Innovation: Cursor's $60bn SpaceX Option and AI's New Gatekeepers
Innovation week: SpaceX lines up a $60bn option on Cursor, Mozilla's AI flags 271 Firefox bugs, and the NCSC warns Britain of hacktivist swarms.
Editorial digest April 22, 2026
Last updated : 08:21
Silicon Valley has stopped pretending AI coding tools are a feature. They are the prize. This week, SpaceX put a $60bn price tag on one of them, Mozilla admitted an AI found 271 bugs its humans had missed, and Britain's cyber chief warned the country to brace for hacktivist swarms. Three stories, one current: the gatekeepers of software are being rewritten, and nobody has agreed who holds the keys.
Why is SpaceX buying its way into AI coding?
Elon Musk's rocket company does not make code-completion tools. It is now prepared to spend the GDP of a small country to own one. According to The Guardian, SpaceX has secured an option to acquire Cursor outright for $60bn later this year, or pay $10bn to partner instead. Cursor, alongside OpenAI and Anthropic, has built a business automating the one task developers used to guard jealously: writing their own code.
The number is the story. $60bn for a startup whose entire product is a better autocomplete is the kind of valuation that only makes sense if you believe developer tools are the next operating system. Musk already runs xAI, already owns the rocket stack, already owns Starlink. Bolting on the tool that writes the software for all of it is vertical integration taken to its logical, slightly terrifying conclusion. The partnership option is the tell — $10bn for access suggests SpaceX wants Cursor inside its pipeline whether it owns the company or not.
For UK developers, the read-through is bleak in one direction and useful in another. Bleak, because another strategic software layer is being priced out of British reach. Useful, because the valuation confirms what every junior engineer already suspects: the tools writing the code are becoming more valuable than the code itself.
Can AI finally fix the bugs humans keep shipping?
Mozilla says yes, with caveats that matter. The foundation tested Anthropic's Mythos bug-finding model against Firefox and, according to The Register, it flagged 271 flaws. The catch, buried in the CTO's own framing: none were bugs a skilled human could not have spotted. Mythos did not discover a new category of vulnerability. It found known-shaped problems at machine scale.
That is still a watershed, and Mozilla is right to call it one. Software defenders have spent two decades losing the asymmetry war — attackers need one hole, defenders must find them all. An AI that grinds through a browser codebase and surfaces 271 plausible defects without getting bored is exactly the tool the defensive side has been waiting for. It will not replace a principal engineer. It will replace the audit that never happens because no one has time.
The risk is obvious. If Anthropic's model can find 271 flaws in Firefox, a less scrupulous variant can find them in everything else. The same capability, pointed the other way, is a weapon. Which is where the third story lands.
Is Britain ready for hacktivist attacks at scale?
Richard Horne, chief executive of the National Cyber Security Centre, is not a man given to alarmism. His warning today, reported by The Guardian, is blunt: if the UK becomes entangled in a conflict, it should expect "hacktivist attacks at scale" with disruption comparable to recent major ransomware incidents. Nation states, he added, now account for the most significant incidents the NCSC deals with.
Translate that. The line between hobbyist defacers and state-directed crews has effectively dissolved. Tools that once required a professional operator now ship with a friendly interface. Combine Horne's warning with Mozilla's Mythos result and the picture sharpens uncomfortably: the AI that helps defenders patch at speed is the same class of tool that helps attackers probe at speed. The side with better models, more compute and fewer scruples wins the next round.
The uncomfortable question for Whitehall is whether Britain has either. The NCSC is respected, well-run, and perennially outspent. Asking it to hold the line against state-backed adversaries armed with code-writing AI — while the country's own strategic AI assets get hoovered up by American buyers — is a policy gap dressed up as a press release.
What to take away
The software stack is being reshaped by three forces pulling in the same direction. Capital is consolidating the tools that write code. AI is closing the gap between finding bugs and fixing them. And the threat model is scaling faster than the defenders can hire. Britain is a spectator in the first, a beneficiary of the second, and a target in the third. Pick two — because right now, we are not winning all three.
