Anthropic claimed their new Mythos Preview model is an unreleased cyber-nuke too dangerous for the public, but the community just used cheap open-weights models (as small as 3.6B) to successfully reproduce its exact zero-day exploits. It is sparking a massive debate over whether “safety” is just a cover story for astronomical compute costs and agentic harnessing.
The “Hollywood-Style” Heist That Poisoned Axios
An elaborate, highly targeted social engineering attack compromised axios, one of the world’s most popular JavaScript libraries, downloaded nearly 100 million times a week. Attackers posed as a startup founder, set up a fake Slack workspace complete with marketing materials, and even hosted a live Microsoft Teams meeting with the lead maintainer to deploy a remote access trojan (RAT) disguised as a software update. This sophisticated heist underscores the escalating threat landscape for open-source maintainers, proving that even the most heavily scrutinized repositories are vulnerable to dedicated human exploits.
Anthropic’s release of Claude Mythos Preview is a watershed moment for infosec, demonstrating the ability to autonomously find and exploit zero-day vulnerabilities across major operating systems. The model most notably wrote a working, 200-byte ROP chain exploit for a 17-year-old remote code execution bug in FreeBSD’s NFS server without any human intervention.
[Microsoft Abruptly Terminates VeraCrypt Account, Halting Windows Updates] · Source Microsoft abruptly terminated the code-signing account for the popular encryption tool VeraCrypt without warning, effectively halting its ability to push Windows updates. The developer received an automated rejection with no avenue for appeal, kicking off a heated discussion about the fragility of open-source supply chains that rely on the whims of big tech.
Why, and how you need to sandbox AI-Generated Code? — Harshil Agrawal, Cloudflare from the AI Engineer channel is the most critical watch of the day. It strips away the AI hype to state a fundamental truth: if your agent executes generated code, you are running untrusted code from the internet in production. It delivers a strict, pragmatic capability-based security framework for deciding when to use V8 Isolates versus full Linux containers to prevent credential leaks and compute exhaustion.
To safely govern AI agents in production, security policies must be enforced via out-of-band metadata—infrastructure channels that agents cannot access, modify, or circumvent. Treating agents like human employees means separating deterministic infrastructure constraints from the agent’s probabilistic reasoning, preventing prompt injection and hallucinated bypasses.
Meta officially unveiled Muse Spark, a multimodal AI model boasting reasoning modes and built-in agents, marking the first major release from its Superintelligence Labs. Built to directly challenge OpenAI and Anthropic, the launch signals a massive strategic pivot away from the company’s open-source Llama lineage in a bid for AI dominance.
Anthropic is dominating the news cycle today with a massive, dual-sided narrative. The company just unveiled its Claude Mythos Preview, a model demonstrating such terrifyingly advanced cybersecurity zero-day capabilities that Anthropic refuses to release it publicly, instead restricting it to 12 tech giants for defensive infrastructure patching. Riding this wave of enterprise trust, Anthropic’s ARR has surged past $30 billion, officially overtaking OpenAI. However, the developer community is pushing back hard: Anthropic’s Claude Code tool is facing intense backlash from engineering leads over an “epic negative optimization” in reasoning depth, sparking a heated debate about AI token allocation transparency.
Anthropic’s unreleased “Mythos” AI model triggered widespread cybersecurity panic this week after proving incredibly adept at autonomously discovering critical software vulnerabilities. While the company restricted the model’s public release and launched a defensive initiative called “Project Glasswing,” the threat was severe enough to prompt emergency cybersecurity meetings between the US Treasury, the Federal Reserve, and bank CEOs. The fallout eclipsed Anthropic’s milestone of hitting a $30 billion revenue run rate, highlighting the unprecedented regulatory and security pressures facing frontier AI labs.
The conversation today is heavily anchored on the shifting nature of knowledge work as agents take on longer-horizon tasks, effectively turning developers and knowledge workers into “architectural bureaucrats” and editors. Simultaneously, the sheer capability of frontier models has reached a boiling point with Anthropic’s unveiling of Claude Mythos, a model so adept at finding zero-day vulnerabilities that it is being withheld from public release and deployed exclusively for critical infrastructure security.
Anthropic launched Project Glasswing, an urgent cybersecurity initiative powered by its new, unreleased frontier model, Claude Mythos Preview. The project unites major tech and financial players—including Amazon Web Services, Apple, Google, Microsoft, NVIDIA, and JPMorganChase—to systematically find and fix flaws in critical software before models of this capability become widespread.