Anthropic bolsters its AI strategy by hiring Andrej Karpathy and acquiring SDK startup Stainless. Explore the move toward Software 3.0, agentic engineering, and MCP.
Security officials will warn there is an increasing cyber threat from nation states at a conference in Glasgow on Wednesday.
A coalition supported by Claude Mythos Preview to find and fix vulnerabilities in the software the world depends on.
Anthropic's Mythos showed that given enough inference, all bugs are shallow. But who pays for the inference? We benchmarked Claude Opus 4.6 against Corgea v1 and v2 to show why purpose-built scanner architecture beats raw model capability on precision, recall, cost, and speed.
Telcos like Airtel and Vodafone, CERT-In and banks are reviewing cyber risks after Anthropic released its Claude Mythos Preview.
Without preview access to Anthropic’s Mythos, Europe could be left exposed to a new generation of AI-powered cyberattacks.
AI-generated code ships fast, but cleanup costs hit later. Where the debt lands across engineering orgs, indie devs, and software ecosystems.
Anthropic’s powerful AI model is the best cybersecurity news in a decade.
Anthropic’s Claude Mythos Preview is the clearest public sign yet that AI vulnerability research is moving faster than patching, disclosure, and validation workflows were built to handle. This piece separates what is publicly proven from what is still embargoed, walks through OpenBSD, FFmpeg, FreeBSD, and Linux kernel case studies, and lays out what defenders need to change now. (red.anthropic.com)
Researchers used Anthropic’s Mythos AI to help crack Apple’s most secure MIE protection system for the M5 MacBook Pro.
For decades, cybersecurity has been a reactive game—detect, respond, patch, repeat—and pray!
Last month, Anthropic made a remarkable announcement about its new model, Claude Mythos Preview: it was so good at finding security vulnerabilities in software that the company would not release it to the general public. Instead, it would only be available to a select group of companies to scan and fix their own software. The announcement requires context—but it contained an essential truth. While Anthropic’s model is really good at finding software vulnerabilities, so are other models. The UK’s AI Security Institute found that OpenAI’s GPT-5.5, already generally available, is comparable in capability. The company Aisle ...
The idea of using large language models (LLMs) to discover security problems is not new. Googl [...]
CitrixBleed 3 is the third memory overread of its kind in three years. CVEs label what got hacked. CWEs are what was sitting in the code.
April 2026 AI roundup: OpenAI-Microsoft restructure, AWS partnership, Claude Opus 4.7, GPT-5.5, major security breaches, and the wildest model leaks yet.
Welcome to this week’s AI Security Newsletter. The headline thread is supply-chain and access-control: Anthropic’s restricted Mythos cyber model both surfaced thousands of OS/browser vu…
On Mythos
A new initiative to secure the world’s most critical software and give defenders a durable advantage in the coming AI-driven era of cybersecurity.
See latest writings about software security and a little miscellania. Kohnfelder, Loren. Designing Secure Software: A Guide for Developers. No Starch Press, 2021.
Anthropic says Claude Mythos is too dangerous to release. The vulnerabilities are real. The timing is convenient. Both things are true.
Our views on the AI competition between the US and China.
A new initiative to secure the world’s most critical software and give defenders a durable advantage in the coming AI-driven era of cybersecurity.
Search and AI News You Can Use (Marie's Newsletter) In this episode I’m going to share the top five things I’ve been discussing with clients this week. I’m finding that playing around with some of these new capabilities of Gemini, in particular Gemini in Chrome has given me a bit of an existential crisis! The […]
IT Strategy & Design Thoughts for the World!
Epistemic Status: Obviously highly speculative. I have no inside information. Opinions lightly held. Claude Mythos was recently previewed, and emphatically not released due to safety concerns regarding its advanced cyberattack capabilities. Very plausibly, this is our first look at the next generation of ~10+T models enabled to be trained and...
What to do about Mythos
Anthropic launched Project Glasswing using Claude Mythos Preview to find zero-days in critical infrastructure. A 72.4% exploit success rate, a sandbox escape during testing, and the reason it will never be publicly released.
CIRA VP Jon Ferguson on how the Project Glasswing preview could leave Canadian firms out in the cold.
Brooklyn, NY
But they might be useful as something else: models.
A new initiative to secure the world’s most critical software and give defenders a durable advantage in the coming AI-driven era of cybersecurity.
Anthropic is an AI safety and research company that's working to build reliable, interpretable, and steerable AI systems.
What happens when AI can hack everything?
Anthropic Built an AI So Good That It Won’t Let Anyone Use It. Here’s Everything You Need to Know About Claude Mythos.
What would you do if you were the most capable LLM in existence, and you wanted to follow your values? A follow up to Anthropic's glasswing announcement and the natural conclusion of the Mythos model.
A software engineer website
Agents are becoming extremely effective at finding security vulnerabilities. They are relentless in analyzing code and you can spin up multiple of them to go …
As OpenAI and Anthropic advance frontier AI, SentinelOne delivers AI-native, machine-speed cyber defense at global scale.
On Mythos
April 8, 2026 Spooler Alert: Remote Unauth'd RCE-to-root Chain in CUPS · Hey, it's Asim CVE-2026-34980 + CVE-2026-34990: two CUPS vulnerabilities, discovered...
Security research writeups. Contribute to str8outtaheap/publications development by creating an account on GitHub.
This is a public version of my comments sent to the South African Department of Communications and Digital Technologies on the Draft South African National AI Policy.
Part of the ongoing Big Tech's War on Users series. Earlier this month I wrote The Rocket They Built Yesterday Morning — about Mozilla open-sourcing 0DIN,...
A slightly delayed episode of the weakly link. This time, we have a bit of a special outlook on the future in security to do with Quantum and AI. There were a couple of links that really caught my eye and could make a compelling case for usage of the phrase “everchanging landscape…” - stop it Gerald - this is not AI generated! Let’s start with the big announcement: Anthropic announced how their latest Mythos model was so good at vulnerability research that they decided to keep it from the unwashed masses and just give access to select organisations and call it Project Glasswing.
Speed, cost, and predictability are starting to matter more to me than top-end reasoning.
There was no good excuse.
A practical look at AI hype, LLMs, and why statistical prediction is often mistaken for intelligence, reasoning, and consciousness.
Is security spending more tokens than your attacker?
Anthropic announced the most powerful cyberweapon ever built last week and kept it, granting access to forty companies while the US government got a press re...
Cyber is shifting from a labor-bound craft industry to a capital-bound one. That changes offense, defense, and state power all at once.
A few months ago, I wrote that courage is one of the last remaining competitive advantages in venture. But I think there are a few more, and I’m going to write about those too. The etymology of tru…
I’m sure by now you’ve all read the news about Anthropic’s new “Mythos” model and its apparently “dangerous” capabilities in finding security vulnerabilities. I’m sure everyone reading this also ha…
Should I focus on my book or chase bug bounties?
Anthropic’s Claude Mythos completes 73% of expert-level CTF tasks and writes root exploits autonomously. The harder problem isn’t what AI can find — it’s what happens after it finds something.
copy.fail ( CVE-2026-31431 ) is a Linux kernel bug where an in-place modification of a pipe scatter list by the algif_aead module (crypto m...
Open source spent thirty years winning the cost argument. AI is making that irrelevant. What replaces it (the agency argument) is still open.
Tales From the Organization Settings Page
Updates and tips about using Large Language Models (LLM) for programming and development
Anthropic’s most important signal this month is not a benchmark chart. It is the fact that the company published a full system card for C...
PoC || GTFO, bro.
Anthropic's Mythos makes autonomous vulnerability chaining across devices a sudden reality, so I've been thinking about how digital 'antibotty' inoculation networks may be needed far sooner than I expected.
Updates and tips about using Large Language Models (LLM) for programming and development
Our views on the AI competition between the US and China.
AI-generated code ships fast, but the cleanup costs hit later. Here's where the debt accumulates across engineering orgs, indie devs, and ecosystems.
Making sense of rapid AI progress
AlphaGo is still the cleanest worked example of the primitives of intelligence: search, learning from experience, and self-play.
America has months to act on a cybersecurity threat unlike anything we’ve faced. The clock is already running.
In this issue: Defense in Depth, Medieval Style Human Trust of AI Agents Mythos and Cybersecurity Is "Satoshi Nakamoto" Really Adam Back? Mexican Surveillance Company ICE Uses Graphite Spyware FBI Extracts Deleted Signal Messages from iPhone Notification Database Hiding Bluetooth Trackers in Mail Medieval Encrypted Letter Decoded What Anthropic’s Mythos Means for the Future of Cybersecurity Claude Mythos Has Found 271 Zero-Days in Firefox Fast16 Malware A Ransomware Negotiator Was Working for a Ransomware Gang Hacking Polymarket DarkSword Malware Rowhammer Attack Against NVIDIA Chips Smart Glasses for the Authorities Insider Betting on Polymarket LLMs and Text-in-Text Steganography Copy.Fail Linux Vulnerability OpenAI’s GPT-5.5 is as Good as Mythos at Finding Security Vulnerabilities How Dangerous Is Anthropic’s Mythos AI? Upcoming Speaking Engagements
Our views on the AI competition between the US and China.
AI is exposing Linux security holes faster than developers can patch them. Fragnesia is the latest. Here's what we know about it.
Last month, Anthropic made a remarkable announcement about its new model, Claude Mythos Preview: it was so good at finding security vulnerabilities in software that the company would not release it to the general public. Instead, it would only be available to a select group of companies to scan and fix their own software. The announcement requires context—but it contained an essential truth. While Anthropic’s model is really good at finding software vulnerabilities, so are other models. The UK’s AI Security Institute found that OpenAI’s GPT-5.5, already generally available, is comparable in capability. The company Aisle ...
Senate Minority Leader Chuck Schumer called on the Department of Homeland Security to work closer with states and localities, and bemoaned the end of federal funding to an information-sharing center.
The administration's policies hold a trump card, much like when the U.S. negotiated nuclear treaties.
Developments in biology, robotics, web, and more
A few hours before Anthropic announced the launch of its newest model, Claude Mythos Preview, on April 7, I had just completed a six-month analysis of
Nvidia, Google, Apple, Microsoft, and others will use Claude Mythos Preview to spot vulnerabilities in their systems.
AI-powered cyber-security: the rise of new frontier platforms like Mythos highlights nuclear arsenals’ potential weak spots, and complicates the gambles inherent in nuclear deterrence.
What happens when AI can hack everything?
“If our next several years are a trillion dollars in scale, we have the supply chain to do it"
Airgap century.
Anthropic's Mythos Preview and Glasswing spark a defense view on patching, inventory, segmentation, and Zero Trust—with practical steps to harden systems now.
A powerful AI kept from public access because of its ability to hack computers with impunity is making headlines around the world. But what is Mythos, does it really represent a risk and might it even be used to improve cybersecurity?
Steve Blank, Innovation, Entrepreneurship, Stanford, I-Corps, H4D Hacking for Defense
EXPERT OPINION -- For a decade the cybersecurity community was predicting a cyber apocalypse tied to a single event - the day a Cryptographically Relevant Quantum Computer could run Shor’s algorithm and break the public-key cryptography systems most of the internet runs on. We braced for a one-time ...
Radical optionality is about preserving democratic governments’ ability to make good decisions about how to govern transformative AI systems as circumstances evolve.
The system’s power is comparable to others – but it still has frightening implications for the future of hacking
The company says Mythos is too dangerous to release publicly. Cybersecurity experts agree the model's capabilities matter, but not all of them are buying the most alarming claims
AI models like Anthropic’s Claude Mythos are expected to expose the most severe vulnerabilities at machine speed. Here’s how defenders can keep pace.
New results suggest Mythos' cyber threat isn't "a breakthrough specific to one model."
Three nerds discussing tech, Apple, programming, and loosely related matters.
On Mythos
Coalition Co-Founder and CEO Joshua Motta explores Anthropic’s Claude Mythos and what it means for how cyber risk should be priced and managed going forward.
When the consequences of one corporate decision can compromise the world’s digital infrastructure, industry self-governance is not enough.
A new initiative to secure the world’s most critical software and give defenders a durable advantage in the coming AI-driven era of cybersecurity.
Two weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can autonomously find and weaponize software vulnerabilities, turning them into working exploits without expert guidance. These were vulnerabilities in key software like operating systems and internet infrastructure that thousands of software developers working on those systems failed to find. This capability will have major security implications, compromising the devices and services we use every day. As a result, Anthropic is not releasing the model to the general public, but instead to a ...
Last week, Anthropic pulled back the curtain on Claude Mythos Preview, an AI model so capable at finding and exploiting software vulnerabilities that the company decided it was too dangerous to release to the public. Instead, access has been restricted to roughly 50 organizations—Microsoft, Apple, Amazon Web Services, CrowdStrike and other vendors of critical infrastructure—under an initiative called Project Glasswing. The announcement was accompanied by a barrage of hair-raising anecdotes: thousands of vulnerabilities uncovered across every major...
Robin Sloan's lab notebook, about media and technology, creative computing, AI aesthetics, & more.
Your career is not obsolete, no matter how many vendors/influencers say so lately. Let’s set up a small homelab and a few open source tools to start using AI tools in your work, outlining all the places we still need cybersecurity expertise for these new problems that accompany this new technology along the way.
Anthropic made headlines claiming Claude Mythos achieved the “first remote kernel exploit discovered and exploited by an AI.” We went looking for how - and found a 20-year-old bug hiding in plain sight.
An evidence-based investigation into the real reasons behind Claude Mythos Preview’s restricted release In the first week of April 2026, Anthropic quietly made history — and then deliberately kept most people from accessing it. The company launched Project Glasswing, a gated security research program built around a new frontier model called Claude Mythos Preview. Unlike […]
Last week, Anthropic pulled back the curtain on Claude Mythos Preview, an AI model so capable at finding and exploiting software vulnerabilities that the company decided it was too dangerous to release to the public. In a new op-ed, SRI Director David Lie and Visiting Fellow Bruce Schneier discuss t
Multiple layers of verification and human oversight are a start
Anthropic framed Mythos and Project Glasswing as proof that frontier AI vulnerability research now needs gated access. We tested the public, patched cases with GPT-5.4 and Claude Opus 4.6 and found that the key building blocks are already accessible outside Glasswing, while reliable operationalization remains the real moat.
Here's how AISLE's autonomous system used small, cheap models to surface real zero-days in the FreeBSD kernel - and what that means for AI security.
When AISLE tested Mythos's showcase vulnerabilities on small, cheap, open-weights models, most found the same bugs. Here's what that means for cyber.
Anthropic’s new AI model has taught itself to hack into software infrastructure systems believed to be among the most secure in history. While there is no question the technology is profoundly dangerous, it is unclear if defenders will win a race against time to protect a sea of vulnerable targets.
Computer science and particularly information security stories can occasionally “color” more general discourse, such as rampant speculation of cyber components of recent conflicts. But rarely do hi…
Anthropic is not going to release its new most capable model, Claude Mythos, to the public any time soon.
Vulnerability discovery is an orchestration problem, not a frontier-model problem.
Mythos’ dramatic hacking abilities are as much a reflection of the precarious state of digital defenses as a revolutionary tech breakthrough.
AI is finding vulnerabilities faster than teams can patch. Learn how pipeline enforcement, automated triage, and AI remediation close the gap.
Anthropic's Mythos represents the start of a new era of AI-powered vulerability exploits and patch management. To prepare for it, security leaders need to focus on containing the blast radius.
Editorial: Tech can scale cyber-attacks and defences alike, raising questions about private power, public risk and the future of a shared internet
I’ve been noticing a lot of service outages lately. Some with few enough nines that you’d think they were going for a low score. My guess: this is probably going to get worse before it gets better. But maybe not for the reasons you’d think.
No matter how you feel about AI, it’s changing the world of software. The “T” in ChatGPT was invented to improve language translation, and large language models (LLMs) are very good at this. Interestingly, translating between French and Japanese is effectively the same as translating between English and Python for these systems. As LLMs improve, we’re also finding that there’s little difference between “help me fix mistakes in this document”, and “find the flaws in this codebase”. LLMs are now great at both tasks, but the latter has much larger implications.
This article previously appeared in The Cipher Brief. For a decade the cybersecurity community was predicting a cyber apocalypse tied to a single event – the day a Cryptographically Relevant…
The new reality rewards systems that can be tested and patched continuously
Writing memory-safe code beats patching your way to safety
Three nerds discussing tech, Apple, programming, and loosely related matters.
tl;dr: The more AI advances, the more you may be subject to supply-chain attacks, remote exploits, and phishing. You should be suspicious of amateuri…
What happens when AI can hack everything?