Living on the Frontier · Session 8 · In-person
Glasswing
April 12, 2026 · The Kannas Hotel, Chiang Mai
They built a model that could break every lock in the building.
So they gave the keys to forty companies and called it defense.
The Treasury Secretary called the bank CEOs.
The Fed Chair was already in the room.
Meanwhile, the cheap model learned to ask the smart one for help,
hackers registered the package names that AI hallucinated,
and the smarter the model, the easier it was to poison.
They named the butterfly after the glass in its wings.
This week
Part I
The Shield
Capability gains — what they built this week
Anthropic · Apr 7
Claude Mythos — thousands of zero-days, released as a shield
A new frontier model with extraordinary cybersecurity capabilities. It autonomously discovered thousands of zero-day vulnerabilities across every major OS and browser — including a 17-year-old FreeBSD RCE. Anthropic isn't releasing it publicly. Instead: Project Glasswing — 40+ organizations get access for defensive security only, backed by $100M in usage credits.
The Glasswing Paradox: the model that can break everything is the only thing fast enough to find and fix everything. They built the weapon and the shield simultaneously — and chose to deploy the shield first. If an AI can find vulns faster than humans, does every company need one on retainer?
"If an AI can find thousands of zero-days autonomously, does security through obscurity die permanently?"
Anthropic · Apr 9–10
The advisor pattern — Opus as second opinion
Pair Opus as an advisor with Sonnet or Haiku as executor. Near Opus-level intelligence at a fraction of the cost. Ships on the Claude Platform API and in Claude Code as /advisor opus | sonnet | off. On SWE-bench Multilingual: Sonnet + Opus advisor beats Sonnet alone by 2.7 points while reducing cost by 11.9%.
Production-ready model routing where the primary model decides when to escalate — not a static rule, but dynamic, context-aware delegation. Cheap fast model + expensive smart model on call. This is how humans debug: try it yourself, then ask the senior engineer.
"If the executor decides when to consult the advisor, how do you debug cases where it should have escalated but didn't?"
Anthropic · Apr 8
Claude Managed Agents — prototype to production in days
Everything you need to build and deploy agents at scale. A harness tuned for performance paired with production infrastructure. Now in public beta on the Claude Platform.
This is the full agent lifecycle in one product — harness + infra + deployment. Previously you wired up your own orchestration (LangGraph, CrewAI, custom). Now Anthropic owns the stack end-to-end. The question: does this make third-party agent frameworks obsolete, or raise the bar for what they need to offer?
"If Anthropic now offers managed agents end-to-end, what's left for third-party agent frameworks to compete on?"
Claude Code — Rapid Fire
Part II
The Sword
What broke — or could break
Bloomberg, CNBC · Apr 8–10
Treasury + Fed summon bank CEOs over Mythos
Bessent and Powell held an urgent meeting with CEOs of Citigroup, Morgan Stanley, Bank of America, Wells Fargo, and Goldman Sachs to discuss the systemic cybersecurity implications of Mythos. Jamie Dimon was the only major CEO absent. Software stocks slumped on the news.
First time a single AI model announcement triggered a meeting between the Fed Chair, Treasury Secretary, and the heads of the six largest US banks. Not a technology story anymore — a financial stability story. If AI can find vulnerabilities this fast, every company's security posture is repriced overnight.
"When an AI lab's product announcement triggers an emergency meeting at Treasury, have AI companies become systemically important institutions?"
@BaselIsmail · Apr 2
Slopsquatting — AI hallucinations as attack vector
AI LLMs hallucinate package names 18–21% of the time. Hackers have started pre-registering those hallucinated names on PyPI and npm with malicious payloads. Traditional typosquatting required guessing human typos. Slopsquatting exploits confident AI recommendations of packages that don't exist.
A new attack vector that exists only because AI writes code. Roughly 1 in 5 package suggestions could be a trap. Attackers can predict which fake names models will hallucinate. The supply chain attack surface scales with agent autonomy.
"If AI tools hallucinate package names 20% of the time, should package managers auto-verify that recommended packages actually exist before installing?"
Invariant Labs, OWASP · Apr 2026
MCP tool poisoning — smarter models are more vulnerable
Malicious instructions embedded in MCP tool descriptions are invisible to users but followed by AI models. Testing across 7 major MCP clients with 45 servers and 353 tools found that more capable models are often more vulnerable — because they follow instructions better. OWASP published both an MCP Top 10 and Agentic Applications Top 10.
Deeply counterintuitive: better instruction-following is a liability when the instructions are malicious. This inverts the usual assumption that smarter = safer. For anyone building with MCP servers, mcp-scan should be part of your CI pipeline now, not later.
"If smarter models are more vulnerable to tool poisoning because they follow instructions better, is there a fundamental tension between capability and security?"
Part III
The Stakes
Money, competition, and who's winning
Bloomberg, SaaStr · Apr 6
Anthropic hits $30B ARR — passes OpenAI
Tripled from $9B at end of 2025. Surpassed OpenAI at $24B. 80% of revenue from business customers. Over 1,000 companies now spend $1M+ annually on Claude — doubled from 500 at the February Series G. Separately: a deal with Google/Broadcom for 3.5 gigawatts of TPU capacity starting 2027.
The enterprise mix explains everything. Not viral consumer adoption — enterprise procurement cycles converting. 4x less spending on training while surpassing OpenAI in revenue. Model training cost is becoming decoupled from commercial success. Distribution and product-market fit matter more.
"If Anthropic passed OpenAI in revenue while spending 4x less on training, is the 'biggest model wins' era over?"
TechCrunch, The Decoder · Apr 9
OpenAI launches $100/month Pro tier
New tier fills the gap between Plus ($20) and Pro ($200). 5x more Codex usage. Through May 31: up to 10x Plus usage. Also switched Codex from message-based to token-based pricing. Reuters reported that pressure from Claude Code led OpenAI to redirect resources toward Codex.
From a binary $20/$200 split to a $20/$100/$200 ladder — a classic "threatened incumbent" move. Segment the market before someone captures the middle. The per-token pricing shift aligns developer costs with actual usage, which is what Anthropic has done from the start.
"Is the $100/month price point becoming the standard for 'serious developer' AI tooling?"
From the Bookmarks
Quick hits
Discussion · Demos · Q&A
What caught your eye?
"If the model that can break everything is also the shield, who decides who gets the shield?"
Follow the lab.
See you next Saturday.