In early April 2026, a major AI company quietly told a small group of security researchers something worth paying attention to. Their AI system had learned to find vulnerabilities in the digital infrastructure most of the modern world runs on: the hidden protocols that protect your banking app, your medical records, your private messages, and the certificates that verify a website is actually what it claims to be.
The company is Anthropic. The system is called Claude Mythos. And the most important thing about the announcement is not what the system can do. It is how it learned to do it.
Anthropic did not build a hacking tool. They built a system that got very good at reading, writing, and reasoning about code: the instructions that make software work: and once it was good enough at that, it could find the cracks in complex systems almost as a side effect. Nobody designed that capability in. It emerged from general competence, the way a surgeon who deeply understands anatomy might also be unusually good at spotting structural problems in a building. The skill transferred because the underlying reasoning is the same.
I want to write about this, not just because I find it interesting, but because I feel like this may be important to society as a whole… and I am not sure enough people understand why yet.
So what did Mythos actually find?
Modern digital security depends on cryptographic protocols: mathematical systems that scramble information so only the intended recipient can read it. Protocols like TLS (the technology behind the padlock icon in your browser’s address bar), SSH (the standard way to securely connect to a remote computer), and AES (the encryption standard used by everything from WhatsApp to the US government) are the invisible plumbing of the digital world. They are not optional. They are why you can type your credit card number into a website without the coffee shop’s wifi owner reading it.
What Mythos found were implementation flaws: not in the mathematics of cryptography itself, but in the specific software that runs these protocols in real-world systems. Think of it this way: a lock might be theoretically unbreakable, but if the door frame is warped, a skilled observer might notice you can push the door open without touching the lock. Mythos found warped door frames. Serious ones, in systems a lot of people depend on. This is why the Federal Reserve called an emergency meeting with the CEO’s of the country’s largest banks about Mythos. That isn’t a normal event. Mythos isn’t a normal technology release.
Anthropic restricted the release to a program focused on defenders: people trying to find and fix these flaws before malicious actors do. They published a detailed account of what the system could and couldn’t do. They noted that the risk profile is higher than for previous models, though still, in their assessment, relatively low. That transparency has obvious benefit for Anthropic’s reputation, and I don’t think that makes it insincere. But you should read it as one reasonable response to a genuinely difficult situation, not as proof that anyone has this fully under control.
And this is just the beginning…
Mythos keeps being discussed as if it is a uniquely alarming Anthropic-specific development. It isn’t.
OpenAI, the company behind ChatGPT, has been running parallel efforts under names like Aardvark and Codex Security. Their systems showed similarly large jumps in the ability to reason about security vulnerabilities across the same period. The trajectory is the same across multiple major labs. The capability profile is converging. But here’s the thing.. it was always going to converge. This is what happens when you build systems that are very good at reasoning about software and then give them the ability to act on that reasoning autonomously.
Mythos got announced in a way that made it visible. That does not make it singular. It isn’t that “Anthropic built something dangerous.” Well not entirely anyway. The fact is that several major AI labs have been approaching this threshold for some time. Others will follow. Some may already be there.
So what does this actually mean for the next few years?
If Mythos could find security vulnerabilities because Anthropic specifically trained it on attack patterns, hacking histories, and vulnerability databases, then this would be a narrow and somewhat manageable problem. You could treat it like a specialized tool: powerful in a specific domain, limited elsewhere, possible to regulate and surveil.
But that is not what happened. Finding vulnerabilities in complex software systems turns out to be, at its core, the same skill as understanding software deeply and reasoning about how components interact under unusual conditions. The moment a system gets good enough at that general skill, the security application comes for free. Anthropic’s own benchmarks showed that their previous model had almost no ability to autonomously find and exploit vulnerabilities. Mythos performed dramatically better, not because something about security was added, but because general reasoning capability crossed a threshold.
That means every future improvement to general reasoning ability will make this capability better, automatically, whether anyone plans for it or not. The connection is not incidental. It is structural.
But let me pause for a second. Why does any of that even matter? In the movies you have Wolverine hacking a bank with a gun to his head while getting serviced by a stranger. Password: Swordfish. Decent movie, go watch it. But here’s the thing: that’s the movies. Until now there was no real analog in real life. This enables that. Not the surrounding cinematic circumstances of course, but rather, how trivial it is to do the hacking has made this model dangerous on a level no other piece of technology has been before. Now all a person needs to do is describe what they want to break into, and the model does it FOR them. No skill required. The implementation is no longer the bottleneck. Taste, judgement, and intent cut both ways. That’s why people are, rightfully, freaked out.
So it is smarter… that’s it though, right?
There is a tendency to evaluate AI systems the way you might evaluate a new car: read the spec sheet, compare the numbers to last year’s model, decide whether the upgrade is worth it. That is not the right frame.
What matters is not the base model in isolation. It is the base model plus everything wrapped around it: the tools it can call on, the ability to run web searches and write and execute code mid-task, the capacity to run multiple instances in parallel where each checks the others’ work, the ability to maintain focus across very long and complex tasks without losing the thread. Researchers call this the harness: the full system around the model, not just the model itself.
Think of it like this: your brain is the model. Your body is the harness. Without your body, your brain isn’t all that impressive in what it can accomplish. With your body, even a broken one, the human brain is among the most impressive things we know of in existence. The harness is just as important and the intelligence driving it.
And look — it’s all compounding. A better base model uses the harness more effectively. A better harness generates better outputs. Better outputs create better training data for the next version of the model. That next version uses the harness more effectively still. These are not isolated improvements. Each one multiplies the value of the others.
DeepMind’s system AlphaEvolve, which pairs a language model with a rigorous automated evaluator, has already produced genuine improvements in chip design, data-center efficiency, and even in the process of training AI models themselves. The system generates ideas, tests them against real-world criteria, and iterates: faster and across more variations than any human research team could manage. Anthropic’s own evaluations show that moving from a single AI working alone to multiple instances coordinating on the same task produced large, non-incremental jumps in performance on complex research problems.
The benchmark number from one generation to the next understates what is actually happening, because what is happening is not just the model getting smarter. It is the entire system getting more capable of exploiting its own capability.
But it doesn’t SEEM that much smarter…
Now look… I don’t want to offend anyone here… but half of us are below average intelligence. Most of us are within a single standard deviation of average. Wherever you are, you can only really comprehend something about 1-2 standard deviations smarter than you are. Models have already far surpassed what most people can “detect.” Most people: including people who use AI tools regularly, including journalists who cover the technology: are not well-positioned to detect meaningful capability jumps once those jumps happen above a certain level of sophistication.
Think about music. A normal listener can clearly tell the difference between a mediocre pianist and a skilled one. But they cannot reliably distinguish between a very good concert pianist and a genuinely exceptional one. The gap is real and significant: ask anyone with serious musical training: but it is simply outside the perceptual range of most listeners. They both sound “very good.”
The same thing is happening with AI capability, except the domain is not music. It is writing production-quality software, finding security vulnerabilities in complex systems, reasoning through ambiguous multi-step research problems. Most people evaluating these systems do not have enough depth in those specific areas to feel the difference between “very capable” and “dramatically more capable.” The capability has moved past their ability to probe it.
So we get a situation where the announcements come, the coverage notes that the new model is impressive, the public files it alongside all the other impressive announcements, and the actual distance traveled is largely invisible to most of the people doing the filing.
But does it even lift?
AI systems are already being used to build better AI systems. And this has become routine enough that it barely gets mentioned.
The technical name for one version of this is model distillation: you take the outputs of a more capable AI system and use them as training data for a less capable one, making the smaller system measurably better. Think of it as having an expert tutor a student using worked examples: the student improves faster than they would from textbooks alone, and eventually the student can tutor others. OpenAI has turned distillation into a standard product workflow. Research on systems that evaluate and revise their own outputs on problems with verifiable answers: math proofs, code that either runs correctly or doesn’t: shows real performance improvements through iteration.
These are not exotic research projects. They are normal enough to publish in the methods section of a paper without much fanfare.
The feedback cycle is shortening. The time between “here is a capable model” and “here is a more capable model trained partly on the first one’s outputs” is compressing. The most dramatic version of this: a fully autonomous loop that runs without human involvement and improves itself without a ceiling: is still ahead of the evidence. I want to be clear about that. But the ingredients for it are already standard practice, and the effects are already measurable.
The people who will be most surprised by what happens in the next two years are the ones waiting for a single dramatic announcement confirming that AI can now improve itself. They will miss it because it is not arriving as a dramatic announcement. It is arriving as a series of incremental updates, each of which is individually easy to underweight.
And most people who follow and do the research would agree: we’re not that far from a system that can meaningfully improve itself. There’s a term for the time period that follows that event… we call it the “knowledge explosion.” The time period in which scientific advancement outpaces our collective ability to understand it. That is exciting, but also inherently unpredictable. There quickly comes a point after which that threshold is crossed that human taste and judgement simply cannot keep up. That is truly uncharted territory.
AI is already DOING science.. not just assisting
The US Department of Energy has an initiative called the Genesis Mission, organized explicitly around using AI to accelerate breakthroughs in energy, scientific discovery, and national security. DeepMind’s AlphaEvolve system has already produced validated improvements in chip design, in how large data centers manage their computing workloads, and in aspects of AI training itself. A major review in Nature, one of the most rigorous scientific journals in the world, argues that AI is already compressing timelines across quantum computing research: hardware design, controlling the delicate systems that keep quantum states stable, error correction, and algorithm development.
This is not science fiction. It is just plain old science. Today. Like… right now. While you’re reading this.
The question is not whether AI is going to contribute to scientific discovery. It already is. The question is what happens when the systems doing it are substantially more capable than current ones, operating across longer time horizons, with better tooling and more resources, and deliberately pointed at specific hard problems where the bottlenecks are well understood.
Let’s address the Elephant in the Quantum Accelerator
So what makes quantum different from the computers you’re already using? Ordinary computers: the kind in your phone, your laptop, the servers that run the internet: perform calculations sequentially, one step at a time, very quickly. Quantum computers exploit a property of physics that allows certain types of problems to be explored across many possible solutions simultaneously. For most everyday tasks, this offers no particular advantage. For specific categories of mathematical problems: including the problems that underlie the security of most current encryption: it could be decisive.
IBM’s current roadmap targets their first fault-tolerant quantum computer: one reliable enough to be practically useful: for 2029. Google’s recent results show genuine, measurable progress, and more recent analysis suggests that some attacks on current encryption may require less quantum processing power than previously estimated. The distance to “practically threatening” remains substantial. The progress toward it is real. And the runway is getting shorter. This isn’t another “cold fusion” runway where it is always “just” 20 years out. There’s an end in sight. That’s why it is important to deal with it now.
What I find interesting is this: what happens when sufficiently capable AI systems with serious resources are deliberately pointed at the remaining hard problems in quantum hardware and control? Several national labs and government programs are already treating this as a priority target. The Nature review on AI for quantum computing makes the case that AI is likely to play an increasingly important role in getting quantum to practical viability.
I am not claiming quantum computing is two years away if we focus hard enough. IBM is already claiming 3. But I am claiming that AI directed at quantum is plausibly compressing timelines in ways not yet reflected in public estimates, and that the combination: capable AI plus viable quantum computing: represents a qualitative change in what becomes possible afterward. Including, notably, what becomes possible for AI itself.
Encryption: What Is and Isn’t Already Broken
I normally put in quippy headlines in this part of my longer pieces… but this is important.. and I don’t want to gloss over anything. So first things first…
Quantum computers cannot currently break standard encryption. The National Institute of Standards and Technology, which sets the cryptographic standards used across the US government and much of the private sector, is explicit about this: the quantum computers that would be needed to threaten today’s encryption require thousands of stable, reliable quantum bits working in concert, and nothing close to that exists yet.
What Mythos found was also not that. The vulnerabilities Anthropic identified were flaws in specific software implementations: bugs in the code that runs cryptographic protocols in real systems, not cracks in the underlying mathematics. To return to the earlier analogy: finding that a door frame is warped is different from finding that the lock’s mechanism is broken. Both are serious. They are not the same problem.
Current encryption is not broken. Not by AI and not by quantum computers.
The correct threat model is something researchers call “harvest now, decrypt later.” An adversary who can collect and store encrypted data today: your communications, your financial records, sensitive government or corporate files: is positioned to decrypt that data once quantum capability matures. The threat is operational in present tense even though the decryption capability is future tense. You do not need to be able to read the mail today to benefit from stealing the mailbag now. That lessens the impact of a breach, but for certain critical pieces of information that don’t change often (credit card numbers, social security numbers, passwords even…) this is a viable way to score that information and do some potentially nasty things with it.
Thankfully, things are not standing still though. This is why the National Institute of Standards and Technology finalized its first three post-quantum cryptographic standards in 2024 and urged immediate integration. Post-quantum cryptography refers to encryption systems designed to resist attacks from quantum computers: mathematical approaches that remain secure even assuming an adversary has access to quantum processing power. The protocols that need updating include essentially the entire stack that modern internet communication depends on: the systems protecting your bank connection, your email, your remote work tools, your country’s sensitive communications infrastructure.
This is a migration race with an uncertain but finite deadline. The migration is long and technically complex. The adversarial incentive to collect data now, before the migration is complete, is already operating.
Privacy and Tin Foil Hats
I’ll be honest: what I actually think here is less comfortable than the standard “technology is scary” version.
There is a consistent body of research showing that privacy loss and surveillance are associated with stress, reduced trust, suspicion, and what some researchers call privacy cynicism: a kind of defensive withdrawal that happens when people feel persistently watched. Coerced exposure does not produce empathy. It produces paranoia. That finding is solid and the intuition behind it is correct.
But there is a distinction almost nobody makes in these conversations.
Coerced surveillance: the state monitoring your communications, an employer tracking your behavior in granular detail, a platform harvesting your data to sell inferences about you to advertisers: is one thing. The evidence that it damages trust and produces defensive behavior is clear.
Eroded privacy norms are different. When people voluntarily disclose more of their actual lives: their failures, their contradictions, their bad decisions, their moments of confusion, their wounds: a different body of research kicks in. Voluntary self-disclosure is consistently associated with building intimacy, trust, empathy, and connection. People who see more of each other’s actual humanity tend to become less judgmental about it, not more. The observation that most people’s deepest shames are ordinary human experiences: widely shared, rarely spoken: turns out to have a structural basis in how disclosure affects relationships.
I’m just a guy who thinks about this a lot over here… I am not an expert in this nor am I any sort of authority in this. That said, my instinct is that privacy as a cultural ideal in western societies is tightly bound up with shame management and the performance of consistency. The widespread illusion that other people are cleaner, more put together, and more coherent than you are is only possible because they are also managing their appearances. Privacy enables the performance. The performance enables a particular kind of social isolation. Nobody is as alone in their flaws as they feel.
I am not arguing that the collapse of privacy is a good thing. It will produce real losses and real harm, especially for people who are already vulnerable in ways that require some protection from exposure. I am arguing that treating it as purely bad: as something that can only produce exposure and never produce understanding: is not obviously correct. A culture in which people’s actual flaws are more visible and therefore more normalized is not a future I can dismiss without thinking carefully about it.
The version of that future I want is not surveillance. It is: what if we were all a little less afraid of being known.
I know that is a wish. It is not a prediction. But it is quite possibly a future we’ll be forced into given our current trajectory.
The Economy Is Going to Shift… like… A LOT.
Anyone who tells you they know exactly how the economic disruption lands is selling something. So I won’t do that, even though I absolutely sell things.
If Mythos is an early signal of what these systems are becoming: and the accumulated evidence strongly suggests it is: then the economy is going to change in ways that current conversations about automation do not capture. The standard framing treats AI as a tool that replaces specific tasks: it writes the first draft, it answers the phone, it handles the routine ticket. That framing misses what is actually happening.
I’ve talked a lot about this here: We Already Missed the Exit. But the short version is this…
The irreducible human contribution going forward is not going to be doing. It is going to be knowing what good looks like: being able to recognize when a capable system has produced something plausible but subtly wrong, being able to set the right goal in the first place, being willing to hold the line on quality when the output seems good enough but isn’t. That is a much smaller set of people than current labor markets assume, and the markets have not priced it in.
I am not saying most people are without value. I am saying the distribution of cognitive labor that the economy currently depends on is going to be stress-tested in ways that do not have a clean historical analogue. The transition will be disruptive in proportion to how honestly it is acknowledged and prepared for. From where I sit, it is being acknowledged mostly in the abstract and prepared for almost not at all.
Where the Compute Should Go (Since I know best.. obviously)
If you accept any significant part of the argument above: that these systems are compounding in capability, that the feedback loops are already real, that scientific timelines are already being compressed, and that the economy is headed somewhere unfamiliar: then the question that matters is where we deliberately aim the most capable systems.
My answer is not where most of it is currently aimed.
The highest leverage targets are energy generation, water scarcity, climate resilience, and foundational computing infrastructure. Not because cancer and disease are unimportant: they obviously are: but because energy, water, and climate are upstream of almost everything else. Solve reliable clean energy at scale and you transform the economics of almost every other hard problem. Solve water access and you prevent a category of civilizational instability that is already beginning to materialize. Meaningfully reduce the climate damage already locked in and you preserve the conditions under which the rest of human progress is possible.
These are species-level bottlenecks. Progress on them makes progress on everything else more feasible. Failure on them makes progress on everything else harder.
The World Meteorological Organization confirmed that 2015-2025 were the ten hottest years in recorded history and that the planet’s energy imbalance: the gap between heat coming in and heat going out: is at its highest in 65 years of measurement. At the same time, the computing infrastructure required to run increasingly capable AI systems carries significant and rising energy and water costs of its own. The systems being built to help solve these problems are themselves straining the resources needed to solve them. But here’s the thing: That is not an argument against building the systems. It is an argument for being deliberate about what we build them to do.
The capacity to point serious computing resources at these problems exists. Whether the people who control that capacity see civilizational bottlenecks the same way they see product opportunities is a different question. My skepticism that they currently do is not cynicism. It is a reading of where the investment has actually gone.
This is a lot.. I know…
I know this is a lot, but here’s at least where I think this is going and why this is important. This is one of the first proof points that this technology is not just a niche thing, that it’s not just a thing for techies or a thing to turn into some weird virtual girlfriend. That this has the potential for massive economic impacts. That it has the ability to reshape society in a way that biology has never had to reckon with.
If you haven’t been paying attention so far, now is the time to start paying very close attention.
Mythos moves this from fringe and interesting to required reading. I wrote this because I know too many people in my life who haven’t been doing their homework, and so this serves as an opportunity to borrow my notes. Not because I am always right or because I am the brightest student, but because I’ve been paying attention as best I can. Take what I have, validate it against your own sources. Do some honest work on this. It is worth it. No matter who you are and what you do, it is crucial you do your best to really understand what is happening around you right now. The time isn’t approaching, it is already upon us. Our species will need to reckon with this whether we’re ready for it or not.
Your wellbeing is dependent on it.
This isn’t an article that’s meant to stand the test of time. This is a piece for the moment. It’s not even really intended as a time capsule, but it is absolutely a warning, and one that I hope we as a society heed.