SED News: Anthropic’s Mythos, Supply Chain Hacks, and the AI Spending Surge

What It Covers

Anthropic's restricted Mythos security model, a supply chain breach tracing from Roblox malware through Context.ai to Vercel, Meta and Snap layoffs tied to AI infrastructure costs, and the $650–700 billion projected hyperscaler CapEx for 2026 reshaping cloud, chip, and talent markets simultaneously.

Key Questions Answered

• •Mythos model access: Anthropic's Mythos security model, released only to firms including Amazon, Apple, Microsoft, and JPMorgan Chase under Project Glasswing, autonomously identifies previously unknown vulnerabilities — including a 27-year-old OpenBSD flaw — in major operating systems and browsers. Teams building on legacy infrastructure should treat this as a signal to prioritize proactive vulnerability auditing now.
• •Supply chain attack vector: The Vercel breach originated from a single Context.ai employee downloading fake Roblox cheats, which installed Luma Stealer malware, harvested OAuth tokens, and cascaded into Vercel's internal systems. The direct mitigation Vercel implemented — encrypting all environment variables as sensitive by default — should be treated as a baseline configuration standard, not a post-breach reaction.
• •Secure-by-default gap: Cisco's 2026 State of AI Security report finds 83% of organizations plan to deploy agentic AI, but only 29% report readiness to secure it. Teams adopting AI tooling should audit OAuth permission scopes immediately, restricting agent access to only the specific data sources required rather than granting broad workspace-level credentials.
• •AI CapEx structural lock-in: Google and Amazon have each committed tens of billions to Anthropic while simultaneously building competing models on proprietary chips — Trainium, Graviton, and TPUs. Because model training becomes structurally tied to a cloud provider's chip roadmap, teams selecting a cloud platform for AI workloads are effectively choosing a model performance trajectory for multiple years ahead.
• •Engineering hiring rebound: TrueUp data shows 67,000 open software engineering roles across 9,000 tech companies — double mid-2023 levels and up 30% in 2026. IBM and Intuit are specifically targeting junior, AI-native engineers rather than exclusively senior hires, signaling that entry-level candidates who demonstrate fluency with agentic coding tools carry measurable hiring advantage in the current market.