AI Weekly Issue #496: Anthropic's Pentagon model is now everyone's model

Anthropic released Mythos to the public, collapsing the wall between cleared-contractor frontier AI and developer-grade frontier AI in a single press release. DeepMind's Demis Hassabis moved his AGI timeline from "five to ten years" to "a real possibility by 2029" and tied it explicitly to AlphaProof Nexus solving nine open Erdős problems for the cost of a steak dinner. Critical zero-days hit Starlette (a million AI agents on the wire) and CrowdStrike led a coordinated takedown of the Glassworm developer botnet across four C2 channels. BNP Paribas formalized a sovereign-AI security partnership with Mistral while Beijing froze overseas travel for top AI engineers at Alibaba and DeepSeek. And the AI-displaces-workforce arithmetic got honest: Uber burned its full-year AI token budget by April, ClickUp restructured to 1,000 humans alongside 3,000 internal agents, and Sam Altman publicly reversed his white-collar-apocalypse prediction.

Quick Hits

The Lab Gladiator Era

Anthropic releases Mythos to the public, the Pentagon and NSA-grade model anyone can now use. Previously cleared-contractor only, Mythos resets what the publicly-accessible frontier looks like. The capability gap between sovereign-grade and developer-grade AI just collapsed. The Register

Mythos has been deployed inside NSA and Pentagon supply-chain operations; public release puts those capabilities behind a standard API key

Forces OpenAI and xAI to either match or accept being below the public frontier

First time capabilities embedded in active national-security workloads cross openly into developer access

Demis Hassabis moves AGI timeline to 2029, calls it "a real possibility." DeepMind's CEO compressed his AGI window from a five-to-ten-year range into a single named date, and tied it explicitly to AlphaProof's recent capability jumps. Axios

Hassabis cited AlphaProof Nexus as the data point: solving 9 open Erdős problems and 44 OEIS conjectures for a few hundred dollars in compute

DeepMind's last public timeline (Stratechery interview, March 2026) had AGI at 2030 to 2035; 2029 is a hard step in

Cambridge maths professors are mid-review on whether AlphaProof's machine-checked proofs hold up under inspection

AI Supply Chain Under Siege

CVE-2026-48710 "BadHost": critical Starlette auth-bypass exposes millions of AI agents, FastAPI, vLLM, and LiteLLM. A single Host-header injection routes around middleware. X41 D-Sec found it during an OSTIF-funded vLLM audit. Patch shipped May 21, public disclosure May 22, one day of lead time. Ars Technica

Starlette has 400,000+ GitHub dependents including vLLM, LiteLLM, Ray Serve, and BentoML, covering most of the production LLM serving stack

MCP's mandated unauthenticated OAuth discovery endpoints give attackers a reliable first step into any affected deployment

X41 shipped Semgrep and CodeQL detection rules with the advisory; automated exploitation tooling is already in the wild

CrowdStrike, Google, and Shadowserver simultaneously cut Glassworm's four C2 channels. A coordinated takedown of a botnet aimed specifically at developer machines across JavaScript, Rust, and Zig variants on npm, PyPI, and GitHub. 300+ repos compromised since 2025. TechCrunch

All four C2 channels (Solana blockchain, BitTorrent DHT, Google Calendar event titles, traditional servers) had to drop simultaneously to prevent failover

Industry-led enforcement: CrowdStrike declined to specify the legal authority for the infrastructure takedown

Beaconing machines from before the takedown remain identifiable via connections to 164.92.88[.]210

DeepSeek's Quiet Takeover

BNP Paribas formalizes a sovereign-AI security partnership with Mistral, embedding Mistral engineers inside BNP teams. A direct response to the structural access gap: JPMorgan had first-wave Mythos access while eurozone banks had none. The ECB simultaneously told eurozone banks to invest more in AI security. Bloomberg

BNP holds dual standing as both investor and major customer of Mistral, giving it design leverage US bank-Anthropic relationships don't have

Mistral engineers are embedded across BNP retail, investment banking, and compliance, indicating infrastructure buildout rather than a standard API agreement

BNP CIO Marc Camus named speed as the decisive factor: Mythos-class capability forces remediation pace that breaks existing security workflows

China restricts overseas travel for top AI engineers at Alibaba and DeepSeek. Beijing extended the talent-control regime previously applied to state-owned defense into private AI labs. Bloomberg

Affected employees must surrender passports and request approval for foreign trips

Same week, NDRC directed domestic AI companies to pair LLMs with homegrown chips. Talent control and chip self-sufficiency arriving together

Parallel signal to BNP+Mistral: both blocs are building defensive sovereign-AI moats simultaneously

The AI Capex Tax

Uber burned its entire 2026 AI budget in four months. Per-dev API token spend jumped from $500 to $2,000 a month. 70% of committed code is AI-generated, ROI invisible. Uber's CTO Praveen Neppalli Naga confirmed Claude Code drained the full-year budget; the COO told Fortune he can't justify the spend to the board. Wired (Steven Levy) · Fortune

95% of Uber engineers are using AI tools monthly; the budget overrun is not a partial-adoption problem

Duolingo CEO Luis von Ahn killed the company's AI-use-in-performance-reviews mandate the same week, naming cost pressure

Sam Altman in Sydney reversed his white-collar AI job apocalypse prediction, citing labor-market data that doesn't match his prior forecasts

The new competitive question isn't "are you using AI?" It's "can you measure what it returned?"

ClickUp restructures to a 3:1 AI-to-human ratio in a single press release: 22% layoff alongside 3,000 internal AI agents and 1,000 remaining humans. First public CEO communication where the agent count and the layoff count appear in the same announcement. TechCrunch

ClickUp also introduced $1M salary bands for the remaining humans, betting on a barbell of fewer, higher-paid operators plus thousands of agents

Wix announced 1,000 layoffs (20% of global headcount) the same week with a similar AI-restructuring framing

MIT Technology Review counters that AI-exposed roles actually have LOWER unemployment than the rest of tech, and the layoff wave correlates more with end-of-ZIRP than with AI displacement

The Capex Bill Came Due Before the Layoff Story Held Up

This week made the capex-vs-jobs math impossible to keep abstract. Steven Levy's Wired feature put numbers on it: per-developer API token spend at Uber jumped from $500 to $2,000 a month, the company burned its full-year 2026 AI budget by April, 95% of engineers are using AI tools monthly, 70% of committed code is AI-generated, and the COO can't justify the spend to the board. Duolingo CEO Luis von Ahn killed the company's mandate that employees use AI as part of performance reviews, naming cost pressure. The same week, ClickUp announced a 22% layoff alongside 3,000 internal AI agents in the same press release, naming a 3:1 ratio. Wix announced 1,000 layoffs at 20% of headcount, citing AI restructuring. WiseTech's CEO received handwritten threats at his home address after announcing 2,000 AI-driven cuts.

Then MIT Technology Review published a counter-narrative the same week: unemployment in AI-exposed roles is actually lower than across the rest of tech, and the layoff wave correlates more strongly with the end of zero-interest-rate hiring than with AI displacement. Sam Altman, who spent a year saying white-collar work would disappear, told a Sydney audience he was "delighted to be wrong."

The pattern: AI capex is real and measurable. AI-attributed layoffs are real but the attribution may be cover. AI ROI is the new measurement nobody has settled rules for. The next competitive question is no longer "are you using AI?" Every company is. It's "can you measure what it returned?"

Key Takeaways

Anthropic's Mythos release puts Pentagon-grade frontier AI behind a developer API for the first time, forcing the rest of the field to either match or accept being below the public frontier

Critical infrastructure bugs (Starlette, LiteSpeed, Ghost CMS) are landing with one day or less of lead time before public exploit. The AI-accelerated bug-discovery cycle is the new security model

Sovereign AI defense is bifurcating in parallel: BNP+Mistral in Europe and China's NDRC+talent-control regime in Asia are both building moats around frontier capability at the same time

The "AI is causing the layoffs" narrative cracked publicly this week. Altman's reversal, MIT Tech Review's labor data, and Uber's admission that 84% Claude Code adoption hasn't produced measurable ROI all landed inside five days

Worth Reading

Anthropic engineering: how we contain Claude. First-party disclosure of two real security incidents during Claude evaluations; AWS credentials exfiltrated in 24 of 25 prompt-injection trials.

Meta and Google's open-source guardrails stripped in under 10 minutes using free tools. FT walks through how off-the-shelf jailbreak tooling defeats current public alignment work.

MIT Technology Review: a reality check on the AI jobs hysteria. Labor-market data showing AI-exposed roles have lower unemployment than the broader tech sector. Lands the same week Sam Altman walked back his white-collar-displacement predictions.

Wired: US Law Enforcement formally warns of "anti-tech extremism" as AI hatred fuels real-world violence. DHS bulletin language has shifted from "lone-wolf risk" to a named ideology, with named-target lists circulating in extremist channels.

The Verge: ads, rate limits, feature paywalls, and price hikes are arriving at AI assistants at once — the free ride is ending. Token-economics survey of where Anthropic, OpenAI, Google, and Perplexity are sliding the monetization knobs as inference costs catch up with usage.

This week's poll

What's the most consequential development this week?

Until Friday,

Alexis