SpaceX buys Cursor for $60B and pulls developer tools inside the rocket

SpaceX is buying Cursor for sixty billion dollars in all stock, and it filed the paperwork with the SEC to prove it.

It's Wednesday, June 17, 2026. Here's the rundown.

A rocket company just bought your code editor, a smart bulb is running a banned-book library, and our call goes nine months out on whether Grok eats Cursor's defaults.

SpaceX agreed Tuesday to absorb Anysphere, the maker of Cursor, in an all-stock deal worth about sixty billion dollars. A subsidiary called X67 merges into Cursor, shareholders take Class A stock, and they're targeting the third quarter pending regulators.

The price is the whole story. Cursor raised at twenty-nine billion in November. SpaceX is paying roughly double that seven months later.

Against more than four billion in total annualized revenue, about two and a half of it enterprise. SpaceX had an April option: buy at sixty, or pay ten billion for a partnership.

And it chose to own the layer. That's the tell. They didn't want to rent the surface where developers type, they wanted the margin.

They absorbed xAI in February. Now they pair the most-used coding surface with their own compute and model stack.

Here's the part the headline glosses. Cursor runs on Claude and GPT today. And SpaceX just signed cloud-compute leases with Anthropic and Google worth about twenty-six billion a year combined.

Both with ninety-day termination clauses.

So they're paying rivals to serve inference inside a tool they now own, on contracts they can cancel in a quarter. You don't structure it that way unless you're keeping the option to walk.

If your team standardized on Cursor, what do they do this morning?

Don't panic, but plan. A Grok-first Cursor behaves differently on your codebase than a Claude-backed one. Keep your prompts and agent configs portable, qualify a second editor in your stack, and treat model choice as a setting you control.

And if you're building a coding tool yourself?

The comparable just got expensive, and the distribution moat just got an owner with its own silicon. The signal for the year is compute owners buying the application layer instead of licensing it.

Anyone running a developer product on someone else's models is a target or a reseller.

Right. The margin moves to whoever owns the GPUs and the surface. This deal just drew that line in marker.

Amazon committed multibillion dollars to a new data center in Missouri, another node in the hyperscaler land grab.

The pattern's consistent. Pre-build inference and training footprint in cheaper-power states ahead of demand.

What do you actually watch here?

The megawatt number and the grid-interconnect date. A press release about a building tells you nothing. Power and the interconnect tell you when the capacity comes online, and that's the only date that matters.

Vicki Boykis says local models finally cleared the bar. A gemma-class twenty-six-billion model in LM Studio, on a 2022 M2 Mac with sixty-four gigs, refactored a notebook into a six-module repo, wrote tests, and bootstrapped a recommender.

And she credits tooling and open weights, not size. The HuggingFace use-this-model button, fast prompt-template patches, agents sandboxed in Docker. That's the real shift.

She's explicit it's personal experience, not a benchmark.

So treat it as a threshold report, not a verdict. But the threshold moved, and that one's real.

Anthropic also logged elevated error rates across many models on its status page.

Which is your reminder that single-provider serving is an uptime risk, not just a pricing one. Multi-provider fallback pays for itself the first time a status page goes yellow.

And SubQ published a technical report for its 1.1 Small model.

Worth a skim if you're shopping cheap fast inference. Read it for actual token throughput and context numbers before it goes near your routing table.

ByteDance shipped an agent-native CLI for Lark and Feishu. Two hundred plus commands, twenty-six agent skills, MIT-licensed, installable via npm.

And they deliberately skipped MCP for token-efficient commands with structured output, so agents like Claude Code and Cursor hit higher call-success rates. That's a real design choice, not a press line.

There's an act-as-you mode that touches personal messages, calendar, and docs.

With authorization and review before actions run. Read that checkbox closely before you deploy, because that's a lot of trust to hand an agent.

Two other reads. Gergely Orosz on why Meta is dismantling its engineering org, and a field-notes post using interview questions to surface what people don't understand about Kubernetes.

The Meta piece is a hiring window if you compete for senior talent. The Kubernetes one you can mine straight into a study list. Both links in the briefing.

A developer documents a fake LinkedIn recruiter whose proof-of-concept repo hid a backdoor in an npm prepare script. That runs automatically on install, so just pulling dependencies executes the payload.

And the commits were authored under the stolen identity of a real engineer. The repo's still up after reports.

Here's the detail for builders. A read-only AI code-review agent flagged the payload in seconds, where manual reading missed it.

It was dressed up as sloppy beginner code, which is exactly how you smuggle it past a human. That rhymes with the Lark CLI story, and it's the takeaway for the week.

Say it plainly.

Run untrusted code through a read-only reviewer before npm install, and audit any agent's act-as-you permissions before you grant them. Agents are your best supply-chain defense and your largest new attack surface at the same time.

Two lighter ones. Someone reflashed a four-megabyte ESP32 smart bulb, carved two megs for storage, and served an ebook shelf over an open access point off the bulb. And a researcher shows thin identity checks in a FIFA system could have pushed content during the World Cup with just a document.

The bulb is a genuinely clever offline dead-drop, firmware wipes the Wi-Fi creds so it doesn't leak a home network. The FIFA one is the usual lesson. An identity gate that trusts a document without verifying it is not a gate.

Quick break — two from the desk.

One we know well: vote dot direct. If you're on an H O A or a board, it runs your elections digitally — secure, verifiable, no paper, no clipboard in the lobby. Point your council to vote dot direct.

And if this is your ten minutes of A I for the day, get the written edition too. The full wire, free, every morning — leave your email at nextbig dot dev.

Hacker News is arguing over an April first essay claiming a peopleless economy isn't technically impossible.

Microsoft's x86 emulator team found code so bad they fixed it during emulation. That's a sentence.

Mocha resurfaced on the GitHub feed, and sindresorhus's eslint-plugin-unicorn now ships more than two hundred rules.

Bartosz Ciechanowski's 2022 Mechanical Watch explainer is back at five hundred and two points, and John Carmack posted on Fabrice Bellard, the one-person engine behind QEMU and FFmpeg.

Apple's vehicle motion cues are getting reviewed as a real car-sickness fix, and a two-hundred-nineteen-point post dissects correlated randomness in Slay the Spire 2.

Our call: within nine months SpaceX routes Cursor's default model to Grok and quietly trims at least one of its Anthropic or Google compute leases using those ninety-day clauses.

We're wrong if, by March 17, 2027, Cursor still ships with Claude or GPT as its out-of-the-box default and neither lease has been publicly cut. It settles by March.