Anthropic’s Cybersecurity Shock Wave + Ronan Farrow and Andrew Marantz on Their Sam Altman Investigation + One Good Thing

What It Covers

Anthropic's unreleased Claude Mythos model discovers zero-day vulnerabilities in every major operating system and browser, prompting a controlled release to a defensive cybersecurity consortium. New Yorker journalists Ronan Farrow and Andrew Marantz discuss their Sam Altman investigation, revealing patterns of deception, the missing board investigation report, and deep Gulf state ties.

Key Questions Answered

• •AI Cybersecurity Gap: Anthropic's Claude Mythos found a 27-year-old security flaw in OpenBSD and a critical bug in FFmpeg that survived 5 million automated scans. Rather than releasing publicly, Anthropic granted access exclusively to a defensive consortium including Cisco, Microsoft, Apple, and Amazon, creating the first significant public-private AI capability gap since GPT-2 in 2019.
• •Software Rewrite Timeline: Security experts, including former Yahoo and Facebook security chief Alex Stamos, estimate the next six months will require patching, rewriting, and rereleasing virtually all major software. The primary bottleneck is human review capacity — not the AI's ability to find bugs — meaning medium and small businesses running legacy firmware face the longest exposure window.
• •Personal Cybersecurity Baseline: While defensive teams work through the vulnerability backlog, individuals should immediately adopt three practices: use a dedicated password manager such as 1Password with randomly generated unique passwords for every account, enable authenticator-app-based multifactor authentication on email and banking, and avoid reusing any passwords across services — the most exploitable single point of failure.
• •Missing OpenAI Investigation Report: The Farrow-Marantz investigation reveals that the law firm hired after Sam Altman's 2023 firing never produced a written report. The board members Altman helped select to oversee the process now state a written report was unnecessary, resulting in an 800-word press release citing a vague "breakdown in trust" — an outcome legal experts flag as a red flag for high-profile nonprofit governance.
• •Sam Altman's Gulf State Ties: Reporting documents that Altman's financial relationships with Emirati and Saudi royals run substantially deeper than OpenAI's public framing of routine business fundraising. This matters structurally: when a company pitches itself as a safety-focused nonprofit while cultivating opaque sovereign wealth relationships, the gap between stated mission and actual capital dependencies becomes a governance risk worth tracking.
• •AI Regulatory Vacuum: A private San Francisco company now holds technology capable of autonomously discovering critical vulnerabilities across all major operating systems, yet operates under no meaningful regulatory framework. The Biden-era executive order establishing AI oversight was rescinded on competitiveness grounds, leaving model development of this scale — with direct national security implications — entirely self-governed by the companies building it.