This week settled a question nobody wanted answered: the code your AI agent writes isn’t copyrightable. That landed alongside GitHub killing Copilot’s flat rate, PostgreSQL’s most trusted backup tool losing its only maintainer, and four open-weight coding models shipping in seven days. Everything is available. Nothing is anyone’s responsibility.

Your Copilot Just Got a Meter

GitHub didn’t announce a price increase. They announced a pricing model change. All plans move to token-based billing via AI Credits on June 1. The community response was immediate and volcanic: across 432 comments, users reported effective price increases of 6x to 27x depending on usage patterns and model multipliers. Many are already migrating to direct API access via OpenRouter. The flat-rate era for AI coding tools is over, and the transition came with the kind of advance notice that makes “effective immediately” look courteous.

The instinct to reduce dependency isn’t limited to individual developers. The Dutch central bank announced it’s leaving AWS for Stackit, the cloud arm of Schwarz Digits (yes, the company behind Lidl). The feature gaps are acknowledged. But when you’re a central bank subject to the CLOUD Act, regulatory and geopolitical risk now outweighs convenience. Sovereign cloud just moved from conference-talk material to procurement decisions at institutions that can’t afford to be wrong.

And it’s not just commercial vendors that disappear on you. pgBackRest, the most mature PostgreSQL backup tool, the one your DBA trusts, lost its sole maintainer due to lack of sponsorship. The 217-comment thread was a mix of gratitude and panic, with teams scrambling to evaluate WAL-G, Barman, and forks. Critical data infrastructure that thousands of production stacks depend on, maintained by one person, funded by nobody. The open-source sustainability crisis has a new poster child, and it’s sitting in your backup pipeline.

Even Warp open-sourced its terminal under AGPL and pivoted to agent-first development with multi-model support. The community reads it as equal parts genuine community building and strategic repositioning in a market where users are fleeing lock-in.

The bottom line: Your dependency audit can’t just list features anymore. It needs to cover pricing stability, sovereignty exposure, maintainer health, and exit costs. The vendors and projects you depend on are repricing, relocating, and (in one notable case) vanishing from the commit log entirely.

The Model Didn’t Matter

If the vendor question is whose terms shift under you, the harder question is which layer of your agent stack is even worth investing in. Poolside, Xiaomi, Microsoft, and DeepSeek all shipped open-weight coding models in a single week. Four releases, four competitive scores on the standard coding benchmarks. And then a data-backed study on agent context docs delivered the punchline: your choice of context doc matters more than your choice of model. A well-written 100-line AGENTS.md file (the markdown brief you hand the agent before it starts work) can swing output quality by 15-30% in either direction. Bad docs (vague instructions, conflicting rules) cut task completeness by roughly 30%. The “model upgrade” that teams keep chasing might be sitting in a Markdown file they haven’t written yet.

The same insight showed up in the benchmarks. Dirac, an open-source coding agent, topped the leading agent benchmark at 65.2%, not by using the biggest model but by wrapping a small one (Gemini-3-flash-preview) in careful editing tools and curated context. Cost: roughly a third of brute-force approaches. Architecture beat raw capability. And the wrapper-around-the-model pattern keeps crystallizing. A production architecture for running the agent harness outside the sandbox, with isolated credentials and per-user state, turns last week’s agent security concerns into a concrete engineering pattern. The wrapper code is the trust boundary, not the model.

Meanwhile, the cost floor for running agents collapsed. DeepSeek V4-Flash ships under an open license with a million-token context window at $0.14 per million input tokens, the cheapest comparable model available. When the model itself is practically free, the bottleneck shifts from budget to architecture.

What to do with this: Stop evaluating coding agents by model alone. Write the AGENTS.md your team hasn’t written: 100 lines of decision tables, numbered workflows, and explicit constraints. Invest in the wrapper code (credentials, sandboxing, retries, observability) before chasing the next model release. The model is commodity. The wrapper around it is the product.

The Liability No One Budgeted For

The agentic coding stack is cheaper and more capable by the week, but all that output has to land somewhere the legal system hasn’t fully mapped. When the ownership questions arrive, data teams are the ones holding the bag. A legal analysis triggered by the Supreme Court’s Thaler denial spelled it out: purely AI-generated code isn’t copyrightable. If you didn’t make “meaningful human authorship” decisions (architecture choices, restructuring, selective rejection), the output is public domain. For teams using coding agents to generate boilerplate, that’s a shrug. For teams building proprietary systems with significant AI-generated components, that’s a conversation with legal that should have happened last quarter.

The liability flows both ways. Research published this week showed that even light finetuning (the cheap, standard kind any team can run on a laptop weekend) can unlock verbatim reproduction of copyrighted text across OpenAI, Gemini, and DeepSeek models. Your AI-generated code may not be yours. But the copyrighted material the model memorized? That’s definitely someone else’s. If your team is finetuning on proprietary or licensed text, the compliance exposure just got concrete.

And the liability frontier extends beyond generation into AI-mediated decisions. If your org uses LLMs to screen candidates, a study published this week found a measurable problem: models show 67–82% self-preference for resumes they generated, with same-model candidates getting shortlisted 23–60% more often. The feedback loop writes itself. AI-written resumes systematically advantage AI-screened candidates. Simple mitigations (prompting strategies, multi-model screening) can cut the bias by over 50%, but you have to know it’s there first.

The bottom line: Output liability is the governance question of 2026. Document your human authorship decisions to preserve IP rights. Audit finetuning pipelines for copyright recall risk. And if LLMs touch your decision pipelines (hiring, screening, ranking), run a bias audit before someone else does it for you.

The Radar

Quick hits on stories worth knowing about, organized by what you’re building.

If you’re deploying agents: If you’re running expensive agent pipelines, a layered routing pattern from Mendral cuts costs dramatically. Route every request through a cheap model first (Anthropic’s Haiku), dedupe similar requests with vector search in Postgres, log to ClickHouse. Result: 80% fewer calls to expensive models and 25x cheaper triage. On the capability side, Xiaomi’s MiMo-v2.5 Pro ran for 12 hours straight while making over 1,000 tool calls without crashing, the new bar for whether a coding agent can handle real production workloads, not just leaderboard problems.

If you care about governance: Your CI/CD pipeline is the most privileged part of your supply chain and probably the least secured. The pull_request_target trigger hands write tokens to forked code; shared build caches let an attacker poison subsequent builds; floating action tags let upstream actions get hijacked overnight. Pin actions by commit SHA, partition caches by branch, audit trigger permissions. Separately, a grassroots push for a DO_NOT_TRACK=1 environment variable wants to give developers a universal opt-out for CLI and IDE telemetry. Community consensus: default opt-in is unacceptable, but voluntary adoption without enforcement remains aspirational.

If you’re forced to self-host AI: Most data teams use AI through APIs and never think about model size. If your team is forced to self-host an open-weight model (sovereignty rules, on-prem mandate, or API bills that would buy a server outright), Intel’s AutoRound shrinks a 7-billion-parameter model in roughly 10 minutes on a single GPU while keeping output quality intact. Niche tool, sharp need.

The Data Product Report is published every Tuesday by RepublicOfData.io.

Your Copilot bill is changing June 1. What’s your plan: switch to direct API access, try the open-weight alternatives, or eat the increase? Reply and tell us.