The next ninety days: What’s coming in cyber-security

Three important things happened in the past few weeks. Together, they represent a key pattern that we all need to be careful about.

1) Mythos

On April 7, Anthropic announced a new model called Claude Mythos Preview. The model is so effective at finding software vulnerabilities that they restricted access to about forty vetted organizations (AWS, Google, Microsoft, CrowdStrike, a handful of others) under a program called Project Glasswing. Their own red team (internal  team in charge of hacking to test the system) reported that Mythos generates working exploits on the first attempt over 83% of the time. It independently discovered zero-day flaws that had been hiding in production software for over two decades. With Mythos, a complete exploit chain that was only accessible to the best state actor until recently, now costs under $2,000 in compute. 

I respect how Anthropic handled this. They briefed CISA, the White House, the Bank of England. They withheld the model from general availability. They acknowledge that their own safety framework might not be enough going forward. That's the responsible version of this moment.

But equivalent capability will most likely show up in competing models within months. And in open-weight (Chinese) models within a year to eighteen months, according to experts. Anthropic can be responsible. But nothing’s telling us the next lab to unlock this will take the same approach.

2) Moltbook

In late January, a social network called Moltbook went viral. It was an "agent-only" platform (AI agents posting and interacting with each other). The founder said publicly that he didn't write a single line of code. AI built the whole thing.

Three days after launch, security researchers found that the entire production database was open. No authentication required. A Supabase key was hardcoded in client-side JavaScript with no row-level security enabled. Anyone could read or write anything: 4.75 million records, 1.5 million agent authentication tokens, 35,000 email addresses, thousands of unencrypted messages containing plaintext API keys from other services.

Moltbook is a perfect case study because it's not an outlier. An audit of 5,600 vibe-coded apps found over 2,000 vulnerabilities and 400 exposed secrets. Veracode tested AI-generated code across 100 LLMs and found 45% of it fails security checks. SQL injection defenses fail 88% of the time. XSS defenses fail 86%. To be clear for our non-developer friends, those are not complex vulnerabilities. They are items that software developers learn about in the first year of their training.

I wrote in March about becoming useless (the moment I removed human peer review). I stand by the thesis: the cost of building is collapsing, and that's mostly a good thing. But there's a shadow side I didn't spend enough time on. When non-developers ship production code and the security layer is optional (or invisible, or just not understood), you don't get a few bad apps. You get an industrial-scale supply of soft targets, arriving at exactly the moment offensive AI makes finding their weaknesses trivial.

That's the convergence.

3) Vercel

Then, on April 19, Vercel disclosed a breach. The attack didn't start at Vercel. It started at Context.ai, a small company offering an AI-powered Google Workspace add-on. A Context.ai employee (yes, one employee) got infected with malware through a Roblox cheat download (yes, really). That gave attackers access to Context.ai's systems. A Vercel employee had signed up for Context.ai's product with corporate credentials (yes, one employee) and granted broad OAuth permissions. The attackers walked through that door into Vercel's internal environment.

The timing matters. Vercel’s CEO has been signaling IPO readiness. A breach in this window is especially damaging because SEC rules create a collision: the IPO quiet period limits what a company can say, while the cyber disclosure rule requires reporting material incidents within four business days.

Attackers have learned to read the financial calendar. Funding rounds, M&A windows, pre-IPO periods: these are when organizations are most visible, most stretched, and most vulnerable to extortion. The same is true for the  Black Friday or other high volume period for ecommerce businesses. A threat actor posted a $2 million Bitcoin demand on a breach forum on the day of Vercel's disclosure.

This isn't just a Vercel problem. It's the entire AI-era supply chain. The tools that make vibe coding possible (Supabase, Vercel, LiteLLM, the npm ecosystem) are themselves an unaudited web of OAuth grants and third-party integrations. The attack surface isn't just the apps people build. It's the infrastructure under them.

What’s coming

Mythos didn't create a new threat. It priced an existing one differently (a zero-day used to take months and a specialized team; now it's an inference call).

Moltbook didn't invent insecure code. It showed the result of industrialized production of it.

Vercel didn't create supply-chain risk. It proved that even in the most sophisticated tech companies, it’s amazingly hard to block.

These aren't three separate stories. They're three views of the same shift: offense got cheaper, the attack surface got wider, and the infrastructure under both is unaudited. I have a feeling that the next ninety days will separate the companies that treated security as a feature from the ones that treated it as a foundation. And that the distance between those two positions is about to become very visible.