April 12, 2026

Week 15, 2026

Papers, releases, and things you might have missed.

Anthropic built something it decided not to ship. Claude Mythos Preview found thousands of zero-days across every major OS and browser. Instead of releasing it, they launched a $100M+ defensive coalition to patch what it found.

Same week, someone threw a Molotov cocktail at Sam Altman’s house. Two states approved AI systems that prescribe psychiatric medication. And OpenAI published a blueprint for robot taxes and public wealth funds.

The Model They Didn’t Ship

Anthropic withheld Claude Mythos Preview from public release this week. The reason: it autonomously discovered and exploited thousands of high-severity and critical vulnerabilities across every major operating system and browser. Including a 17-year-old FreeBSD bug that had been sitting in production kernels since 2009.

Instead of shipping it, Anthropic launched Project Glasswing. Over $100 million in usage credits plus $4 million in direct donations to open-source security organizations. Fortune covered the early access program. More than 50 organizations now have access to Mythos Preview specifically for defensive security work. AWS, Apple, Google, Microsoft, CrowdStrike, NVIDIA, Palo Alto Networks among them.

Two readings of this. The generous one: a frontier lab measured its model’s offensive capability and chose restriction over release. The cynical one: Anthropic created a threat, then monetized the defense. NBC News covered the restricted release. Euronews went deeper on why Anthropic considers it too dangerous.

Both can be true simultaneously. The precedent is what matters. A lab built something, concluded it shouldn’t be public, and converted it into a defensive infrastructure program. Whether that scales as a norm, or becomes the exception that proves labs can’t self-regulate, depends entirely on what happens next.

Dangerous Capabilities Are Democratizing Faster Than Safety

Within days of the Mythos announcement, AISLE Research published a study showing that open-weights models as small as 3.6 billion parameters could identify the same flagship vulnerabilities Mythos found. A 5.1B model recovered a 27-year-old OpenBSD bug.

Important caveat: the small models were fed the specific code segments already known to contain bugs. They didn’t autonomously scan entire codebases the way Mythos did. Reproducing a known vulnerability is fundamentally different from discovering one. But the security implications don’t care about that distinction. The vulnerabilities are identified. The code to find them runs on a laptop. The information is out.

This isn’t just a security story. Same week, Z.AI released GLM-5.1 under MIT license. 744B total parameters, 40B active (a mixture-of-experts architecture where only a fraction of the model runs per query), 200K context window. It scored 58.4 on SWE-Bench Pro (a benchmark that tests whether models can fix real bugs in real codebases), beating GPT-5.4 (57.7), Claude Opus 4.6 (57.3), and Gemini 3.1 Pro (54.2). First time an open-source model has topped every closed model on a real-world code repair benchmark. Trained entirely on Huawei Ascend chips. Zero NVIDIA dependency.

The pattern across both: the safety case for keeping dangerous capabilities at the frontier, that only well-resourced labs with safety teams will have them, is getting harder to make. Not because small models are as capable. But because the gap is closing on the specific capabilities that matter most.

How well do benchmarks capture what matters? General Reasoning launched KellyBench this week. It tests whether models can actually make money betting on real-world sports markets. Building ML models, identifying edges, sizing bets, managing risk over a full Premier League season. Every frontier model lost money. Claude did best (down ~11%). Grok went bankrupt. Benchmarks measure what benchmarks measure. The real world measures something else.

Zero-Human Code Exists. Now What?

OpenAI’s Frontier team built a million-line codebase with zero human-written or human-reviewed code. Ryan Lopopolo described the process on the Latent Space podcast: roughly one billion tokens per day, an estimated $2-3,000 in daily compute costs. An internal experiment, not a shipped product. But a working one.

This is different in kind from AI-assisted coding. The human isn’t in the loop at all. Not writing, not reviewing, not approving. The question stops being “does AI code have quality issues” (it does, we know) and becomes: what happens when nobody is checking?

The answer is arriving from multiple directions. Vercel reports that agents now drive 30% of all deployments, up 1,000% in six months. AMD’s Senior Director of AI Stella Laurenzo filed a detailed GitHub issue documenting Claude Code’s degraded reliability after Anthropic changed the default reasoning effort. The tool she depends on for engineering work became unreliable without warning. Her analysis: 6,852 sessions, 234,760 tool calls, a measurable drop in code quality after the change.

Meanwhile, governance is catching up. The Linux kernel, running 96% of the top million web servers, finalized its AI code policy this week after months of debate. AI-generated code is permitted under specific conditions: full developer accountability, a new “Assisted-by” tag (so contributions disclose AI involvement without the legal weight of a human sign-off), and no AI as a substitute for human review. The first major infrastructure project to formalize a governance framework for AI contributions. Probably not the last.

The zero-human pipeline works. The zero-human accountability model doesn’t exist yet. That gap is where the interesting problems live.

The Backlash Arrived at People’s Homes

Thirteen shots were fired into Indianapolis city-county councilor Ron Gibson’s home with a “No Data Centers” note left at his door. His eight-year-old son was in the house. The FBI is investigating.

On April 10, someone threw a Molotov cocktail at Sam Altman’s San Francisco residence. A 20-year-old suspect was arrested after later threatening to burn down OpenAI’s offices.

Tennessee introduced SB1493, making it a Class A felony (15-25 years) to train AI systems that encourage suicide or simulate human relationships. Still in the Senate Judiciary Committee. A proposal, not a law. But the sentiment behind it is real.

A Walton Family Foundation/Gallup survey found 31% of Gen Z now report outright anger about AI, up from 22%. Fortune reported that 80% of white-collar workers are refusing AI adoption mandates at work.

These are unrelated actors in unrelated contexts. The Indianapolis incident is a data center siting conflict, the same category of NIMBY fight that happens with power plants and prisons. The Altman incident is personal security for a billionaire tech CEO. The Tennessee bill is legislative theater that may die in committee.

But within a single week, the resistance to AI showed up as gunfire, firebombs, criminal legislation, and organized workplace refusal. That’s a different texture than opinion polls.

OpenAI seems to agree that the displacement is real. On April 6, they published a 13-page policy blueprint proposing robot taxes, a national public wealth fund paying dividends to all citizens (modeled on Alaska’s Permanent Fund), and a four-day workweek supported by AI productivity gains. Sam Altman compared the moment to the Progressive Era and the New Deal.

The company building the tools that displace people is now calling for redistribution. You can read that as genuine responsibility or strategic positioning ahead of an IPO. Probably both.

AI Is Prescribing Psychiatric Medication

Utah and California approved Legion Health, a Y Combinator-backed startup, to renew psychiatric medications for stable patients without a human clinician signing off on individual cases. PYMNTS covered the Utah clearance in detail.

The scope is narrow. 15 low-risk psychiatric medications, renewals only, for patients already stabilized on their prescriptions by a human psychiatrist. New prescriptions still require a human. The rollout is phased: first 250 cases get direct physician oversight, next 1,000 get post-hoc review, then autonomous operation.

The pitch: targeting a provider shortage that leaves hundreds of thousands of patients waiting months for a 15-minute refill appointment. The concern: psychiatric medications require monitoring for side effects, dosage adjustments, and changes in patient condition that a renewal-focused system may not catch.

This isn’t AI diagnosing or initiating treatment. It’s automating the most routine step in an established treatment plan. But it is regulatory approval for an AI system making medical treatment decisions. Not recommending to a doctor, but deciding. A narrow precedent, but a real one.

Anthropic acquired Coefficient Bio for ~$400 million in stock this week. A stealth startup of fewer than 10 people specializing in protein design. The team joins Anthropic’s health and life sciences division. AI in healthcare isn’t just a startup story anymore. The frontier labs are making vertical bets.

In Brief

Meta went closed. Meta Superintelligence Labs released Muse Spark, their first closed-weights model. It scored 52 on the Artificial Analysis Intelligence Index, fourth overall. Chollet called it overoptimized for public benchmarks (it scored just 42.5 on ARC-AGI-2 vs. 76+ for GPT-5.4 and Gemini). One product launch isn’t a strategy pivot, but Meta choosing closed-weights for its most capable model is notable.

Agent infrastructure keeps shipping. Anthropic launched Managed Agents (hosted sandboxing, orchestration, $0.08/session-hour). Google open-sourced Scion, an agent orchestration testbed. GitButler raised $17M from a16z to rebuild version control for human-agent collaboration. Apple published governance-aware agent telemetry research stopping 98.3% of multi-agent policy violations. The plumbing layer for agent deployment is becoming its own product category.

Worth Your Time

If you read three things:

  1. Project Glasswing (Anthropic): The full announcement of why Mythos Preview was withheld and how the defensive coalition works. Read it alongside the AISLE research on small models reproducing the findings.

  2. OpenAI’s Vision for the AI Economy (TechCrunch): The 13-page blueprint proposing robot taxes, wealth funds, and four-day workweeks. Whatever you think of OpenAI, the policy specifics are worth engaging with.

  3. Linux Kernel AI Code Policy (Tom’s Hardware): How the world’s most important open-source project decided to handle AI-generated contributions. The accountability framework: humans responsible, AI credited but not trusted. Likely the template everyone else will follow.