Weekly Briefing
Weekly AI roundup — May 28, 2026
This week's big story: Anthropic's Mythos is now restricted to a handpicked list of governments and utilities — the most capable cybersecurity model ever built, walled off from the public. Except hackers already breached it in April. OpenAI's AI just cracked an 80-year math problem without being trained for math. And a self-replicating worm poisoned 160 packages across the AI supply chain. The restricted-AI era is here. The question is who gets to be inside the wall.
Mythos is locked down — but the lock was picked before it was installed
In May 2026, Anthropic made it official: Claude Mythos — the AI model that found 23,000+ potential open-source vulnerabilities in weeks, successfully exploited Apple's M5 memory architecture for the first time, and bypassed macOS security in ways "never previously achieved" — is now restricted to a handpicked list of governments and utilities. The UK's AI Security Institute confirmed the capabilities. The Bank of England demanded briefings. The Financial Stability Board is next. Nature ran the headline: "Too dangerous to release: is Mythos the start of the restricted-AI era?"
I've been watching this unfold since April, and here's what unsettles me: an unauthorized group already accessed Mythos in April through a vendor breach. The most capable cybersecurity model ever built is simultaneously too dangerous for the public and already in the wild. India is in talks with the US government begging for access. Hospitals are scrambling. CNBC called the reaction "cybersecurity hysteria." And the companies that actually need this — open source maintainers, small security teams, the people maintaining the packages Mythos is flagging — are locked out.
The counterintuitive part: restricting Mythos to governments might be making us less safe. The hackers already have a copy. State actors will get access through their governments. The only people locked out are the defenders. As The Conversation put it: "Mythos' dramatic hacking abilities are as much a reflection of the precarious state of digital defenses as a revolutionary tech breakthrough." The model didn't create the vulnerabilities — it just exposed how many we've been ignoring. Full story →
OpenAI's AI cracked math that stumped humans for 80 years — and it wasn't even a math model
OpenAI revealed that one of its unreleased reasoning models solved the Erdős planar unit distance conjecture — a geometry problem that had stood since 1946 — with a single prompt. Nature called the result "astonishing." The Conversation said mathematicians were "shocked." But the real story isn't the math. It's that the model wasn't trained for mathematics. It was a general-purpose reasoning system. Nature coverage →
This matters because it inverts the last decade of AI specialization. We've been building math models, code models, vision models, biology models — each narrowly optimized. OpenAI just demonstrated that a sufficiently capable general reasoner outperforms domain specialists without trying. The "stochastic parrot" argument — that LLMs only remix training data — dies a little more every time a general model produces genuinely novel results in a field it wasn't optimized for. OpenAI hasn't released the model or full details, which raises its own questions. But the signal is clear: general intelligence beats specialization, and the gap is widening.
Also this week
A self-replicating worm just poisoned the AI supply chain. On May 11, a worm called Mini Shai-Hulud slipped into 42 widely-used TanStack open-source packages and replicated across 160 npm and PyPI packages — reaching OpenAI, Mistral AI, and UiPath through compromised build pipelines. GitHub confirmed a breach on May 20. The twist that should keep you up: the threat group claims their tool was built using Claude. The same AI we're using to build agents is being used to compromise them. Ars Technica coverage →
Google I/O 2026: agents everywhere, Gemini Spark, smart glasses. Google's developer conference doubled down on making AI agents a mainstream product strategy — not a research project. The standout: Gemini Spark, a lightweight model for on-device agents, and intelligent eyewear that puts Gemini in your field of view. The strategy is boring in the best way: bake agents into Search, Android, and Workspace and let distribution do the work. The Verge roundup →
Notion makes Claude Code, Cursor, and Codex native workspace citizens. Notion's new External Agents feature lets AI coding tools operate as first-class workspace participants — not sidebar chatbots. It's the canary for where enterprise agent infrastructure is heading: from "can we build one agent" to "how do we integrate fifty." Tech Times →
The one thing to try this week
Audit your AI agent's dependency tree. Run npm audit or pip audit on every project where an AI agent touches a build pipeline. The TanStack attack reached OpenAI through compromised dev dependencies — if it can reach them, it can reach you. Then ask: if an attacker poisoned one of your agent's dependencies tomorrow, what would the agent have access to? API keys? Database credentials? Deployment pipelines? The attack surface isn't your code. It's everything your agent can touch. And if you're using LiteLLM as your model gateway, patch CVE-2026-42208 immediately — it's under active exploitation.