an agent touch your systems. A report card: make your website readable to AI, because Google just started grading it. A bill: the free-experimentation phase is over — budget for metered AI usage, not flat seats, because the meter is coming whether you plan for it or not.
The week the rules, the report card, and the bill all arrive is the week AI agents stopped being an experiment.
Where does this segment go in the show?
Right before the funding block. "The bill" story hands straight into "AI funding fell off a cliff" — clean bridge into the money segment.
Right after Google I/O (Segment 03). Thematically it extends the agent-layer story.
As the final news segment before the Monet closer.
Keep the Chris prediction tie inside Story 3?
Yes — keep it. Clean hit, the audience loves the dot-connect, and it is clearly NOT the Callback (Musk holds that).
Cut it. Play Story 3 as straight news, no prediction reference.
The "20-37%" price figure?
Say "rising sharply." The exact range isn't sourced. Direction is rock-solid; the precise number isn't.
You have a source. If you can point me to one, I'll verify it and we use the number.