jor security implications, compromising the devices and services we use every
day. As a result, Anthropic is not releasing the model to the general public,
but instead to a limited number of companies.

The news rocked the internet security community. There were few details in
Anthropic?s announcement, angering many observers. Some speculate that Anthropic
doesn?t have the GPUs to run the thing, and that cybersecurity was the excuse to
limit its release. Others argue Anthropic is holding to its AI safety mission.
There?s hype and counterhype, reality and marketing. It?s a lot to sort out,
even if you?re an expert.

We see Mythos as a real but incremental step, one in a long line of incremental
steps. But even incremental steps can be important when we look at the big
picture.
How AI Is Changing Cybersecurity

We?ve written about shifting baseline syndrome, a phenomenon that leads people
-- the public and experts alike -- to discount massive long-term changes that
are hidden in incremental steps. It has happened with online privacy, and it?s
happening with AI. Even if the vulnerabilities found by Mythos could have been
found using AI models from last month or last year, they couldn?t have been
found by AI models from five years ago.

The Mythos announcement reminds us that AI has come a long way in just a few
years: The baseline really has shifted. Finding vulnerabilities in source code
is the type of task that today?s large language models excel at. Regardless of
whether it happened last year or will happen next year, it?s been clear for a
while this kind of capability was coming soon. The question is how we adapt to
it.

We don?t believe that an AI that can hack autonomously will create permanent
asymmetry between offense and defense; it?s likely to be more nuanced than that.
Some vulnerabilities can be found, verified, and patched automatically. Some
vulnerabilities will be hard to find but easy to verify and patch -- consider
generic cloud-hosted web applications built on standard software stacks, where
updates can be deployed quickly. Still others will be easy to find (even without
powerful AI) and relatively easy to verify, but harder or impossible to patch,
such as IoT appliances and industrial equipment that are rarely updated or can?t
be easily modified.

Then there are systems whose vulnerabilities will be easy to find in code but
difficult to verify in practice. For example, complex distributed systems and
cloud platforms can be composed of thousands of interacting services running in
parallel, making it difficult to distinguish real vulnerabilities from false
positives and to reliably reproduce them.

So we must separate the patchable from the unpatchable, and the easy to verify
from the hard to verify. This taxonomy also provides us guidance for how to
protect such systems in an era of powerful AI vulnerability-finding tools.

Unpatchable or hard to verify systems should be protected by wrapping them in
more restrictive, tightly controlled layers. You want your fridge or thermostat
or industrial control system behind a restrictive and constantly updated
firewall, not freely talking to the internet.

Distributed systems that are fundamentally interconnected should be traceable
and should follow the principle of least privilege, where each component has
only the access it needs. These are bog-standard security ideas that we might
have been tempted to throw out in the era of AI, but they?re still as relevant
as ever.
Rethinking Software Security Practices

This also raises the salience of best practices in software engineering.
Automated, thorough, and continuous testing was always important. Now we can
take this practice a step further and use defensive AI agents to test exploits
against a real stack, over and over, until the false positives have been weeded
out and the real vulnerabilities and fixes are confirmed. This kind of VulnOps
is likely to become a standard part of the development process.

Documentation becomes more valuable, as it can guide an AI agent on a
bug-finding mission just as it does developers. And following standard practices
and using standard tools and libraries allows AI and engineers alike to
recognize patterns more effectively, even in a world of individual and ephemeral
instant software -- code that can be generated and deployed on demand.

Will this favor offense or defense? The defense eventually, probably, especially
in systems that are easy to patch and verify. Fortunately, that includes our
phones, web browsers, and major internet services. But today?s cars, electrical
transformers, fridges, and lampposts are connected to the internet. Legacy
banking and airline systems are networked.

Not all of those are going to get patched as fast as needed, and we may see a
few years of constant hacks until we arrive at a new normal: where verification
is paramount and software is patched continuously.

This essay was written with Barath Raghavan, and originally appeared in IEEE
Spectrum.

** *** ***** ******* *********** *************
Claude Mythos Has Found 271 Zero-Days in Firefox

[2026.04.29] That?s a lot. No, it?s an extraordinary number:

    Since February, the Firefox team has been working around the clock using
frontier AI models to find and fix latent security vulnerabilities in the
browser. We wrote previously about our collaboration with Anthropic to scan
Firefox with Opus 4.6, which led to fixes for 22 security-sensitive bugs in
Firefox 148.

    As part of our continued collaboration with Anthropic, we had the
opportunity to apply an early version of Claude Mythos Preview to Firefox. This
week?s release of Firefox 150 includes fixes for 271 vulnerabilities identified
during this initial evaluation.

    As these capabilities reach the hands of more defenders, many other teams
are now experiencing the same vertigo we did when the findings first came into
focus. For a hardened target, just one such bug would have been red-alert in
2025, and so many at once makes you stop to wonder whether it?s even possible to
keep up.

    Our experience is a hopeful one for teams who shake off the vertigo and get
to work. You may need to reprioritize everything else to bring relentless and
single-minded focus to the task, but there is light at the end of the tunnel. We
are extremely proud of how our team rose to meet this challenge, and others will
too. Our work isn?t finished, but we?ve turned the corner and can glimpse a
future much better than just keeping up. Defenders finally have a chance to win,
decisively.

They?re right. Assuming the defenders can patch, and push those patches out to
users quickly, this technology favors the defenders.

News article.

** *** ***** ******* *********** *************
Fast16 Malware

[2026.04.30] Researchers have reverse-engineered a piece of malware named
Fast16. It?s almost certainly state-sponsored, probably US in origin, and was
deployed against Iran years before Stuxnet:

    ?...the Fast16 malware was designed to carry out the most subtle form of
sabotage ever seen in an in-the-wild malware tool: By automatically
--- FMail-lnx 2.3.2.6-B20251227
 * Origin: TCOB1 A Mail Only System (618:500/1)