U.S. Treasury warns of AI bubble turmoil as fraud hits AI platforms, while Thrive Holdings raises $2 billion to rewire services firms with AI, highlighting market fragility.

This week, the Bank of England joined the U.S. Treasury in sounding the alarm on AI market fragility, even as Thrive Holdings deployed its $2 billion fund to acquire an AI-powered accounting firm.

Current Waves (since 26 June 2026)

On July 6, 2026, a draft U.S. Treasury report set off tremors. By July 15, the final version had cemented warnings that an AI-driven market bubble could trigger economic disruption exceeding the dotcom crash. The report highlighted an overconcentration of market value in a few tech giants, reliance on opaque private credit for data center financing, and vulnerability among utilities and institutional investors. On July 25, the Bank of England’s Financial Policy Committee piled on, calling for coordinated international stress tests.

While regulators debated, cybercriminals found new AI attack surfaces. A gift subscription loophole allowed hackers to buy unauthorized voucher codes on platforms like Claude, then resell them for cryptocurrency. First flagged by The Guardian in May, the exploit escalated through June until Anthropic patched the flaw on July 20. The incident exposes the security debt accumulating as AI services rush to market, with Human Security’s 2026 report noting a quadrupling of account takeover attempts year-over-year.

Yet the investment floodgates remain open. On July 6, Thrive Holdings announced a $2 billion raise from SoftBank, Altimeter, and D1. By July 22, the firm had already closed its first deal: acquiring a mid-sized accounting firm and infusing it with OpenAI’s tax-return AI. This roll-up play mirrors Bending Spoons’ approach, targeting legacy services—from legal to logistics—and retrofitting them with automation. It’s a high-stakes bet that AI’s productivity promise outweighs systemic risk.

Historical Echoes

The Treasury’s explicit comparison to the year 2000 is unnerving. Then, irrational exuberance pumped venture capital into unproven dotcoms; when the bubble burst, pension funds and retail investors bore the losses. Today, AI’s tentacles stretch deeper: data center REITs, power grids, and private credit funds are all exposed. The 2000 crash vaporized $5 trillion in NASDAQ value within two years—a repeat could cascade through crypto and fintech channels that didn’t exist back then.

The gift voucher exploit has its own historical parallels. In the early 2010s, organized fraud rings exploited retailers’ gift card systems, causing billions in losses. But today’s attackers weaponize generative AI to automate phishing and mimic user behavior, making the threat more scalable. The patch on July 20 was a tactical fix, but the strategic lesson is clear: AI platforms are becoming prime targets precisely because they store payment tokens and personal data in novel ways.

Thrive’s $2 billion roll-up echoes the consolidation wave that followed the dotcom bust, when survivors acquired distressed assets on the cheap. But Thrive isn’t waiting for a crash; it’s buying now, betting that AI can turn services into scalable software. That approach recalls Constellation Software’s playbook, but with a crucial twist: ongoing partnership with OpenAI. If the bubble bursts, such roll-ups could become either lifeboats or overpriced anchors—history will judge.

As of 26 July 2026, we stand at a juncture where regulatory unease and cyber threats collide with aggressive AI investment. The next 90 days could prove pivotal as companies and regulators navigate these crosscurrents.