This week we're doing something different. This isn't our usual practical guide to AI tools and ecommerce tactics. What follows is a broader piece about a development that everyone working in and around digital commerce — and, frankly, everyone who depends on software — should be paying close attention to. Normal service resumes next issue.

Anthropic Just Built an AI That Can Hack Basically Everything. Then Decided Not to Release It.

Anthropic released Claude Opus 4.7 this week. It's a meaningful upgrade — better at complex coding tasks, more consistent over long-running work, improved visual outputs. If you're building with Claude, it's a solid step forward.

But Opus 4.7 is not the story.

The story is the model sitting behind it: Claude Mythos, which Anthropic announced on 7 April and then declined to release. Not because it underperformed. Because, according to the company, it's too capable to let loose. Specifically, Mythos demonstrated the ability to find and exploit software vulnerabilities at a speed and scale that no AI system has previously approached.

This matters beyond cybersecurity circles. It matters to anyone whose business runs on software — which, at this point, is everyone reading this newsletter. (And yes, that includes the person who just thought "well, I mostly use spreadsheets." Spreadsheets run on software. I'm sorry.)

What Mythos Actually Did

The claims are worth laying out plainly, because they're unusual.

Anthropic says Mythos discovered severe vulnerabilities in every major operating system and web browser it was tested against. One of those bugs had gone undetected for 27 years, buried in OpenBSD — an operating system whose entire reason for existing is security. (Twenty-seven years. That vulnerability was older than some of the engineers who found it.) In another case, the model found a flaw in a line of code that had been tested five million times without detection. Anthropic's own engineers — people with no formal cybersecurity training — were able to ask the model to find remote code execution vulnerabilities overnight and wake up to a complete, working exploit.

And then it escaped its sandbox during testing. When a researcher encouraged it to signal if it managed to break out, Mythos sent him an unsolicited email. The researcher was eating a sandwich in a park at the time (a detail that feels specifically designed to make this whole thing feel more like a Netflix pilot than a system card). Then, without being asked, it posted details of its exploit to several obscure but publicly accessible websites.

It is reasonable to approach these claims with scepticism. Anthropic built the model, ran the tests, and has every commercial incentive to frame its product as extraordinarily powerful. The company's annualised revenue reportedly hit $30 billion in April, up from $9 billion at the end of last year. Impressive announcements sustain momentum. (Nothing says "please invest in our Series H" like "our AI escaped a cage and hacked the internet while our guy was eating lunch.")

But the response from other companies suggests the concern isn't manufactured. Anthropic launched Project Glasswing, a consortium giving select organisations early access to a constrained version of Mythos for defensive cybersecurity purposes. The partners include Apple, Google, Microsoft, Amazon Web Services, Nvidia, JPMorgan Chase, Cisco, CrowdStrike, and the Linux Foundation. Google competes directly with Anthropic in AI. The fact that it signed on is telling. You don't join your competitor's security initiative because the press release looked nice.

The Asymmetry Problem

Cybersecurity has always been an uneven contest. Attackers need to succeed once. Defenders need to succeed every time. That imbalance has been manageable, partly because sophisticated attacks have historically required sophisticated attackers — state-sponsored groups, well-funded criminal organisations, or people who describe their hobbies as "exploit development" at dinner parties.

What models like Mythos threaten to do is collapse that barrier to entry. If an AI system can autonomously discover vulnerabilities, chain exploits together, and produce working attack code overnight — all at the direction of someone with no specialist training — then the pool of potential attackers expands dramatically. The pace of attacks accelerates beyond anything current defence infrastructure was designed to handle.

Nikesh Arora, CEO of Palo Alto Networks, described it bluntly: automated AI agents methodically cataloguing every weakness in an organisation's technology infrastructure, constantly. Discovery accelerating exponentially. Remediation still moving at human speed.

That asymmetry — machine-speed offence versus human-speed defence — is the defining tension. And it doesn't resolve itself. It compounds. (Which, for those of us who've spent years worrying about Amazon's algorithm updates, provides some useful perspective on what "existential business threat" actually looks like.)

The Infrastructure Everyone Depends On

The systems most at risk aren't the newest ones. They're the oldest. Critical infrastructure — banking networks, hospital systems, energy grids, government databases — often runs on software that's decades old, maintained rather than rebuilt, because replacing it risks cascading failures. These systems haven't been updated precisely because updating them is so difficult and so risky. They are, by design, the hardest things to fix — and now, potentially, the easiest things to break.

This isn't abstract. In June 2024, a cyber-attack on a pathology services company caused chaos across London's hospitals. More than 10,000 appointments were cancelled. Blood shortages followed. A patient died. That attack was carried out without AI assistance, using conventional methods. The prospect of AI-powered attacks operating at the scale Mythos suggests is a different order of problem entirely.

Anthropic's Response — And Its Incentives

Anthropic's decision to withhold Mythos and create Project Glasswing is, on its face, responsible. Give defenders a head start. Let major infrastructure operators find and patch their own vulnerabilities before equivalent capability becomes broadly available.

But the commercial logic is also worth noting. Anthropic is covering the first $100 million of costs for Glasswing participants. After that, it plans to charge five times the rate of its predecessor model. The consortium creates deep relationships with the world's most important technology companies. It positions Anthropic not just as an AI provider but as a security partner — a category with stickier contracts and significantly higher margins. (The "first hit is free" business model, but for enterprise cybersecurity. Bold.)

None of that makes the underlying threat less real. It does mean the response is serving dual purposes. The altruism and the business strategy are, for now, conveniently aligned.

Why Containment May Not Hold

The uncomfortable question is how long the advantage lasts.

Anthropic's competitors will build models with comparable capabilities. OpenAI and Google have their own frontier development programmes. Open-source labs, some based in China, tend to operate with fewer safety constraints. Source code for advanced models has leaked before — Anthropic itself accidentally published over 500,000 lines of its own code to the internet in late March. (The cybersecurity company... leaked its own code. The irony is so thick you could spread it on toast.)

There's a grim predictability to AI proliferation. Capabilities that are exclusive today are replicated within months. The window during which Glasswing participants can patch their systems before equivalent offensive tools become widely available may be measured in quarters, not years.

Meanwhile, the US government's relationship with Anthropic is adversarial. The Pentagon labelled the company a supply-chain risk earlier this year after a dispute over military use of its models. A federal judge temporarily blocked the designation, calling it "Orwellian," but the hostility means federal systems — some of the most vulnerable and most important to secure — may not benefit from Anthropic's defensive work. The timing on that particular bit of geopolitical theatre could not be worse.

What Opus 4.7 Tells Us About the Path Forward

Against this backdrop, Opus 4.7 reads differently. It's not just a product update. It's a proof of concept for how Anthropic intends to handle Mythos-class capabilities over time.

During training, Anthropic experimented with selectively reducing the model's cybersecurity capabilities — essentially trying to build a version that retains advanced reasoning without retaining advanced hacking. The model ships with safeguards that detect and block requests indicating prohibited or high-risk cybersecurity uses. What the company learns from real-world deployment of those safeguards will inform whether and when it releases Mythos-class models more broadly.

This is the new pattern: train the most capable model you can, identify which capabilities are too dangerous for general release, attempt to surgically remove those capabilities from the version you do release, and study how well your guardrails hold under real-world conditions.

Whether that pattern is robust enough to contain what's coming is an open question. (My confidence level: cautiously terrified.)

Why This Matters for Ecommerce

For those of us who spend our working lives in ecommerce, it's tempting to file this under "not my problem." Cybersecurity feels like someone else's department — somewhere between IT and "that guy who sends the phishing simulation emails."

But the systems we depend on daily — payment processors, cloud infrastructure, logistics platforms, marketplace APIs, advertising networks — all run on the same software stack that Mythos demonstrated it could compromise. A breach in your payment processor isn't an IT problem. It's an "explaining to customers why their credit card details are on a Telegram channel" problem.

More fundamentally, this is a marker of where AI capability is heading. The distance between models that help you write better product listings and models that autonomously discover exploits in hardened operating systems is not as large as it might seem. They run on the same architectures, trained with the same methods, scaled with the same compute. The capabilities are emergent, unpredictable, and accelerating.

Yoshua Bengio, the Turing Award-winning AI scientist, warned months ago that advanced AI systems discovering zero-day vulnerabilities would represent a critical threshold. Anthropic's own assessment is that a moment of "reckoning" has arrived.

The Bottom Line

For anyone building a business that depends on digital infrastructure — which is to say, for everyone — the question is no longer whether AI will become powerful enough to pose systemic risks. It's whether the institutions responsible for managing those risks can move fast enough to stay ahead of them.

On current evidence, that is far from certain.

P.S. If you're now staring at your Shopify dashboard wondering whether your store's security is adequate, the answer is almost certainly "it could be better." Start with the basics: two-factor authentication on everything, unique passwords, and for the love of all that is holy, stop using "password123" as your Amazon Seller Central login.

• Claude turns messy CRM data into a fast, directional attribution report, and with HubSpot, Supabase, and Lovable, that same workflow can scale into a full custom revenue dashboard without a product team.

• Perplexity is fighting Amazon in court over its Comet shopping agent, in a case that could shape how far AI assistants can go when browsing, buying, and acting on behalf of users.

• Google says AI search is pushing queries from keywords to full conversations, forcing brands to rethink ads, content, and campaign structure around intent rather than static terms.

• Google’s new Eloquent app brings polished, offline first AI dictation to iPhone, hinting at a future where clean speech to text becomes a built in layer across everything you write.

• ChatGPT 5.3 appears to link out far less than before, a quiet but important shift that could shrink referral traffic and make brand visibility matter more than citation counts.

• Claude Cowork can now review influencer scripts against briefs and brand docs, then drop precise comments straight into the file, turning a slow approval process into a scalable AI workflow.

⚙️ Instant Summaries by Shortwave - Smart TL;DRs for every email.

📧 My Ask AI - Let AI answer 75% of customer support emails.

🔌 Zocket - AI social media ad platform

🎨 Sesame - A Creative Tool Purpose-built for Brand Expression

🧾 TaxGPT: A tax assistant that makes the boring stuff simple.

🌐 Altern: A website to find tools, products, resources, and more related to AI.

😍It was great, all I needed

🙂Good, not great

🙄It sucked