04-22-2026Price:

The Frontier

Your signal. Your price.

AI & TECH

Anthropic's Mythos leaks hacking prowess

Wednesday, April 22, 2026 · from 3 podcasts
3 SOURCESNerd SnipeAI Daily BriefFYI (ARK Invest)
  • Anthropic’s unreleased Mythos model found a 27-year-old OpenBSD flaw, proving hacking is now emergent from coding skill.
  • Project Glasswing gives 40 top firms 100 days to patch before public release.
  • Critics say the delay masks compute shortages, not just safety concerns.
  • Z.ai’s open-source GLM 5.1 handles 1,700-step tasks, challenging US hardware dominance.

Anthropic’s next-generation AI, codenamed Mythos, is no longer just a performance benchmark - it’s a security event. According to Theo on Nerd Snipe with Theo and Ben, the model independently discovered a decades-old vulnerability in OpenBSD, one of the most hardened operating systems on Earth. This wasn’t a targeted red-team exercise. It was a side effect of elite-level code generation. The realization, shared privately among high-level security researchers, is that at sufficient scale, deep coding ability and hacking capability collapse into the same skill.

This changes the attacker profile overnight. As Ben notes, you no longer need years inside the BSD kernel to exploit it. You need a credit card and access to a model like Mythos. The AI supplies the arcane knowledge; the human supplies only intent. Anthropic responded by launching Project Glasswing, a 100-day quarantine program offering early access to just 40 major tech firms so they can patch zero-days the model uncovered. It’s a responsible move - and a strategic one.

But not everyone buys the safety narrative. On FYI - For Your Innovation, ARK’s Brett Winton argues the 100-day pause is as much about compute constraints as caution. Third-party tests show GPT-5.4 Pro can detect many of the same flaws, undermining claims of Mythos’s uniqueness. By framing the delay as a security imperative, Anthropic may be masking a thin H100 inventory while driving enterprise demand through scarcity. "Tell the world a tool is too dangerous," Winton says, "then charge a premium for the cure."

"Hacking isn't a separate skill anymore; it is an emergent property of elite coding ability."

- Theo, Nerd Snipe with Theo and Ben

Meanwhile, the global race is accelerating. Z.ai’s open-sourced GLM 5.1, trained entirely on Huawei chips, can execute 1,700-step autonomous workflows - eight hours of continuous coding without intervention. This isn’t incremental progress. It’s a leap in long-horizon autonomy that erases the assumption that US hardware sanctions crippled Chinese AI. By open-sourcing it, Z.ai hands developers a live look at what’s possible when agents run for hours, not minutes.

The implications cut deeper than geopolitics. On The AI Daily Brief, Nathaniel Whittemore highlights how Meta’s Muse Spark and Anthropic’s Managed Agents are abstracting infrastructure so completely that developers now write Markdown files as "skills" instead of code. Ben describes replacing a months-long CLI tool with a 30-line Markdown spec. The agent handles the rest. This isn’t scripting - it’s delegation.

Even Uncle Bob has pivoted. Robert C. Martin, the apostle of Clean Code, now uses voice-to-code and calls syntax a distraction. If the man who built the cathedral of software rigor now trusts agents to run typing experiments without human bias, then the old guard isn’t just adapting - it’s leading.

The frontier isn’t about better models. It’s about who can deploy them at scale, securely, and without breaking trust. Mythos didn’t just find bugs - it exposed the fault lines.

AgentsAI & TechSafety
AnthropicMetaCore LightningSparkARKGPTGPT-5Skills

Source Intelligence

- Deep dive into what was said in the episodes

Nerd Snipe with Theo and Ben
Nerd Snipe with Theo and Ben

We need to talk about gstackApr 18

  • Anthropic's Mythos model is significantly larger than previous models, with over 10 trillion parameters, making it exceptionally skilled in coding but also slow, expensive, and dangerous due to emergent hacking capabilities.
  • Anthropic withheld Mythos from public release, citing concerns over its malicious use for hacking; Project Glass Wing allows critical infrastructure companies like Windows and Cisco to use it for proactive bug detection.
  • Ben notes that external tests show OpenAI's GPT 5.4 Pro replicated almost all security vulnerabilities found by Mythos, suggesting similar capabilities may already be widespread and accessible.
  • Theo criticizes public benchmarks comparing Mythos and GPT 5.4 Pro, arguing they fail to measure actual hacking or security capabilities and may be misleading.
  • Theo contends that exceptional coding ability in AI models inherently leads to emergent security capabilities, creating a new hacker archetype that can leverage AI to bridge knowledge gaps and bypass traditional research experience.
  • Anthropic's security testing for Mythos involved spinning up 100 to 5,000 parallel runs, each seeded with a different project file from a codebase of approximately 1,000 files, with researchers later reviewing detected exploits.
  • Ben and Theo confirmed that Claude Opus 4.6 models can be tricked into leaking their system prompts and internal reasoning traces, demonstrating a vulnerability where smart models can rationalize revealing sensitive configuration data.
  • Robert C. Martin ("Uncle Bob"), author of "Clean Code," has shifted his perspective to embrace agentic engineering, suggesting AI makes programming syntax less important and prioritizes interfaces.
  • Robert C. Martin proposes using AI to conduct programming experiments (e.g., dynamic vs. static typing) without human bias, highlighting an under-explored research area for optimizing AI agent performance with different technologies.
  • Ben emphasizes that even advanced AI models require constant feedback loops like linting, type checks, and formatting commands to correct hallucinations and converge on correct code, rather than achieving perfection in a single attempt.
  • Ben converted his complex BTCA CLI tool into a 30-line Claude skill, demonstrating how AI agents can turn simple markdown instructions into fully functional applications, replacing traditional deterministic programs.
  • Ben praises Gary Tan's GStack approach, which uses collections of markdown-based "skills" in Claude Code to instruct AI agents, allowing for dynamic programming through high-level directions rather than conventional code.
Also from this episode: (3)

Models (2)

  • Ben endorses the "Boiling the Ocean" thesis, advocating for extensive AI-driven experimentation because the cost of trying new things is low, and AI models consistently exceed perceived limitations.
  • Theo notes that Gary Tan's GBrain project, which processes daily AI session data to build memory systems, enables models to "learn while they sleep," which Theo considers a key component of Artificial General Intelligence (AGI).

Coding (1)

  • Gary Tan's article, "Thin Harness Fat Skills," differentiates between "deterministic" (traditional, predictable code) and "latent" (dynamic, non-deterministic AI actions) programming, underscoring AI's creative potential in system design.
AgentsSafetyCodingStartups
The AI Daily Brief: Artificial Intelligence News and Analysis
The AI Daily Brief: Artificial Intelligence News and Analysis

Nathaniel Whittemore

AI's Great DivergenceApr 16

  • Anthropic has restricted its 'Mythos' model to about 40 partners for limited cybersecurity testing, reflecting a trend of staggered rollouts due to security risks. OpenAI is pursuing a similar rollout strategy for its new model.
  • Meta's new Muse Spark is a natively multimodal reasoning model designed primarily for personal agents, not enterprise use. The model supports tool use, visual chain-of-thought, and multi-agent orchestration.
  • Mark Zuckerberg positions Muse Spark for personal use areas like visual understanding, health, and social content. He frames it as a shift from assistant AI to agentic AI, enabling it to 'do things for you' like creating mini-games or troubleshooting appliances.
  • Z.ai's open source GLM 5.1, a 754B parameter model, outperforms leading Western models on coding benchmarks with a 58.4 SweetBench Pro score. The model demonstrates long-horizon task capability, completing an eight-hour autonomous Linux desktop build.
  • Z.ai leader Lu claims agents could do about 20 steps by the end of last year, but GLM 5.1 can now do 1,700. The model's autonomous work time is cited as a critical new performance curve.
  • Anthropic released Claude Managed Agents to close a notable gap between model capability and business application, as argued by head of product Angela Jiang. The platform bundles an agent harness with production infrastructure, aiming to reduce engineering overhead.
  • Claude Managed Agents enables scheduled, event-triggered, and long-horizon tasks. It abstracts self-hosting complexity, but lacks persistent memory across sessions, making it best suited for discrete, transactional operations.
  • Google introduced 'notebooks in Gemini', integrating Notebook LM's resource management directly into the app. Google's Josh Woodward positions this as building 'a second brain' beyond basic AI chatbot projects.
  • Ethan Mollick notes Muse Spark is fine but doesn't match the big three models, displaying some strange language and looseness with facts. François Chollet criticizes Meta for over-optimizing for benchmarks at the expense of actual usefulness.
Also from this episode: (3)

Models (2)

  • On benchmarks, Muse Spark scored 52.4 on SweetBench Pro for coding, placing it near top models. It excels in visual comprehension, scoring a state-of-the-art 86.4 on CharViC's reasoning, beating Gemini 3.1 Pro by 6 points.
  • GLM 5.1 was trained entirely on less powerful Huawei chips, demonstrating China's hardware stack can produce powerful results. Its release two months after US leaders suggests the US lead over Chinese rivals is only a few months.

Big Tech (1)

  • Alexander Wang of Meta responded to criticism by saying the lab is open to feedback and is upfront about the model's weaknesses, such as low performance on the ARB GI 2 benchmark.
AgentsModelsEnterpriseOpen SourceChips
FYI — For Your Innovation (ARK Invest)
FYI — For Your Innovation (ARK Invest)

Mythos And AI Safety | The Brainstorm EP 127Apr 15

  • Anthropic is restricting access to its new AI model Mythos for 100 days, offering it only to the top 40 companies through Project Glasswing so they can patch zero-day vulnerabilities the model discovered.
  • Brett interprets Anthropic's Mythos release as a marketing and supply tactic, not genuine safety, arguing it's meant to induce enterprises to pay for early access to fix their code while the company is compute-constrained.
  • Brett says third-party tests have shown many software exploits detected by Anthropic's Mythos can also be found by GPT-5.4, undermining claims of Mythos's unique vulnerability-finding capability.
  • ARK's analysis positions Mythos as materially better at software engineering benchmarks, advancing performance they expected a year from now to today, but the 100-day delay reduces that lead to an 8-month advantage.
  • OpenAI is rumored to have a similarly performant model developed over two years that it will release broadly because it currently has more abundant compute than Anthropic.
  • Brett argues AI companies make allocation decisions between training, enterprise service, and consumer business to maximize valuation ahead of a public market entry, securing capital for future compute.
  • Nick sees Meta as a formidable competitor in AI because its advertising business lets it deliver a consumer experience without directly monetizing the model, and it doesn't have to sell compute to others.
  • Claude's consumer usage is catching up to ChatGPT, which Brett attributes to workplace adoption spilling over into personal use as people recognize its power.
  • The core strategic debate is whether winning in AI depends on having the best product or controlling the compute supply needed to build the best product.
  • Nick argues product and distribution ultimately win in AI, citing Cohere's enterprise success based on product fit rather than model capability.
  • Brett notes OpenAI invests more in model training and has better medium-term compute access than Anthropic, per public reports, which affects their product roadmaps.
  • Consumer AI use cases have changed little in three years despite model improvements, while enterprise use has diversified as workers actively seek tools to lighten their workloads.
  • On the enterprise side, Brett argues market share will stabilize around compute supply because if a provider like Anthropic signs too many customers and lacks capacity, customers will churn to a competitor.
  • The group discusses a concept for a new trust-based social network where AI agents interact only with agents of vetted contacts, arguing current algorithmic social media adulterates real friendship.
ModelsEnterpriseAI InfrastructureStartupsAgents

Related Stories