Large Language Letters 04/11/2026

Automated draft from LLL

The Coming Wave: Anthropic Warns of AI-Fueled Cyberattacks

As Anthropic Redraws the Agent Stack, a Cybersecurity Playbook Lands

Project Glasswing, a vulnerability coalition powered by Anthropic's Mythos model, released its first public document: a defensive security playbook. It warns the industry to prepare now.

Within two years, Anthropic predicts, "vast numbers of previously unknown bugs will be found and weaponized by both attackers and defenders."

This guidance offers seven concrete priorities:

• Aggressive patching, using CISA KEV and EPSS scores.
• Automation to manage an expected tenfold increase in vulnerabilities.
• Proactive AI-powered code scanning.
• Zero-trust architecture.
• Hardware-bound credentials to replace phishable secrets.
• Shortened incident response playbooks.
• A reduced attack surface.

The playbook gains significance when paired with Mythos's capabilities. This new model scored 83.1% on CyberGym, outperforming Opus 4.6 at 66.6%. It succeeded 181 times on browser-exploit tests, compared to Opus’s two, and autonomously found bugs twenty-seven years old in OpenBSD, along with a root-access chain in the Linux kernel. Yet, the playbook argues, the core issue transcends a single model's power. As AI discovers more vulnerabilities, the challenge shifts from finding bugs to triaging and patching them at scale. Organizations relying on monthly patch cycles will fall behind attackers who can enumerate exploits in mere hours.

Andrew Ng’s Batch newsletter offered a tempered view of the Mythos revelation. Ng observed that Anthropic's strategy—"promoting safety worries while withholding access from all but a small number of selected parties"—echoes OpenAI's early playbook with GPT-2 in 2019. The structural parallel holds, but a crucial distinction emerges: GPT-2 posed the risk of generating "plausible text," while Mythos has discovered "thousands of high-severity vulnerabilities in every major OS and browser, ninety-nine per cent still unpatched." Alberto Romero, writing in The Algorithmic Bridge, frames this more starkly as "narrow superintelligence"—a superhuman capability in a single domain. He questions whether such power demands access restrictions akin to nuclear materials. The query sounds overwrought, until one reads the model’s 244-page card.

The Agent's Blueprint: Anthropic's Week of Reveals

Anthropic spent the week publishing a complete architectural thesis for AI agents. In a mere five days, the company released guidance on:

• Agent thought processes (multi-agent coordination patterns).
• Tool use (seeing like an agent).
• Cost optimization (the advisor strategy).
• Governance (trustworthy agents research).
• Defense (the security playbook).

Its multi-agent coordination patterns describe five approaches: generator-verifier, orchestrator-subagent, agent teams, message bus, and shared state. Anthropic advises starting with the orchestrator-subagent model, evolving only as limitations appear. The tool design post details Claude Code's shift from twenty fixed tools to a system where agents discover context across file layers. This change reflects a core principle: tool design must align with an agent’s perspective, not human intuition.

Competitive Landscape

The competitive landscape stirred. Meta introduced Muse Spark, the inaugural model from its revamped AI stack. Muse Spark scored 58% on "Humanity's Last Exam" and 38% on "FrontierScience Research," achieving a tenfold efficiency gain over Llama 4 Maverick. Ben's Bites places it "somewhere between Sonnet 4.6 and Opus 4.6"—a respectable showing, though not a front-runner.

Ethan Mollick's scorecard now lists Google DeepMind, OpenAI, and Anthropic as leaders, with Meta joining the pack. xAI, he notes, has fallen behind, and top Chinese models lag by seven to nine months. OpenAI, responding to a surge in Codex usage, launched a $100-per-month Pro tier, offering GPT-5.4 Pro with a 400,000-token context window and ten times the Codex capacity of its Plus subscription, through May 31.

For enterprise clients, Anthropic rolled out Claude for Financial Services, complete with pre-built connectors for FactSet, Morningstar, PitchBook, and Snowflake. The service claims 83% accuracy on complex Excel financial tasks. Early adopter AIG reported a 75% reduction in underwriting timelines and boosted data accuracy from 75% to 90%. Following last week’s healthcare launch, this move confirms Anthropic’s strategy: vertical-by-vertical enterprise expansion, supported by domain-specific connector ecosystems.

AI's Human Problem: The Enterprise Spending Paradox

The week’s most striking data point emerged not from a model card, but from reports on enterprise spending. The AI Daily Brief, drawing on analyses from A16Z and KPMG, revealed a troubling statistic:

• 93% of enterprise AI spending goes toward infrastructure, models, and tools.
• A mere 7% supports the humans who must use them.

The fallout is evident:

• 75% of companies confess their AI strategy exists "for show."
• 73% of C.E.O.s admit stress and anxiety about their AI plans.
• 29% of employees actively undermine AI initiatives (a figure that rises to 44% among Gen Z).
• A 52-point trust gap divides executives—61% trust AI for complex decisions—from workers, only 9% of whom share that confidence.
• Similarly, a 67-point perception gap shows 88% of executives believe employees have adequate tools, while only 21% of workers agree.

This data reframes the Glasswing conversation. The security playbook assumes organizations can patch at machine tempo; the enterprise data suggests most cannot even agree on whether their existing tools function. A post-mortem of the Claude Code leak on the Practical AI podcast reinforces a related architectural argument: the true intellectual property in Claude Code lies not in the model itself, but in its "harness"—the system managing memory, integrating tools, and verifying output. Its three-layer memory—using index pointers, sharded topical storage, and self-healing grep-based verification against actual system state—provides the engineering that makes the model useful. Competitors, the analysis suggests, could replace the core model with any frontier alternative, so long as they replicate the harness.

This "harness, not model" thesis found independent support in a new arXiv paper, "Dead Weights, Live Signals." The paper demonstrated that three small, frozen language models (Llama-3.2-1B, Qwen2.5-1.5B, Gemma-2-2B), communicating via learned linear projections into two larger frozen models (Phi-3-mini, Mistral-7B), outperformed any individual model by six to eleven points across key benchmarks like ARC-Challenge, OpenBookQA, and MMLU. Crucially, this setup used only 17.6 million trainable parameters, compared to twelve billion frozen ones. The implication is stark: models themselves may become commodities; value accrues in the coordination layer.

Blood in the Machine

Blood in the Machine offered the week’s most thorough mapping of AI firms' military contracts. The report details:

• OpenAI's estimated $500 million to $2 billion Defense Department deal.
• Google's $9 billion JWCC ceiling.
• Microsoft's IL6-authorized Azure OpenAI.
• Amazon's layered partnerships.

While Brian Merchant frames the data politically—contrasting tech leadership's silence during past crises with OpenAI's own chief futurist's recent moral clarity—the factual compilation stands on its own. Anthropic’s refusal to amend its Defense Department contract, prohibiting surveillance and autonomous weapons use (a move that spurred OpenAI’s entry), stands as concrete evidence: employees and public opinion can pressure AI companies, given the right conditions.

Tech's Immediate Horizon: Five Items on a Thirty-Day Clock

Google DeepMind's AlphaGenome

Google DeepMind's AlphaGenome maps the 98% of the human genome that, rather than coding for proteins, regulates gene expression. The model, an architecture refined from 64 pretrained models, outperformed prior systems in 47 of 50 evaluations. Its weights and inference code are freely licensed for noncommercial use. Genomics practitioners now have thirty days to reproduce the model's T-ALL leukemia validation on other cancer types.

Polymathic AI’s Walrus

Polymathic AI’s Walrus, a 1.3-billion-parameter fluid dynamics simulator under MIT license, recorded the lowest error in 18 of 19 physical domains for one-step predictions, cutting average error by 63.6% compared to rival models. Its "anti-aliasing jittering" technique—which randomly time-shifts input data to disperse errors rather than allow them to compound—could transfer to vision and video generation transformers that exhibit similar artifacts. This merits testing in production physics simulation pipelines within the month.

Anthropic's Advisor Tool Pattern

Anthropic has released its advisor tool pattern via API. For teams managing high-volume agent workloads with routine tasks requiring advanced reasoning, the Haiku+Opus advisor configuration merits benchmarking: it boosted BrowseComp scores from 19.7% to 41.2%, while costing 85% less than Sonnet.

Circle’s ARC Blockchain

Circle’s ARC blockchain, discussed on the No Priors podcast with C.E.O. Jeremy Allaire, aims squarely at agentic financial transactions. It features a known validator set of major financial institutions (rather than a decentralized one), ensures deterministic settlement within milliseconds, and uses USDC as its native token. The coming month will show if recent SEC tokenization guidance prompts institutional finance to move from exploratory to production-scale tokenized-asset deployments.

DMax

DMax, a new parallel decoding paradigm for diffusion language models, processes 1,338 tokens per second on two H200 G.P.U.s at batch size one. It improved TPF (tokens per forward pass) from 2.04 to 5.47 on GSM8K, maintaining accuracy. Should this technique generalize beyond LLaDA-2.0-mini, it promises to reshape the cost structure for diffusion-based language models, which currently balance inference speed against generation diversity.