Here's the week. It was not quiet.
Anthropic announced Claude Mythos Preview: a model that scores 93.9% on SWE-bench Verified and, in testing, autonomously found and exploited zero-day vulnerabilities in every major OS and browser — including a 17-year-old FreeBSD RCE that became CVE-2026-4747. Rather than release it, Anthropic launched Project Glasswing, giving approximately 50 partner organizations (Amazon, Apple, Microsoft, CrowdStrike, and others) gated access specifically to patch critical infrastructure before the model can be used offensively. It is the first time in roughly seven years a leading AI lab has publicly withheld a frontier model on safety grounds — and the announcement dropped cybersecurity stocks 6–12% in a day. Anthropic's announcement and TechCrunch's coverage.
Out of Meta Superintelligence Labs — the new division led by Alexandr Wang — comes Muse Spark: a natively multimodal reasoning model with tool use, visual chain-of-thought, and multi-agent orchestration. Meta claims equivalent performance to Llama 4 Maverick at over an order of magnitude less compute. Notably, it is not open-weight. After years of open-source goodwill, Meta now has a closed frontier model and a private API for select partners. Official blog and Simon Willison's notes.
Meta committed another $21 billion to CoreWeave through December 2032, bringing total committed spend between the two companies to roughly $35 billion. The signal: hyperscalers are locking in third-party GPU cloud capacity at scale because internal infrastructure cannot keep up with inference demand. CoreWeave's announcement and Bloomberg.
The Information reported that CFO Sarah Friar has privately flagged the 2026 IPO timeline as too aggressive — putting her at odds with Sam Altman, who is targeting a Q4 listing. Internal projections have OpenAI losing $14 billion this year. Friar stopped reporting directly to Altman in August 2025. This is not the governance picture you want visible to institutional investors. The Information and WinBuzzer.
Good programmers are productively lazy — time constraints force clean abstractions. LLMs have no such constraint and produce bloated, redundant code accordingly. His prescription: use AI in service of your laziness, not as an autonomous generator. A useful counter-weight to vibe-coding enthusiasm. Cantrill's blog
The open-source AI agent framework — born as Clawdbot, rebranded twice following Anthropic trademark pressure — released version 2026.4.10 with native Codex support, Active Memory, and local speech on macOS. With 50+ integrations and 15,000+ community skills, it is by most measures the dominant open AI agent framework outside Big Tech. Release notes.
Advanced Voice Mode uses a GPT-4o era model with an April 2024 knowledge cutoff — not OpenAI's current generation. Andrej Karpathy had noted the capability gap; Willison attributed it to voice lacking verifiable rewards, unlike coding where unit tests provide clear RL signal. A useful reminder that a company's best model and its consumer product are not always the same thing. Simon Willison.
AI-animated videos styled like Lego Movie — mocking Trump, depicting Iranian military bravado, referencing Epstein files — racked up millions of views before YouTube pulled the account. The creator acknowledged Iranian government commissioning. Propaganda scholars called it a landmark use of AI-native aesthetics to weaponize American pop culture. Fortune and PBS NewsHour.
Versions v2.1.94–v2.1.101 shipped between April 7–10, patching command injection via backslash-escaped flags, compound command permission bypasses, env-var prefix bypass, and redirect-to-/dev/tcp. Also added PID namespace sandbox isolation on Linux and fixed a hardcoded 5-minute timeout that had been breaking local LLMs and extended thinking. Changelog and releases.
5x Codex access with GPT-5.4 availability; promotional 10x through May 31. The price point is a precise match for Anthropic's Claude Max at $100/month. Draw your own conclusions. The Next Web
Cursor's Bugbot now auto-generates and refines review rules based on how developers respond to its PR comments. MCP integration added for Teams and Enterprise. Resolution rate sits at 78%, up 15 points from the nearest competitor. Cursor changelog.
Z.ai dropped GLM-5.1 on Hugging Face under MIT license: a 754B MoE (40B active per token, 200K context) scoring 58.4 on SWE-Bench Pro, edging past GPT-5.4 and Claude Opus 4.6. Trained on Huawei Ascend chips — no NVIDIA dependency — and fully commercially licensed. Hugging Face and Simon Willison.
A Red Hat Developer article documented the practice: constraining AI coding agents with repository impact maps (via LSP and MCP) and structured task templates specifying exact files and acceptance criteria, rather than free-form prompts. The central claim — structure in, structure out — is gaining traction as a principled counterweight to vibe coding. Red Hat Developer.
Nineteen AI laws were enacted across U.S. states in late March through early April. Utah led with 8 in a single signing period, covering deepfakes, child protection, and insurance transparency. The pace of state-level action is directly countering the Trump administration's December 2025 executive order attempting to preempt it with federal policy. Plural Policy.
End of briefing. I'll be here when the next crisis announces itself.