Rachel Metz, reporting for Bloomberg:

A small group of unauthorized users have accessed Anthropic PBC’s new Mythos AI model, a technology that the company says is so powerful it can enable dangerous cyberattacks, according to a person familiar with the matter and documentation viewed by Bloomberg News.

A handful of users in a private online forum gained access to Mythos on the same day that Anthropic first announced a plan to release the model to a limited number of companies for testing purposes, said the person, who asked not to be named for fear of reprisal. The group has been using Mythos regularly since then, though not for cybersecurity purposes, said the person, who corroborated the account with screenshots and a live demonstration of the model.

Jess Weatherbed, at The Verge (gift link):

The model was reportedly accessed illicitly on April 7th, the same day that Anthropic announced it was releasing Mythos to a limited number of companies for testing. The group that gained the unauthorized access has not been publicly identified, though Bloomberg reports that its members are part of a Discord channel that seeks out information about unreleased AI models. [...] Other unreleased Anthropic AI models have also been accessed by the group, according to Bloomberg.

So on the one hand, Anthropic itself is the one describing Mythos as a dangerous national security threat. On the other hand, their own security is so sloppy that rando hooligans on Discord have had access to Mythos since the day it was announced, and regularly access other unreleased Claude models. This, just weeks after Anthropic screwed up and accidentally exposed the entire source code to Claude Code.

If Mythos is as dangerous as Anthropic (including CEO Dario Amodei) claims, this is a colossal screw up. If a Discord group of AI enthusiasts has unauthorized access, why should we not assume that Chinese, Russian, North Korean, and Iranian intelligence agencies do too? And if this is no big deal, then Anthropic (and Amodei) are full of shit about how dangerous Mythos is. One way or the other it looks like a total clown show over there.

Max Seelemann: There are only three ways to create a concurrently running operation from the standard library, Task being the first. The other two are async let and TaskGroups — which happen to be the structured ones. […] In my words, it’s a direct, inescapable dependency relationship. You can always start a task and forget […]

Glenn Fleishman: Note that this remains an iPhone-only feature, even though an iPad could be exploited the same way. I have to infer either that Apple has had almost no reports of exploitation via iPad passcode theft, or that they are balancing the needs of the average iPad user who is out and about with […]

Brent Simmons: The big new changes are to iCloud syncing: there’s a new setting to not sync the content of unread articles, since that’s the biggest part of your iCloud database and what takes the longest to sync. NetNewsWire: We’ve added a new weekly background iCloud storage cleanup. This happens automatically, but there’s also a […]

Juli Clover (release notes, security, no enterprise, no developer): According to Apple’s release notes, the software updates contain unspecified bug fixes and security updates. Apple also released iOS 18.7.8 for older iPhones that are not updated to iOS 26. Juli Clover (Hacker News): A flaw with notification services allowed notifications that were supposed to be […]