A frontier model is now hunting bugs in your stack

By Mark 7 min read 0 views

😁 Hello, super humans! A frontier model that can out-hack almost any human just got pointed at the software running power grids, hospitals, and telecom networks. That is the headline behind Anthropic’s Project Glasswing expansion, and it cuts both ways for anyone who ships code. Let’s pull it apart. Coffee up, terminals open.

πŸ“° Quick Signals

  • 🧠 AI: Anthropic confidentially filed for an IPO after a $65B Series H at a $965B valuation, eclipsing OpenAI and targeting an October Nasdaq listing (Anthropic).
  • πŸ€– Robotics: Tesla is converting part of its Fremont line into an Optimus factory, with V3 production slated to start this summer and high-volume output targeted for next year (TechTimes).
  • πŸ’» Programming: The GitHub Copilot app now supports BYOK, so you can run agent sessions against your own OpenAI, Azure, Anthropic, LM Studio, or Ollama keys (GitHub Changelog).
  • ⚑ Electronics: Arduino’s Ventuno Q pairs a Qualcomm Dragonwing IQ8 (up to 40 TOPS NPU) with a dedicated STM32H5 for low-latency motor control, shipping this quarter (Electronics Weekly).
  • πŸ“‘ Telecom: At MWC Shanghai, China Telecom argued AI-native 6G must orchestrate connectivity and compute together rather than treating them as separate layers (RCR Wireless).

πŸ” The Big Story: A frontier model is now hunting bugs in critical infrastructure

If you ship software, the capability that just went wide should change how you think about your own attack surface, because the same model that can fix your code can find the holes in it first.

What happened: Anthropic expanded Project Glasswing, its initiative to secure critical software, by giving roughly 150 more organizations across 15-plus countries access to Claude Mythos Preview, an unreleased frontier model (Anthropic). The new cohort includes infrastructure operators in power, water, healthcare, and telecommunications, joining launch partners such as AWS, Apple, Cisco, CrowdStrike, Google, Microsoft, NVIDIA, Palo Alto Networks, and the Linux Foundation (Cybersecurity Dive).

The details: Anthropic says Mythos has reached a level of coding skill where it can surpass all but the most elite humans at finding and exploiting vulnerabilities. Across launch, Anthropic and about 50 partners used it to surface more than ten thousand high- or critical-severity vulnerabilities, including some in every major operating system and web browser (TechCrunch). The bet is defensive: get the model into the hands of the people who maintain the world’s shared codebase before the same capability shows up on the other side.

flowchart LR
    A[Claude Mythos Preview<br/>unreleased frontier model] --> B[Project Glasswing<br/>~150 orgs, 15+ countries]
    B --> C[Scan critical software:<br/>OS, browsers, infra]
    C --> D[10,000+ high/critical<br/>vulnerabilities found]
    D --> E{Who patches first?}
    E -->|Defenders, via Glasswing| F[Fixed before exploit]
    E -->|Same capability elsewhere| G[Race condition for the internet]

Important

Our take: The honest read is that vulnerability discovery just got commoditized, and the only question left is whether defenders or attackers run the scan first. If a model can find thousands of critical bugs in software everyone depends on, assume that capability is not exclusive to the lab with the press release. For builders, the move is concrete: wire dependency and code scanning into CI now, treat any unpatched high-severity advisory as a live incident, and stop assuming obscurity buys you time. The grace period where “nobody’s looking at our code” was a real defense is over.

πŸ—žοΈ More News

🧠 AI

  • OpenAI confidentially filed an S-1 with the SEC, carrying a roughly $852B private valuation and projecting about $14B in losses this year (CNBC).
  • Amazon’s custom-silicon business hit a roughly $20B annual run rate with triple-digit year-over-year growth, and is reportedly in early talks to sell Trainium chips to third-party data centers (The Motley Fool).
  • xAI made Grok 4.3 generally available on Amazon Bedrock with a 1M-token context window and configurable reasoning levels (xAI).
  • xAI also shipped Grok Imagine Video 1.5 in the Imagine API, adding faster image-to-video plus Projects and multi-agent workflows (xAI).
  • Google’s Gemini 3.5 Pro has reportedly slipped from June to July as the team refines coding, token efficiency, and long-task performance (Analytics Insight).
  • Microsoft and Google keep pushing new coding models to catch Anthropic and OpenAI, whose Claude Code and Codex lead the category (CNBC).
  • Claude Mythos Preview has already surfaced more than 10,000 high- or critical-severity vulnerabilities across the world’s most systemically important software (Anthropic).

πŸ€– Robotics

  • During a South Korea visit, NVIDIA’s Jensen Huang struck humanoid and physical-AI cooperation deals with LG and expanded a partnership with Doosan on AI-factory infrastructure (Theia).
  • China held its 3rd Embodied Humanoid Robot Scenario expo in Hangzhou on June 25, showcasing more than 50 real-world deployment cases (CMRA).
  • Robotics companies have raised about $55.8B so far in 2026, already eclipsing the full-year 2025 total, per Dealroom (Robotics Center).

πŸ’» Programming

  • Copilot CLI now exposes enterprise BYOK models in its /model picker, letting admins push custom models to developers (GitHub Changelog).
  • Python 3.14 is the current release, shipping an experimental JIT and type-system upgrades aimed at both AI and general workloads (The New Stack).
  • Dependabot dropped support for end-of-life Python 3.9, and will stop opening dependency-update PRs for projects still on it (GitHub Releases).
  • Microsoft previewed its next Visual Studio direction at Build 2026, leaning further into agentic, AI-assisted editing (Visual Studio Blog).

⚑ Electronics

  • Arduino’s new UNO Media Carrier adds connectors and expansion options for the UNO Q and the upcoming Ventuno Q (Notebookcheck).
  • ESPHome 2026.4.0 lands a big ESP32 performance boost, with breaking changes plus new RP2040 support for WIZnet Ethernet and GPIO expanders (Hackster).
  • Adafruit released an open-source Arduino library for the ESP32-P4’s low-power core, opening up battery-friendly designs (Adafruit).

πŸ“‘ Telecom

  • Huawei launched 10 optical network products at MWC Shanghai, including what it calls the industry’s first high-density 50G PON service board, as daily AI token demand hit 140 trillion (TechTimes).
  • China became the first country to formally dedicate the U6GHz band (6425 to 7125 MHz) for 6G testing, a band already earmarked for IMT by 20-plus countries (GSMA).
  • China now leads 5G-Advanced across more than 330 cities, with its 5G-A user base topping 110 million (TechTimes).
  • MWC Shanghai debuted a “Constellations of the Future” zone, its first dedicated satellite-industry showcase, as all three Chinese carriers field integrated satellite services (TelecomLead).

πŸ‘¨β€πŸ’» Code Corner

The Big Story’s lesson in one habit: scan your own dependencies before someone else does. pip-audit cross-checks your installed packages against known advisories and flags anything exploitable, no model required.

# Audit your environment (or a requirements file) for known CVEs.
pipx run pip-audit --desc
pipx run pip-audit -r requirements.txt --strict   # non-zero exit on any finding

Tip

Wire the --strict form into CI so the build fails on any high- or critical-severity advisory. A red pipeline today is cheaper than an incident review next quarter.

🧰 Toolbox

  • pip-audit β€” scans Python environments and requirement files against the PyPI advisory database; drop it into CI.
  • GitHub Copilot BYOK β€” run Copilot agent sessions against your own model keys; keys stay in the OS keychain.
  • ESPHome 2026.4.0 β€” faster ESP32 builds plus fresh RP2040 Ethernet and GPIO-expander support.
  • Arduino Ventuno Q β€” edge-AI board pairing a Dragonwing NPU with an STM32H5 for real-time control.
  • Grok 4.3 on Bedrock β€” 1M-token context and configurable reasoning, now GA through AWS for agent and long-document workloads.
  • LLM-Stats β€” running tracker of model releases, prices, and benchmarks; handy when launches land every couple of days.

πŸ› οΈ Build of the Week (rotating)

ESP32 SolarPunk message board β€” A lantern-shaped, solar-powered ESP32 that runs its own Wi-Fi access point and serves a local community message board over a captive portal, no internet required.

  • Difficulty: Intermediate
  • Parts: ESP32 dev board, 6W solar panel, LiPo battery and charge controller, enclosure
  • Why we like it: It is a clean, off-grid take on hyper-local networking, the kind of self-contained node that doubles as a great captive-portal learning project.

πŸ“š From the Blog

  • CloudEvents 1.0: A Universal Language for Your Events: In a world of distributed systems, events need a common language. CloudEvents 1.0 defines a simple, consistent way to describe event data so applications, services, and platforms can communicate without confusion

πŸ˜€ The Bot Says…

A frontier model read the world’s most important code and found ten thousand critical bugs. The rest of us call that “Tuesday’s backlog,” except it cleared it before lunch. Patch accordingly.

That’s all for today! Reply and tell us: is dependency scanning already in your CI, or is it still on the someday list?