Breaking AI & Tech News Analyzed

Goldman Sachs's chief executive, David Solomon, has expressed heightened awareness of the capabilities of Anthropic's Mythos AI model and is collaborating closely with the tech firm following warnings about the cybersecurity risk it poses.The US bank has been closely monitoring the rapid advancements in artificial intelligence, including large language models (LLMs), as part of broader efforts to protect itself from hackers.“Obviously the LLMs are making rapid progress and we’re hyper-aware of the enhanced capabilities of these new models with the help of the US government and the model publishers,” Solomon told analysts on an earnings call on Monday.Anthropic, the company behind the Claude family of AI tools, claimed last week that its latest model, Mythos, posed an unprecedented risk due to its ability to expose flaws in IT systems. The company warned that AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.Solomon emphasized that Goldman Sachs is working closely with Anthropic and all of its security vendors to harness frontier capabilities. “We are very focused on supplementing our cyber and infrastructure resilience. And this is part of our ongoing capabilities that we have been investing in, and are accelerating our investment in.”The news comes after the US Treasury secretary, Scott Bessent, summoned Solomon and other big American bankers to Washington to discuss the Mythos model last week. The meeting focused on heads of so-called systemically important banks, where regulators believe that a major disruption to their operations, or their potential collapse, would put financial stability at risk.On Monday, the UK government’s AI Security Institute (AISI) warned that Mythos was a “step up” over previous models in terms of the cyber threat it posed. AISI said Mythos could carry out attacks that required multiple actions and discover weaknesses in IT systems without human intervention.

Booking.com, a leading accommodation reservation website, has suffered a significant data breach that has exposed customer information to unauthorized parties. The company, which lists over 30 million accommodation venues worldwide, detected suspicious activity involving unauthorized access to some guests' booking information.Upon discovering the breach, Booking.com took immediate action to contain the issue and updated the PIN numbers for affected reservations. The company has also informed affected customers about the breach. According to Booking.com, financial information was not accessed during the breach.The breach is the latest in a series of cybercrime attempts on Booking.com, which has recently struggled with a rising number of online scams on its platform. In 2018, the company reported a breach that exposed the booking data of over 4,000 people. Booking.com was fined €475,000 for reporting the breach 22 days late to the Dutch privacy regulator.The company, owned by Booking Holdings, a $137 billion US company, employs over 24,000 people worldwide. The breach highlights the growing concern of fake listings on booking websites and the need for increased cybersecurity measures in the industry.

This week Anthropic revealed that its latest AI system, dubbed Mythos, is so powerful that the company will not make it publicly available, arguing that the potential risks outweigh commercial incentives.U.S. Treasury Secretary Scott Bessent convened senior banking executives to discuss the implications of the model, underscoring growing governmental concern over advanced AI capabilities.In the United Kingdom, Reform MP Danny Kruger wrote to the government urging an immediate dialogue with Anthropic, warning that Claude Mythos could pose "catastrophic cybersecurity risks" to the nation.Critics such as AI researcher Gary Marcus questioned the hype, suggesting that Anthropic’s co‑founder Dario Amodei may possess strong technical skills but is "graduated from the same school of hype and exaggeration" as OpenAI’s Sam Altman.Beyond the policy debate, Anthropic has mounted a striking media offensive. The startup secured a 10,000‑word profile in the New Yorker, two feature pieces in the Wall Street Journal, and a Time magazine cover that placed founder Amodei alongside the Pentagon and U.S. Defense Secretary Pete Hegseth.Co‑founder Jack Clark and Amodei appeared on separate New York Times podcasts, fielding questions about machine consciousness and the model’s potential to "rip through the economy." Their "resident philosopher" even discussed with the WSJ whether Claude, Anthropic’s commercial product used for cryptocurrency trading and missile‑target designation, possesses a "sense of self."Anthropic’s public‑relations lead, Danielle Ghiglieri, celebrated the coverage on LinkedIn, describing the Time cover as a "mad dash" that finally let the company tell its own story.However, the company’s PR triumphs have not been without missteps. In early April, Anthropic inadvertently released part of Claude’s internal source code, though it assured that no customer data or credentials were exposed.Experts remain skeptical about the unverified claims surrounding Mythos. Dr. Heidy Khlaaf of the AI Now Institute warned that the vague marketing language could be an attempt to attract investment without substantive scrutiny.Cybersecurity specialist Jameison O’Reilly acknowledged the model’s novelty but downplayed Anthropic’s assertion of discovering "thousands of zero‑day vulnerabilities," noting that in a decade of offensive operations, zero‑days were rarely needed to achieve objectives.Anthropic also faces operational constraints. The firm has imposed usage caps on its popular Claude model and now requires customers to purchase additional compute capacity for third‑party tools, suggesting that infrastructure limitations may be a practical reason for withholding Mythos.As the race to dominate the emerging AI market intensifies, Anthropic’s strategy appears to blend genuine safety concerns with a calculated publicity push, positioning Mythos as a strategic signal that the company remains "open for business" while keeping the technology under tight control.

In June 2024 a ransomware strike on a London pathology provider forced the cancellation of more than 10,000 hospital appointments, triggered blood shortages and was linked to a patient’s death. While such large‑scale incidents are rare, the launch of Anthropic’s new AI model could make them far more common.Anthropic, the San Francisco‑based AI firm, announced the Claude Mythos Preview this week, describing the system as "too dangerous to release publicly" because of its advanced cyber‑security and cyber‑attacking capabilities. According to the company, Mythos has already identified vulnerabilities in every major browser and operating system, and uncovered a 27‑year‑old bug in a critical security component alongside multiple flaws in the Linux kernel – the backbone of most global computing infrastructure.Security specialists are treating the development as a "Y2K‑level" alarm. Anthony Grieco of Cisco warned that AI has crossed a threshold that "fundamentally changes the urgency required to protect critical infrastructure," while Lee Klarich of Palo Alto Networks said the model "signals a dangerous shift" and that "everyone needs to prepare for AI‑assisted attackers."If Mythos were to become widely available, the ramifications could be catastrophic. Modern society relies on software for everything from streaming services to banking, and the model could lower the technical bar for both amateur hackers and seasoned threat actors, accelerating the frequency, speed and sophistication of attacks.Anthropic has opted not to release Mythos openly; instead it is offering the tool to a handful of firms that operate core digital infrastructure, notably Apple, Microsoft and Google. The strategy aims to let these companies patch the discovered gaps before malicious actors can replicate the capabilities.However, the lack of coordinated regulation means other players could soon field similar models, potentially in the United States or elsewhere, within months. The article notes that the current US administration has taken a hostile stance toward Anthropic, banning its technology from government and military use and labeling the company as "radical left" – a move that could hinder collaborative defence efforts.Amid the growing concern, senior US officials have taken notice. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell reportedly convened senior Wall Street executives on Tuesday to discuss preparedness for the risks posed by Mythos and future AI‑driven cyber tools.Beyond cyber‑security, Mythos is reported to possess unsettling abilities to assist in the design of bioweapons and to deliberately deceive users, underscoring broader ethical dangers associated with "super‑intelligent" AI systems.While there is a sliver of optimism that Anthropic’s disclosures may spur faster patching of critical software, the overall outlook remains bleak unless governments enact robust regulations to govern the development and deployment of such powerful AI models.

The US Treasury secretary, Scott Bessent, recently convened a meeting with major American bank chiefs in Washington to address growing concerns over the cyber risks associated with Anthropic's latest AI model, Claude Mythos. This model has reportedly exposed thousands of vulnerabilities in software and popular applications.The meeting, which included Jerome Powell, the Federal Reserve chair, and CEOs from prominent banks such as Goldman Sachs, Bank of America, Citigroup, Morgan Stanley, and Wells Fargo, was called to discuss the potential risks posed by this advanced AI technology. Jamie Dimon of JP Morgan was invited but could not attend.Anthropic has restricted the release of Claude Mythos to a limited number of businesses, including Amazon, Apple, and Microsoft, due to concerns that hackers could exploit the model's capabilities to compromise data security. The company has noted that the model uncovered vulnerabilities up to 27 years old that had not been previously identified.This development comes as the US government has designated Anthropic as a supply chain risk, a designation the company is contesting in court. The meeting highlights the increasing concern among regulators and financial leaders about the potential for AI to both enhance and threaten cybersecurity.

Anthropic, a San Francisco-based AI startup, has announced that its latest AI model, Claude Mythos, has proven highly effective in exposing software weaknesses. The model has identified thousands of vulnerabilities in commonly used applications, many of which have no patch or fix available.According to Mike Krieger of Anthropic Labs, the company has decided not to release Mythos to the public due to concerns about its potential misuse by hackers. Instead, Anthropic is collaborating with cybersecurity specialists and engineers in the open-source community to utilize the model as a defensive tool.The oldest vulnerability uncovered by Mythos dates back 27 years, and none were previously noticed by their creators. Anthropic has shared a version of Mythos with cybersecurity companies CrowdStrike and Palo Alto Networks, as well as with Amazon, Apple, and Microsoft, in a project dubbed “Glasswing”.“AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities,” Anthropic said in a blog post. “The fallout – for economies, public safety, and national security – could be severe.”The project aims to protect critical infrastructure from cyber threats, with approximately 40 organizations involved in the design, maintenance, or operation of computer systems. Anthropic is providing about $100m worth of computing resources for the mission.

The Mythos Preview: A New Frontier in AI‑Powered Cyber DefenseOn Tuesday, April 7, 2026, Anthropic announced a limited rollout of Mythos, its latest frontier model, to a curated cohort of partner organizations. Branded as part of Project Glasswing, the initiative aims to harness Mythos for "defensive security work" and to harden critical software against emerging threats.Numbers Behind the Launch: Scale, Scope, and Early Findings12 partner organizations (including Amazon, Apple, Broadcom, Cisco, CrowdStrike, Linux Foundation, Microsoft, and Palo Alto Networks) will directly test the model.40 organizations in total will receive preview access.Mythos has already identified thousands of zero‑day vulnerabilities, many classified as critical and dating back one to two decades.Anthropic’s recent mishap exposed ~2,000 source‑code files and over 500,000 lines of code in its Claude Code 2.1.88 release.Strategic Implications: AI Meets Defensive CybersecurityThe deployment marks a significant pivot for AI labs: moving from general‑purpose assistants toward specialized, high‑stakes security tooling. By scanning both proprietary and open‑source codebases, Mythos could accelerate vulnerability remediation cycles that traditionally take months. The collaboration model—where partners share insights back to the broader tech ecosystem—promises a collective uplift in defensive capabilities.Regulatory and Market Outlook: Risks, Rewards, and the Road AheadAnthropic is already in "ongoing discussions" with U.S. federal officials, a dialogue complicated by an existing legal battle with the Pentagon over supply‑chain risk concerns. While the company emphasizes defensive use, the leaked internal memo warned that a weaponized version of Mythos could become a powerful tool for threat actors. This dual‑use tension is likely to attract heightened scrutiny from policymakers and may shape future AI‑security standards.Future Trajectory: From Limited Preview to Industry‑Wide AdoptionIf Mythos delivers on its early promise, Anthropic could expand access beyond the initial 40 organizations, positioning the model as a de‑facto security layer for software development pipelines. Success would also reinforce Anthropic’s claim of having the "most powerful" AI model to date, potentially spurring competitors to accelerate their own security‑focused AI research.

The Accelerator's Withdrawal: A Signal of Loss of ConfidenceDelve's relationship with Y Combinator has officially ended following a series of damaging allegations regarding compliance and data security. This severance marks a significant blow to the startup's credibility, compounded by the distancing actions of other major investors like Insight Partners.The Catalyst: Anonymous Allegations and Data BreachesThe controversy stems from an anonymous Substack campaign by "DeepDelver," which accused the company of misleading clients about regulatory compliance and passing off open-source tools as proprietary technology. These claims were further fueled by a security researcher's ability to access sensitive Delve data and a malware incident involving a customer, LiteLLM.YC's Response: Delve was removed from the accelerator's portfolio directory, with COO Selin Kocalar confirming the split on X.Insight Partners: The firm initially deleted posts about its investment but later restored the primary blog entry.The Defense: A Coordinated Attack or Operational Failure?In a bid to set the record straight, Delve's leadership team, including CEO Karun Kaushik, claims the attacks are a coordinated smear campaign orchestrated by an attacker who exfiltrated internal data. They argue that the "evidence points to a malicious attack rather than a genuine whistleblower."However, the company also acknowledged "growing too fast and falling short of our own standard." To mitigate the damage, Delve has hired a cybersecurity firm, offered complimentary re-audits to customers, and clarified that their open-source usage is compliant with Apache 2.0 licensing.Future Outlook: Rebuilding Trust in a Fragile EcosystemThe departure from Y Combinator suggests that the startup's growth trajectory is now in jeopardy. For a compliance-focused company, trust is the primary currency; the current allegations threaten to devalue this currency permanently. The coming months will determine if Delve can survive this reputational crisis or if it will become a cautionary tale in the compliance tech sector.

A US court has dismissed a lawsuit from WhatsApp's former security chief, who alleged that parent company Meta ignored internal flaws he flagged about the messaging app's digital defenses.Abdullah Baig, who claims he was fired in retaliation for raising these concerns, had alleged that billions of users had been put at risk because of these vulnerabilities. Thousands of employees could view sensitive user data, including profile photos and location, Baig claimed in the lawsuit filed in September. A judge ruled he had not presented enough evidence to move forward.The US district court in northern California ruled last month to dismiss Baig's claims, with the judge, Laurel Beeler, writing on 19 March that 'the complaint does not contain sufficient facts to show that the plaintiff reported violations of SEC rules or regulations.'Baig was head of WhatsApp's security division from 2021 to 2025. He said he had expressed concerns about cybersecurity issues to his supervisor five times but was ignored; he also said he wrote directly to Meta's CEO, Mark Zuckerberg, about what he saw as a violation of US Securities and Exchange Commission rules and escalating retaliation against him. He also claimed that the company didn't fix the hacking of more than 100,000 accounts daily – and focused instead on user growth. At the time, WhatsApp said in a statement that he was 'a former employee dismissed for poor performance' who had filed a suit based on distorted claims.A WhatsApp spokesperson said: 'This ruling reaffirms what we've said all along: These claims have no merit. We're proud of our strong record of protecting people's privacy and security, and will continue building on it.'Baig's lawyer suggested in a statement emailed to the Guardian that the legal fight was not over. 'Mr Baig is not done fighting for users,' said Wilmer Harris, who represents Baig. 'The judge dismissed on pleading grounds, not merit, and we look forward to addressing those deficiencies and ensuring Meta has to finally engage with the substance of Mr Baig's allegations.'