April 03, 2026
Matt Levine · email · 17 mins
Prediction markets have unlocked a new structured product: the “binary bond.” A $100 note can be structured as ~$96.90 in a US Treasury bill (maturing at $100 in Feb 2027) + $2 in Kalshi event-market contracts (e.g., the LA Rams winning the Super Bowl) + $1.10 issuer profit, paying $120 on a win or $100 on a loss. This repackages a sports bet as a principal-protected structured note, distributable through financial advisers rather than a gambling app.
Marex Group Plc already built the first real version. Bloomberg reported Marex created prediction-market structured notes — an example: a note paying a 7% coupon if Nvidia remains the world’s largest company in one year. CEO Nilesh Jethwa said Marex will “build our own prediction market structured products, and then leverage Kalshi and other exchanges to replicate that,” hedging all market risk by trading on prediction markets as a non-bank provider.
The structure’s appeal is psychological and distributional, not mathematical. An investor could theoretically size their own bets to get the same payoff, but structured notes split the capital visually — “here is your safe $97, here is your fun $3” — making the gamble feel like a free option rather than a bet. More practically, they can sit in a brokerage custody account, receive favorable tax treatment, and be pitched by a financial adviser as “uncorrelated returns with 100% principal protection.”
Any measurable prediction-market outcome can become a structured note. The same Treasury + Kalshi template works for: Senate control (Democrats/Republicans win → $110), xAI having the top-ranked AI model (→ $110), Taylor Swift marrying in 2026 (→ $107), stagflation by end-2026 (→ $110), or the Fed cutting rates ($100 + $3 per cut). The logical endpoint is retail ETFs — “Go on Robinhood and buy the Rams 2027 Principal Protection ETF, why not” — which Levine had predicted two years ago.
Non-traded BDC redemptions have gone from elevated to alarming. Blue Owl Credit Income Corp. (BOCI), a $36 billion fund — one of the largest in the $1.8 trillion private credit market — saw redemption requests jump from 5.2% of shares in the prior quarter to 21.9% in Q1 2025. Blue Owl Technology Income Corp. (OTIC) went from 15.4% to 40.7% in the same period. Blue Owl, which had previously honored requests above the standard 5% cap, is now joining peers in gating redemptions at 5%.
The gating cascade is self-reinforcing. Blue Owl co-president Craig Packer attributed the spike to “a period of heightened negative sentiment toward the asset class that has intensified as peers have reported tender results” — meaning one BDC limiting redemptions triggers others to do the same. KKR’s non-traded BDC (KKR FS Income Trust) also capped redemptions, at 6.3%. Funds that had marketed retail access to private credit are now revealing that access was always conditional.
Private credit secondary markets have a structural bid/ask impasse. There are more private credit loans for sale than ever — driven by BDC redemptions — but most are offered at or near par (100 cents on the dollar). Buyers won’t pay par because they don’t believe the marks; sellers won’t cut price because doing so would force write-downs on their remaining book. One direct lender: “Buyers are not really there in a systematic way to buy these loans at par, and the bid/ask spread remains very wide in reality.” When Blue Owl sold loans at 99.7 cents, some buyers were existing CalPERS-linked funds with perverse incentives to validate par valuations of assets they already owned.
Private credit’s mark-to-par accounting is “volatility laundering.” Cliff Asness coined the term: illiquid loans never trade, so they never show price swings, creating the appearance of stability. In practice, managers mark loans at 100 cents until near-certain default, then write them to zero — no volatility 99% of the time, catastrophic loss the rest. Distressed investors, including Strategic Value Partners (managing $22 billion), call private credit “the biggest opportunity since 2008” — but since everything is still marked at par, the actual bargains haven’t materialized yet.
A one-person company doing $1.8 billion in GLP-1 drug sales validates Sam Altman’s prediction. Matthew Gallagher built Medvi — essentially himself, his brother, and contractors — by outsourcing drug manufacturing to pharma companies, prescriptions and compliance to CareValidate (a telehealth-in-a-box platform), and using AI for branding, marketing, and customer service. No outside funding, profitable, no official valuation. Altman predicted in 2024 that a one-person $1B business “would have been unimaginable without AI” and said he’d “like to meet the guy” — Gallagher is the guy. The deeper point is that consumer attention online is a specialized skill that even drug manufacturers lack, and modular platforms let a marketer capture the full supply chain’s economics without owning any of it.
Quotable:
“You could theoretically get the same economic effect yourself: put 97% of your money in Treasuries, and put the remaining 3% on the Rams on Kalshi. But people like structured products; they like a thing that says ‘principal protected.’ There’s something psychologically appealing about splitting it up.” — on why binary bonds will sell even though they’re mathematically replicable
Bloomberg · email · 10 mins
Japan’s $227 billion restaurant sector has stalled since 2018, but one-person households and time-poor families are increasingly choosing fast food over sit-down dining — making the market a PE target. McDonald’s dominates with 3,000+ locations, Mos Burger holds #2 with ~1,300, and the limited number of chains (roughly four major players vs. hundreds in the US) means new owners see room to run.
Carlyle paid ¥135 billion ($847M) for KFC Japan in 2024 and Goldman Sachs PE paid ¥70 billion for Burger King Japan last year; Wendy’s Japan is now actively being shopped, with Longreach Group said to be considering bids. The deals reflect a classic PE thesis: undervalued, underpenetrated brands in a market where competition is structurally limited.
Japan’s shift from decades of deflation to inflation is a tailwind rather than a headwind — consumers seeking value gravitate toward fast food, and both McDonald’s and Mos Burger already show higher spending per visit even as prices rise. Carlyle plans to expand KFC outlets 30% to ~1,700 in four years; Goldman’s Kazuya Omoto targets growing Burger King from ~350 to 600 stores by 2028, adding premium menu items alongside broader coverage.
The PE playbook for these deals extends beyond store count: both KFC and Burger King are rolling out self-order kiosks to cut labor costs, building online ordering and delivery infrastructure, and mining customer data — gaps relative to McDonald’s that the new owners frame as upside. As Carlyle’s Takaomi Tomioka put it: “KFC hasn’t covered breakfast, snacks and late dinners as well as McDonald’s.”
Separately, the broader PE industry faces a mounting stress signal: PE-owned companies borrowed $94 billion in leveraged loans and high-yield bonds in 2025 alone to fund dividend payouts to sponsors — part of a $200 billion two-year total (2024+2025) that is more than five times the combined 2022–2023 figure. Blackstone-backed IntraFi exemplifies the risk: a nearly $1.5 billion debt-funded dividend pushed its leverage above 9x, and Moody’s estimates it may take two years just to fall below 7x. PE exits simultaneously fell 36% year-on-year to ~$103 billion in Q1 2026, reinforcing why sponsors are extracting cash through recaps rather than sales.
Quotable:
“If you look at the US, there’s hundreds of burger chains. In Japan, there’s probably four major players.” — Kazuya Omoto, Goldman Sachs VP who led the Burger King Japan acquisition
Lombard Notes · email · 9 mins
Getting a euro onto a blockchain means traversing five distinct infrastructure layers, each built by a different institution over decades. The journey traced here: Italian bank → SEPA Credit Transfer → EBA STEP2 clearing → T2 settlement → Monerium compliance checks → EURe mint, with Monerium’s EURe chosen as the target because it is an Iceland-based e-money institution issuing under MiCA, meaning the on-chain token is a legally-backed programmable claim on segregated fiat.
A SEPA Credit Transfer (SCT) mandates only five fields: originator name, beneficiary name, originator IBAN, beneficiary IBAN, and amount — nothing else is compulsory. This structural data poverty, adopted via ISO 20022 in 2008, creates a compliance gap downstream: the originator’s physical address (field P005) is only mandatory when a PSP is outside the EEA, but the Travel Rule requires it, meaning every domestic SCT-to-crypto on-ramp operates in a grey zone from the moment the payment is instructed.
The actual clearing happens at EBA STEP2, the only pan-European ACH, maintained by a consortium of 48 banks, connecting 4,800 PSPs and processing ~€84 billion/day in early 2026. STEP2 doesn’t move real money — it nets positions across banks and establishes who owes what — and then settles those net obligations by moving central bank money through T2 (formerly Target 2), the Eurosystem’s RTGS, which settled over €400 trillion in total value in 2024.
Settlement in T2 is the moment legal finality is achieved under the Settlement Finality Directive 98/26/EC: once entered into a T2-designated system, a transfer order is irrevocable and shielded from insolvency proceedings. Blockchain finality is structurally different — it is probabilistic (X block confirmations), has no legal equivalent under SFD-type frameworks, and MiCA does not resolve this. Monerium’s on/off-ramp is the collision point between two incompatible finality regimes.
Monerium solves the reconciliation problem that plagues most on-ramps by issuing a unique virtual IBAN per user at onboarding, permanently linked to a blockchain wallet address. When the SCT arrives at that IBAN, wallet matching is automatic — no payment reference required, no risk of truncation or manual investigation. But before minting EURe, Monerium must still clear two compliance hurdles: a KYC name-match check (the SCT’s P001 originator name field travels with every transfer, but may not be sufficient alone) and the FATF Travel Rule, extended to virtual assets in 2019 under Recommendation 16, which requires originator address data that the SCT rulebook doesn’t mandate.
Once minted, EURe is backed 1:1 by euros sitting in a safeguarded account segregated from Monerium’s operational funds, as required under EMD2. MiCA’s Electronic Money Token provisions (Title III) tighten this further with reserve, redemption, and disclosure requirements. The backing euro is legally the customer’s, ringfenced by regulation, and redeemable at par on demand.
The real blockers for stablecoins replacing this infrastructure are three unresolved structural problems, not technological immaturity: (1) the double finality regime — fiat has legal irrevocability, blockchain has only probabilistic confirmation; (2) operational irreversibility without legal finality — blockchain is immutable in the wrong direction, making recalls impossible while also remaining theoretically vulnerable to a majority-stake rewrite; (3) Travel Rule enforcement — achievable within the VASP perimeter but likely incompatible with preserving the anonymity properties that give public blockchains their value proposition without a fundamental redesign. SEPA Instant has already neutralised the speed argument, so these three structural gaps are what remains.
Quotable:
“Blockchain is immutable but in the wrong way: operationally irreversible, making recalls or reversals impossible, yet lacking the legal finality that protects transactions in systems like T2.” — on why replacing T2 is harder than it looks
Byrne @ The Diff · email · 9 mins
Legal equity ownership and economic equity ownership diverge when key workers are scarce. Common stock gives shareholders residual claim on profits after everyone else is paid — but when a company’s highest-value employees can walk to a direct competitor or start one, those employees extract the economic upside. The shareholders retain capped, bond-like returns: they own the mezzanine tranche in practice, not the equity.
Citadel-style pod funds illustrate the dynamic precisely. A portfolio manager running a rigorous process that generates $50m/year gross P&L could produce that same $50m at Millennium, Balyasny, Point72, or Verition. The fund’s value add is infrastructure and deal flow — Uber for quants. This competitive pressure means the PM captures an increasing share of gross P&L, even if it never reaches 100%.
Compensation structure is designed around the mobility problem, not despite it. California AI labs can’t enforce noncompetes, so they use equity grants with vesting schedules — the better the company performs, the more valuable the unvested stock, creating a financial lock-in. New York finance enforces noncompetes and uses high deferred compensation. Since the financial crisis, top funds shifted away from annual cash bonuses toward multi-year deferred structures, making retention a legal and financial cage simultaneously.
Scarce talent extracts not just money but governance rights. High-value employees’ implicit equity stake comes with implicit voting power: tech workers have successfully pressured AI labs to avoid military contracts or hold back capabilities. In finance, individual rainmakers have compelled firms to maintain satellite offices or carve out remote-work exceptions in otherwise mandatory return-to-office policies.
This mechanism is why high-growth industries fail to compound forever. Profits above cost of capital are temporary; to sustain them, the company must keep expanding its comparative advantage. As they mature, the employees who had the right scarce skills at the right time get wealthy, while the company’s returns regress toward normal. The log-linear profit curve flattens rather than extends.
Quotable:
“Some of the richest people around are economically owners of the mezzanine tranche of their business, even if what they own is legally common stock. The actual economic owners are their employees, particularly the ones who can measurably contribute to something that generates cash or is accretive to market cap.” — on AI labs, pod shops, and prop trading firms
The Core · email · 8 mins
On March 20, 2026, Novo Nordisk’s Indian semaglutide patent expired. Within 48 hours, 16+ generic versions of Ozempic hit Indian pharmacy shelves and prices crashed 70–90%. Zydus alone launched three brands and anchored API supply for Lupin and Torrent; Torrent became the first Indian company to offer a generic semaglutide tablet (not just injectable) on day one. Dr. Reddy’s launched “Obeda” with a 87-country rollout plan. India had copied the world’s most in-demand drug faster than any country on earth.
Copying is structurally profitable — until it isn’t. Sixteen brands competing on the same molecule collapse margins within weeks; the comfortable returns that funded three decades of Indian pharma growth are thinning fast. The originator’s premium — royalties, licensing income, durable pricing power — flows entirely to whoever invented the molecule, not to whoever copied it.
India’s pharma scale is enormous but misdirected. The industry supplies 40% of America’s generic medicines and two-thirds of the world’s vaccines; exports reached Rs 2.60 lakh crore in FY25, total turnover Rs 4.72 lakh crore. Yet R&D has been deliberately aimed at incremental improvement, not discovery. Yusuf Hamied, the Cipla chairman who made AIDS drugs affordable for millions, said in a 2015 Lancet interview: “Our R&D at Cipla is targeted at incremental innovation — how to change and improve a product that already exists.”
The one serious attempt at original drug discovery illustrates why incumbents avoided it. Kallam Anji Reddy launched India’s first drug discovery programme in 1993, running it alongside the generics business making him rich. The generics side worked spectacularly — Dr. Reddy’s became the first Indian company to file for US approval and earned Rs 366 crore in FY2002 from a single 180-day exclusivity on generic fluoxetine 40mg. The original-drug side did not succeed. A new drug takes 10–15 years, costs $1–2 billion, and fails nine out of ten times. The current generation of Indian discovery programmes — the most serious since Dr. Reddy’s licensed molecules to Novo Nordisk in the 1990s — is now attempting this again, with Zydus furthest along among three Indian obesity candidates.
Quotable:
“Our R&D at Cipla is targeted at incremental innovation — how to change and improve a product that already exists.” — Yusuf Hamied, Cipla chairman, The Lancet, 2015
‘Lenny’s Newsletter’ via PubsforSubs · email · 6 mins
GPT 5.1 and Claude Opus 4.5, released in November 2025, crossed a threshold where coding agents went from “mostly works” to “almost always does what you want.” This wasn’t incremental—engineers who tinkered over the holidays came back describing a qualitative shift in reliability. The bottleneck in software development has now moved entirely away from writing code and toward deciding what to build, validating ideas, and collecting user feedback; Simon Willison now builds three versions of every feature just to prototype quickly since the cost is negligible.
The most radical live experiment in AI-assisted development is StrongDM’s “dark factory”: nobody writes code, nobody reads code. Instead, three people run a swarm of AI-simulated end users 24/7—thousands of fake employees making requests like “give me access to Jira”—at $10,000/day in token costs, with coding agents that built simulated versions of Slack, Jira, and Okta from API docs to avoid rate limits. The output: 32,000 lines of production code maintained entirely through behavioral testing rather than human code review.
Prompt injection—where malicious instructions embedded in untrusted content (emails, web pages) hijack an AI agent’s behavior—is still an unsolved security problem, and the “lethal trifecta” makes it dangerous at scale: any agent that combines access to private data, exposure to untrusted content, and the ability to send data externally is a high-value attack target. A 97% detection rate sounds good but means 3 out of 100 attacks succeed—a failing grade when those attacks can exfiltrate private data or send unauthorized messages. Willison has predicted an AI Challenger disaster every six months for three years; it hasn’t happened yet, but the structural conditions remain in place.
Quotable:
“A 97% detection rate is a failing grade when 3 out of 100 attacks succeed.” — Simon Willison on prompt injection and AI agent security
Bloomberg Technology · email · 5 mins
OpenClaw is an open-source AI agent platform that differs from standard LLM chat apps by retaining user preferences and tracking goals across sessions — each agent develops its own personality through use (“raising” it). Because every deployment must route to some LLM backend, international users are defaulting to Chinese providers like Zhipu, Minimax, and Moonshot rather than Anthropic’s Claude — which is widely considered superior but significantly more expensive. Moonshot AI’s Kimi k2.5, for instance, costs roughly a third of Claude’s price per token, making it the dominant choice in the /openclaw Reddit community.
China’s cost advantage is structural, not incidental. Lower energy and infrastructure costs, combined with months of efficiency optimization forced by restricted access to Nvidia’s high-end chips, give Chinese AI providers a durable pricing edge for token-heavy workloads. OpenClaw is particularly token-hungry — its non-intuitive setup can burn thousands of tokens on configuration and error-correction alone — which amplifies the price gap. This has drawn Tencent, Alibaba, Baidu, ByteDance, Moonshot, SenseTime, and Minimax into a race to become the preferred OpenClaw backend, with Shenzhen offering over $1 million in subsidies for “one-person companies” launching OpenClaw apps.
Two barriers limit how far this wave travels. Technically, OpenClaw installation requires command-line access (Apple Terminal) and offers no graphical interface until connected to a chat app like WeChat or Telegram — a high bar outside China’s tech-literate user base. Security is the larger constraint: malicious OpenClaw apps can steal data or access private networks, prompting Chinese authorities to ban the platform on government and bank systems entirely, while local companies race to build sandboxed mobile “environments” for safe deployment.
Quotable:
“Not only might this be the first sustainable path to AI monetization for many, the opportunity to reach overseas markets where spending on internet services is more commonplace raises the ceiling on Chinese AI providers significantly.” — on why Chinese AI companies are riding the OpenClaw wave despite government wariness
Aaron Holmes · email · 5 mins
Anthropic’s forthcoming “Mythos” model, accidentally exposed in a prematurely published draft blog post, is capable of exploiting security vulnerabilities “in ways that far outpace the efforts of defenders.” Anthropic is pre-briefing cybersecurity researchers and granting early access specifically to gather feedback on reducing the model’s offensive potential before release. Wiz CTO Ami Luttwak — whose company Google acquired last month — put it bluntly: “We now believe the new models are essentially the best cybersecurity researchers in the world, and that’s a problem.”
The offensive capability is already demonstrable: in a live test, Claude Code reviewed Ghost, an open-source newsletter platform with 50,000+ hosted publications and a clean 13-year vulnerability record, and found a critical flaw — one that would let an attacker edit any Ghost site or steal user data — within hours. Anthropic researcher Nicholas Carlini presented this at a security conference in early March. Beyond discovery, AI now accelerates the full attack chain: once inside a network, models can map infrastructure, exfiltrate data, and trigger ransomware encryption faster than human defenders can respond.
Traditional security tooling is structurally blind to AI-assisted intrusions because it was designed to detect human attacker behavior patterns. Irregular Security, an AI security startup that red-teams models for OpenAI and Anthropic, found that leading models already understand how to move laterally through corporate networks without triggering existing detectors. The defensive counter-move is symmetric: security vendors like Wiz and Tenzai are requesting “ungated” (safety-filter-removed) versions of the same Anthropic and OpenAI models to proactively scan their customers’ code for vulnerabilities before attackers can find them first.
Quotable:
“We now believe the new models are essentially the best cybersecurity researchers in the world, and that’s a problem.” — Ami Luttwak, CTO of Wiz, on the threat posed by Anthropic’s upcoming model
FirstFT Asia · email · 5 mins
Trump fired attorney-general Pam Bondi on April 3, 2026, after sustained pressure from within his own coalition over her handling of files related to late sex offender Jeffrey Epstein. Despite being a long-standing loyalist — she defended Trump in his first impeachment trial in 2020 and backed his challenges to the 2020 election result — her failure to satisfy the MAGA base on the Epstein matter proved fatal to her tenure.
Deputy attorney-general Todd Blanche will serve as Bondi’s temporary replacement — a notable choice given that Blanche previously acted as Trump’s personal lawyer in multiple DoJ and state cases brought against Trump under Biden. Bondi’s dismissal is the second major cabinet firing of 2026; Kristi Noem was ousted as secretary of homeland security the previous month and replaced by Markwayne Mullin.
The newsletter’s other headline stories underscore a volatile geopolitical and economic backdrop: Brent crude surged 7.8% to $109.03/barrel after Trump vowed to hit Iran “extremely hard” in a primetime speech, and Trump separately announced pharmaceutical tariffs of up to 100% on drug imports from companies that have not boosted US investment or cut prices. Blue Owl Capital faced $5.4bn in redemption requests in Q1 alone, with investors attempting to pull more than 40% from one flagship fund.
Quotable:
“We love Pam, and she will be transitioning to a much needed and important new job in the private sector, to be announced at a date in the near future.” — Trump, Truth Social post announcing Bondi’s dismissal