The Board Room
Anthropic's Mythos became the first AI model to autonomously achieve full network
In the same week, TrustedSec showed AI collapsing EDR reverse engineering from weeks to days across all five major commercial products. The adversary most defensive architectures were priced against needed human researchers and quarterly timelines, and that adversary is being replaced by one that runs at model speed.
AI Cyber Offense Crosses Full-Takeover Threshold
Mythos cleared both AISI hardest attack ranges (first model ever). GPT-5.5-cyber cleared one. EDR reverse engineering collapsed to days. PraisonAI was weaponized in 4 hours from disclosure. NSA gets Mythos access over CISA — offensive use is the government priority.
Anthropic's 80x Demand Spike Restructures AI Market
Anthropic grew 80x against a planned 10x, hitting $30B+ ARR. xAI capitulated and leased 220,000 GPUs (45% of Colossus 1) to fund operations. ServiceNow blew its full-year Anthropic budget by May. Valuation now $900B-$950B, above OpenAI's $854B.
Agent Execution Layer War: SAP vs ServiceNow vs Apple
SAP (Knowledge Graph + €100M fund) and ServiceNow (MCP-based Action Fabric) are making incompatible bets on who owns the agent execution layer. Apple is positioning to gate all agent distribution on iOS. Vercel confirms 59% of AI tokens are now agentic workloads.
AI Infrastructure IPOs Validate Constraint-Layer Premium
Cerebras debuted at $56B fully diluted ($41.7B market cap, 70% first-day pop) on a $20B OpenAI commitment. Fervo Energy IPO'd at $10B+ with 33% pop on AI datacenter demand. Google's 3GW Fervo option = 60+ data centers from one supplier. Nebius growing 684% with 4:1 demand-to-supply.
AI Liability Regime Being Drafted — Window to Influence Is Quarters
a16z published the industry's most comprehensive liability blueprint (user-liability defaults, damages caps). ODNI and Commerce are fighting over who evaluates AI models pre-release. Active litigation could impose punitive precedents before any legislation passes. Open-source AI faces existential risk under developer-liability regimes.
AI Cyber Offense Hit a Discontinuity — Your Security Architecture Just Became the Threat Model
The Capability Step-Change
The right way to read this week's results is not as another incremental gain in AI-assisted hacking. It is a category change. Anthropic's Mythos became the first AI model to clear both of the UK AI Security Institute's hardest simulated attack ranges, achieving full autonomous network takeover rather than persistence or lateral movement. OpenAI's GPT-5.5-cyber cleared one of the two. Both models are outperforming a trend line in which AI cyber task completion was already doubling every few months.
The security posture calibrated to adversaries from twelve months ago is already wrong, and will be wrong again twelve months from now.
Three Converging Attack Surfaces
TrustedSec ran LLMs against five commercial EDR products and found all five share identical architectural patterns: YARA rules, behavioral logic, allowlists, Lua scripting engines readable after a single decryption pass. Work that took skilled reversers weeks now takes days. The endpoint detection category was running on obscurity, and AI made that obscurity transparent to an order of magnitude more attackers.
The exploitation window has compressed to 4 hours. PraisonAI was weaponized the same day it was disclosed. Microsoft's MDASH system found 16 exploitable flaws in a single Patch Tuesday using multi-model analysis. Mozilla found 271 real bugs in Firefox using Anthropic models with custom harnesses. The defenders' patch cycle has not moved. The attackers' cycle just accelerated by 10x.
The Government Signal
Congress is holding closed-door demos of Mythos and routing access through NSA rather than CISA. That tells you which mission is being prioritized: offensive intelligence, not civilian defense. A reasonable skeptic would note that interagency turf has always looked like this. The reasonable skeptic is correct. What the skeptic does not explain is why the same hearings double as the leading edge of a multi-year federal buying cycle for AI cyber capability. The private sector is on its own for the next several years.
AI Infrastructure Is Now an Active Target
CISA added LiteLLM, Ollama, and OpenClaw to the Known Exploited Vulnerabilities catalog in the same window. A single honeypot disguised as an AI stack absorbed 113,000 attacks per month, with tooling that evolved mid-experiment to detect and evade the researchers. That is not opportunistic scanning. That is staffed operations targeting AI infrastructure specifically.
What This Forces
Security architecture built around quarterly patching, annual pen tests, and the assumption that weaponization was the slow step is architecture built on a false premise. The slow step is now your patch cycle, not the adversary's exploit development. Identity, network telemetry, and behavioral analytics above the endpoint are the compensating controls that matter over the next eighteen months. The board-deck version of this is that AI raised the cyber threat level. The complete version is that the patch cycle, not the exploit, is now the binding constraint.
AI autonomous cyber offense just crossed the full-network-takeover threshold — Anthropic's Mythos cleared both of the UK's hardest simulated attack ranges while EDR reverse engineering collapsed from weeks to days — at the exact moment Anthropic hit $30B ARR on 80x unplanned demand, xAI capitulated by leasing 220,000 GPUs to a competitor it called 'evil,' and both SAP and ServiceNow claimed the agent execution layer in the same week. The security posture, vendor strategy, and platform architecture most organizations built in 2024 are now three assumptions behind reality, and the remediation cost compounds with every quarter of deferral.