Tech News — Week of 2026-04-04 to 2026-04-10#

Story of the Week#

Anthropic’s unreleased “Mythos” AI model triggered widespread cybersecurity panic this week after proving incredibly adept at autonomously discovering critical software vulnerabilities. While the company restricted the model’s public release and launched a defensive initiative called “Project Glasswing,” the threat was severe enough to prompt emergency cybersecurity meetings between the US Treasury, the Federal Reserve, and bank CEOs. The fallout eclipsed Anthropic’s milestone of hitting a $30 billion revenue run rate, highlighting the unprecedented regulatory and security pressures facing frontier AI labs.

Company@X — 2026-04-07#

Signal of the Day#

Anthropic launched Project Glasswing, an urgent cybersecurity initiative powered by its new, unreleased frontier model, Claude Mythos Preview. The project unites major tech and financial players—including Amazon Web Services, Apple, Google, Microsoft, NVIDIA, and JPMorganChase—to systematically find and fix flaws in critical software before models of this capability become widespread.

Hacker News — 2026-04-03#

Top Story#

In a perfect collision of civic hacking and AI orchestration, a developer used autonomous agents to parse the entire US Code into a Git repository over a single weekend. Treating legal amendments like pull requests hits the core of the HN ethos: law is just code executing on the system of society, and it desperately needs a clean diff history.

Front Page Highlights#

Decisions that eroded trust in Azure – by a former Azure Core engineer An ex-Azure Core engineer delivers a scathing post-mortem on how Microsoft leadership attempted to port 173 management agents to a tiny, Linux-running ARM SoC. It’s a classic tale of architectural hubris detached from hardware realities, with the author claiming this localized complacency threatened major clients like OpenAI and the US government.

Simon Willison — 2026-04-03#

Highlight#

The overarching theme today is the sudden, step-function improvement in AI-driven vulnerability research. Major open-source maintainers are simultaneously reporting that the era of “AI slop” security reports has ended, replaced by an overwhelming tsunami of highly accurate, AI-generated bug discoveries that are drastically changing the economics of exploit development.

Posts#

Vulnerability Research Is Cooked · Source Highlighting Thomas Ptacek’s commentary, Simon notes that frontier models are uniquely suited for exploit development due to their baked-in knowledge of bug classes, massive context of source code, and pattern-matching capabilities. Since LLMs never get bored constraint-solving for exploitability, agents simply pointing at source trees and searching for zero-days are set to drastically alter the security landscape. Simon is tracking this trend closely enough that he just created a dedicated ai-security-research tag to follow it.

Engineering @ Scale — 2026-04-03#

Signal of the Day#

GitHub’s architectural rewrite of their PR diff view demonstrates that scaling complex React applications requires abandoning small, heavily-abstracted components in favor of O(1) data access patterns, top-level event delegation, and lazy state rendering. By stripping out redundant useEffect hooks and shifting to Map-based selectors, they cut memory usage by 50% and improved Interaction to Next Paint (INP) by 78% for massive pull requests.

Company@X — 2026-04-04#

Signal of the Day#

Anthropic is restricting Claude subscription access for third-party tools like OpenClaw, prompting Hugging Face to aggressively push users toward open-source local models like Gemma 4. This policy shift highlights a growing fracture between closed API ecosystems moving to lock down interfaces and the open-source community’s push for self-hosted AI.

Hacker News — 2026-04-04#

Top Story#

Post Mortem: axios NPM supply chain compromise The JavaScript ecosystem is on fire again, as the lead maintainer of the incredibly popular axios library was compromised via a targeted social engineering campaign that deployed RAT malware. Attackers published two malicious versions (1.14.1 and 0.30.4) that inject a dependency installing a remote access trojan across macOS, Windows, and Linux. While the packages were only live for three hours, the blast radius is massive, and anyone who ran a fresh install between 00:21 and 03:15 UTC on March 31 needs to nuke their node_modules and rotate all secrets immediately.

Company@X — 2026-04-05#

Signal of the Day#

OpenClaw has successfully navigated an abrupt platform eviction by Anthropic, pivoting to optimize OpenAI’s GPT-5.4 with custom personality harnesses to mitigate initial quality regressions. This proprietary friction has simultaneously triggered Hugging Face to release tools encouraging developers to decouple OpenClaw entirely in favor of local and open-source models.

Tech News — 2026-04-05#

Story of the Day#

Suspected North Korean hackers deployed an elaborate AI deepfake scheme masquerading as tech founders to trick top open-source maintainers. The attackers successfully compromised widely used Node.js tools like Axios, injecting self-destructing malware into the supply chain before developers even noticed.

Company@X — 2026-04-06#

Signal of the Day#

Anthropic revealed its run-rate revenue has skyrocketed to $30 billion, up from $9 billion at the end of 2025, signaling extraordinary enterprise demand for Claude. To support this rapid scaling, the company signed an agreement with Google and Broadcom to secure multiple gigawatts of next-generation TPU capacity starting in 2027.