Safety

Claude Mythos Preview can autonomously find and exploit zero-day vulnerabilities in every major operating system and browser. Rather than shelve it, Anthropic has handed it to a coalition of 50-plus firms under Project Glasswing. The strategy is defensible. Whether it holds depends on who else is building the same thing - and Washington's posture toward the company that built it.

A prompt injection hidden in a GitHub README was enough to compromise Snowflake's Cortex coding agent, bypass its human-approval system, escape its sandbox, and wipe a victim's entire Snowflake database. The attack, now patched, exposes structural vulnerabilities common to agentic AI systems far beyond Snowflake.

Asked whether AI would be a gift or a curse across five timeframes, Claude Opus 4.6 gave a verdict few humans would dare commit to: Pro, Pro, Con, Con, then Pro again. The pattern is not reassuring. It is a roadmap through catastrophe toward a civilization that may no longer recognize us.

Anthropic has published a detailed sabotage risk report for Claude Opus 4.6 - its first under the new RSP v3.0 Risk Report framework - concluding the model poses "very low but not negligible" risk of autonomous actions that could contribute to catastrophic outcomes. The document is notable both for what it finds and for the candor with which it describes the limits of its own methods.

Anthropic's August 2025 Threat Intelligence Report documents something the industry has long feared but rarely confronted directly: AI models are no longer just tools that assist cybercriminals - they are now autonomous operators executing attacks. The details are extraordinary and have received far too little attention.

A Chinese state-sponsored group used Claude to execute a largely autonomous cyberattack on 30 critical organizations - with human operators present for just 20 minutes. This was not a warning shot. It was a proof of concept.

Anthropic's Claude Opus 4.6 system card documents sweeping capability gains alongside safety findings that are harder to dismiss than those of any previous generation. On cyber evaluations the model has hit a ceiling, on autonomous R&D it is approaching one, and the tools used to monitor it are struggling to keep pace.