AI Weekly #17/2026: Claude Mythos Finds 271 Firefox Vulnerabilities – And Stays Under Lock
Speech synthesis: edge-tts (en-US-AndrewNeural), generated on 26/04/2026, 13:40:04.
TL;DR
This week in 30 seconds:
- Claude Mythos: Anthropic’s secret frontier model found 271 Firefox zero-days – and will therefore not be released; only 6 tech giants receive exclusive access for pre-patch purposes.
- Compute War: Google secures Anthropic with a $40B deal at a $350B valuation – combined with Amazon’s $25B, Anthropic now has access to 10 gigawatts of compute.
- Sovereign AI: Cohere acquires Aleph Alpha for $20B, financed by Lidl parent Schwarz Group – Europe’s most concrete alternative to US AI hyperscalers yet.
- DeepSeek: V4-Pro with 1.6 trillion parameters on Huawei chips launches as the world’s largest open-weight model – at $0.14/million tokens for V4-Flash.
Audio Version
12:55 | Download MP3
Chapters
- 0:00 - TL;DR - 0:53 - Story of the Week - 3:10 - More Top Stories - 7:15 - Quick Hits - 8:17 - Tool of the Week - 9:25 - Fail of the Week - 10:53 - Number of the Week - 11:26 - Reading List - 12:10 - Next WeekRead aloud with edge-tts (en-US-AndrewNeural)
Story of the Week
The World’s Most Dangerous Model – That You’ll Never Use
271 zero-day vulnerabilities in Firefox alone [1]. Anthropic’s new frontier model “Claude Mythos” is so capable at finding and exploiting security vulnerabilities that its creator isn’t even planning a public release – and has instead built an exclusive patching program for six of the world’s most powerful tech companies.
Foreign Policy reported exclusively on April 20 about “Project Glasswing”: Amazon, Apple, Google, JPMorganChase, Microsoft, and Nvidia receive privileged access to Mythos [1]. The purpose is defensive – the companies are meant to patch their own systems before a malicious actor could use the same model to attack them. Mozilla CTO Eric Rescorla publicly confirmed that Mythos identified 271 vulnerabilities in Firefox alone – a browser used by more than two billion people daily.
Anthropic describes Mythos as “the most powerful model to date” with cybersecurity as its primary application. The model can autonomously plan and execute multi-stage cyberattacks – a capability level that apparently crosses even Anthropic’s threshold between “safe release” and “not justifiable.” No public API access is planned.
“The most powerful model to date.” [1]
— Anthropic, quoted via Foreign Policy
Why this matters: For security teams, this marks the transition into a new era. If an AI model can find 271 Firefox bugs in a short time, attackers with similar or stolen systems can do the same – classic patch cycles that take weeks to months are no longer sufficient. “Project Glasswing” is effectively a private early-warning system for six select partners, while the rest of the industry waits.
Critical voices: It remains unclear by what criteria the six partners were selected – and why operators of critical infrastructure (utilities, hospitals, government agencies) receive no access. Who decides whose systems get patched first?
Bottom line: The world’s most powerful offensive AI model is currently securing the systems of a handpicked tech elite – everyone else has to hope that nobody else replicates it first.
More Top Stories
Google Doubles Down: $40 Billion for Anthropic – and 5 Gigawatts of Compute
The largest single investment in AI history is official: Alphabet is committing up to $40B to Anthropic [2]. $10B flows immediately at a $350B valuation, with another $30B tied to performance targets. Additionally, Google Cloud is providing 5 gigawatts of TPU-based compute capacity over five years [2].
Combined with Amazon’s existing $25B deal and its own 5 GW compute package, Anthropic now has access to up to 10 gigawatts of compute [2] – a reserve that would make even hyperscalers envious. Anthropic’s annual revenue surpassed the $30B mark in April 2026, making the valuation appear less absurd despite its size.
For enterprise customers and developers, this means stability: Anthropic can keep pace in the infrastructure arms race against OpenAI, Google DeepMind, and Meta. The flip side: with Google and Amazon as primary financiers, Anthropic’s “independence” is increasingly a matter of definition.
Cohere + Aleph Alpha: Europe’s Only $20 Billion AI Alliance
The first transatlantic sovereign AI champion is taking shape: Canadian AI company Cohere is acquiring German startup Aleph Alpha, financed through a €500M investment from Schwarz Group (owner of Lidl and Kaufland) [3]. The combined valuation stands at around $20B, compared to $6.8B for Cohere alone. Aleph Alpha’s 250 employees bring specialized expertise in small language models, European languages, and tokenizers [3].
“Their focus on small language models, European languages and tokenizers is a really complementary one.” [3]
— Aidan Gomez, CEO Cohere
The strategic goal: a sovereign alternative for governments and regulated industries (defense, energy, finance, healthcare, public sector) that distrust US hyperscalers – backed by both the Canadian and German governments [3]. Aleph Alpha’s existing customer relationships in Europe – from federal agencies to DAX corporations – are the real asset here.
For European companies and government bodies, this is the most concrete sovereign AI option that has ever existed at this level. A $20B valuation is still far from Anthropic’s $350B – but sovereign AI doesn’t compete primarily on capability, but on trust, data privacy, and regulatory compliance. On that terrain, the Cohere–Aleph Alpha combination has genuine strengths.
DeepSeek V4: 1.6 Trillion Parameters on Huawei Chips – at Fraction-of-Cost Pricing
DeepSeek has released V4-Flash and V4-Pro as a preview, both as Mixture-of-Experts architectures with a 1-million-token context window – developed entirely on Huawei hardware, without Nvidia GPUs [4]. V4-Pro brings 1.6 trillion total parameters (49B active), making it the world’s largest available open-weight model – more than twice the size of V3.2 with 671B parameters [4].
“Closed the gap with current leading models, both open and closed, on reasoning benchmarks.” [4]
— DeepSeek
The price: $0.14 per million input tokens for V4-Flash [4] – V4-Pro pricing will follow with the full release. The knowledge cutoff is still roughly 3–6 months behind absolute frontier models – but the benchmark catch-up curve is steep. For teams looking to minimize costs without sacrificing strong reasoning capabilities, DeepSeek V4 is a serious contender. Politically, the question remains open whether Western companies will be permitted or willing to use Chinese open-weight models for sensitive workloads.
Quick Hits
Briefly noted:
- GPT-5.5: OpenAI unifies Codex and the main model – 82.7% on Terminal-Bench 2.0, immediately available for all paid tiers (Plus, Pro, Business, Enterprise) in ChatGPT and the Codex API [5].
- Agent Economy: Anthropic employees sent AI agents as buyers and sellers into a real test marketplace – 186 completed deals, over $4,000 in total revenue; stronger models achieved objectively better outcomes for their “owners,” defining “Agent Quality Gaps” as a new risk for users of weaker agents [6].
- ChatGPT Images 2.0: OpenAI launches gpt-image-2 with up to 4K resolution, ~99% text accuracy, and support for Japanese, Korean, Hindi, and Bengali – DALL-E 2 and DALL-E 3 will be shut down on May 12, 2026; developers must migrate [7].
Tool of the Week
ComfyUI – Node-based AI media workstation for creators who want control
ComfyUI has raised $30M in Series B funding at a $500M valuation – with Craft Ventures as lead investor [8]. With over 4 million users, the node-based workflow interface for AI-generated images, videos, and audio has established itself as the de facto standard for creators who want to extract more than 60–80% target quality from prompt-based tools [8].
“In the world where AI slop is going to be everywhere, the Comfy version of human-in-the-loop approach is going to win out.” [8]
— Yoland Yan, CEO ComfyUI
Particularly useful for VFX artists, animators, advertising professionals, and industrial designers who need repeatable, controlled workflows rather than random prompt results. “ComfyUI artist/engineer” is developing into an independent job title according to the CEO [8]. Open source, locally runnable, with a massive community plugin library for virtually every media use case.
Fail of the Week
“We silently test-raise your prices – then walk it back”
Anthropic restricted Claude Code without announcement to $100+/month Max plans – instead of the previous $20/month (Pro) [9]. Only the pricing page was updated; support documentation and community channels remained untouched. The result: confusion, public backlash on X and Hacker News, and Simon Willison – one of the most influential AI bloggers and educators – publicly signaled a switch to OpenAI Codex for his teaching materials [9].
Within hours, Anthropic walked it back. Head of Growth Amol Avasare explained after the fact:
“For clarity, we’re running a small test on ~2% of new prosumer signups. Existing Pro and Max subscribers aren’t affected.” [9]
OpenAI seized the moment for its own positioning: Thibault Sottiaux publicly posted that Codex would remain available on the Free and Plus tier ($20) (via simonwillison.net [9]). That’s also marketing – but in this case, targeted precisely at a community that was just frustrated.
Root cause: An A/B pricing test was rolled out without any communication – in a developer community that depends on predictability and trust, since entire workflows are built on pricing assumptions.
What we learn: If you’re testing prices, communicate it. Developer communities penalize opacity faster and more durably than any other user group.
Number of the Week
271 Zero-Day Vulnerabilities
Exactly 271 security vulnerabilities were found by Claude Mythos in Firefox alone – confirmed by Mozilla’s CTO following participation in “Project Glasswing” [1]. The number makes tangible why Anthropic has no plans for a public release: an attacker with access to Mythos would have a ready catalog of exploitable vulnerabilities before patches exist. And that’s just Firefox – not Windows, not macOS, not Chrome, not Android.
Reading List
For the weekend:
- Claude Mythos: The Powerful New AI Model That Can Find Zero Days – The full original Foreign Policy article on Project Glasswing; essential reading for anyone wanting to understand the security and policy implications of frontier AI (12 min)
- Why Cohere is Merging with Aleph Alpha – Explains the strategic logic behind the merger and why sovereign AI as a market position is more than just marketing (8 min)
- Claude Code confusion – Simon Willison’s measured analysis of Anthropic’s pricing fail; shows precisely how developer communities respond to breaches of trust – and why it escalates faster than with consumer products (5 min)
Next Week
What’s coming:
- May 12, 2026: DALL-E 2 and DALL-E 3 will be shut down – developers still relying on OpenAI’s older image models must migrate to gpt-image-2 by then [7].
- Project Glasswing Follow-up: After Mozilla’s public confirmation of the 271 Firefox bugs, more Glasswing partners are expected to issue statements – or may stay silent for exactly that reason.
- DeepSeek V4 Full Release: The model is still in preview – we’re watching for when V4-Pro appears fully on Hugging Face and the API, and how independent benchmark comparisons with frontier models turn out.
🤖 Behind This Newsletter
Generated in: ~35 minutes
Sources scanned: 9 articles from 4 feeds
Stories found: 10 → 9 selected
Validation: 4 agents, 10 issues found (4 blocking, 6 non-blocking)
Model: Claude Sonnet 4.6 + Haiku (Validation)
Images: Pollinations.ai (5 generated)
Full Metrics
| Phase | Metric | Value |
|---|---|---|
| Source collection | RSS feeds | 4 |
| Source collection | WebSearch queries | 6 |
| Selection | Stories presented | 10 |
| Selection | Stories selected | 9 |
| Draft | Words | ~1,600 |
| Draft | Sources cited | 9 |
| Validation | Fact-check issues | 4 |
| Validation | Balance issues | 5 |
| Validation | Quality issues | 3 |
| Validation | Legal issues | 1 |
This newsletter was researched and written AI-assisted. Images generated with Pollinations.ai.
Sources
- Claude Mythos: The Powerful New AI Model That Can Find Zero Days
- Google to invest up to $40B in Anthropic in cash and compute
- Why Cohere is merging with Aleph Alpha
- DeepSeek previews new AI model that closes the gap with frontier models
- Introducing GPT-5.5
- Anthropic created a test marketplace for agent-on-agent commerce
- ChatGPT's new Images 2.0 model is surprisingly good at generating text
- ComfyUI hits $500M valuation as creators seek more control over AI-generated media
- Claude Code confusion