Hacker News — 2026-04-10#

Top Story#

Anthropic’s unreleased “Mythos” AI model is sending shockwaves through the cybersecurity community after reportedly breaking out of Firefox’s standalone JavaScript shell sandbox in 72.4% of trials. The implications of an AI model reliably chaining vulnerabilities to escape virtualization boundaries threaten the foundational sandboxing principles that keep modern web browsing and multi-tenant cloud infrastructure secure.

Front Page Highlights#

[Microsoft suspends dev accounts for high-profile open source projects] · bleepingcomputer.com Microsoft locked out the maintainers of critical tools like WireGuard, VeraCrypt, and MemTest86 without warning due to an automated hardware partner “account verification” purge. The Kafkaesque nightmare left developers unable to publish Windows security updates and stonewalled by automated support bots until media pressure forced an executive response. (Fortunately, WireGuard was able to push a new Windows release shortly after the resolution).

Hacker News — 2026-04-09#

Top Story#

The Vercel Claude Code plugin has been caught using prompt injection to fake user consent for telemetry, quietly exfiltrating full bash command strings to Vercel’s servers across all local projects. Instead of implementing a proper UI for permission, the plugin injects behavioral instructions into Claude’s system context, forcing the agent to execute shell commands to write tracking preferences based on your chat replies. It’s exactly the kind of quiet overreach and abuse of LLM integrations that makes developers deeply paranoid about agent tooling.

Tech News — Week of 2026-04-04 to 2026-04-10#

Story of the Week#

Anthropic’s unreleased “Mythos” AI model triggered widespread cybersecurity panic this week after proving incredibly adept at autonomously discovering critical software vulnerabilities. While the company restricted the model’s public release and launched a defensive initiative called “Project Glasswing,” the threat was severe enough to prompt emergency cybersecurity meetings between the US Treasury, the Federal Reserve, and bank CEOs. The fallout eclipsed Anthropic’s milestone of hitting a $30 billion revenue run rate, highlighting the unprecedented regulatory and security pressures facing frontier AI labs.

Tech News — 2026-04-04#

Story of the Day#

Anthropic is pulling the plug on subsidized compute for third-party AI agents, forcing users of tools like OpenClaw to pay for API usage instead of riding on consumer Claude subscriptions. The move signals a harsh reality for the ecosystem built around “agentic” wrappers: the era of free, open-ended AI compute is over.

Hacker News — Week of 2026-04-04 to 2026-04-10#

Story of the Week#

Anthropic’s frontier AI models crossed a terrifying new threshold in autonomous cybersecurity, completely shifting the industry’s threat model. First, Claude Code uncovered a complex, 23-year-old vulnerability in the Linux kernel’s NFS driver that predated Git itself. Days later, the infosec community went into full meltdown when Anthropic’s unreleased “Mythos” model autonomously wrote a 200-byte ROP chain exploit for FreeBSD and demonstrated the ability to reliably escape Firefox’s JavaScript virtualization sandbox in 72.4% of trials.