Anthropic's Cybersecurity Shock Wave + Ronan Farrow and Andrew Marantz on Their Sam Altman Investigation

1. AI has reached a cybersecurity inflection point. Anthropic's new Claude Mythos Preview model has found critical vulnerabilities — including a 27-year-old flaw in OpenBSD and an exploit in FFmpeg that had been scanned five million times — in every major operating system and browser, suggesting much of the world's software may need to be rewritten or patched.
2. A capability gap between labs and the public is reopening. For the first time since GPT-2 in 2019, an AI lab has a frontier model it is deliberately withholding from public release, creating an information asymmetry that could fuel paranoia and complicate transparency.
3. Project Glasswing is a defensive consortium, not a marketing stunt. Anthropic is giving roughly $100 million in Claude credits to a consortium including Cisco, Broadcom, Microsoft, Apple, and Amazon — even competitors — purely for defensive cybersecurity testing, which would be a terrible marketing strategy if it were one.
4. Frontier AI is essentially unregulated. A private company can now produce software capable of generating novel exploits at scale, and there is no regulatory regime overseeing model development; the previous administration's framework was repealed in the name of competitiveness.
5. Do your basic cybersecurity hygiene now. Use a password manager (Casey recommends 1Password), never reuse passwords, generate them randomly, and enable multi-factor authentication via an authenticator app on critical accounts like email and banking.
6. Sam Altman's pattern of alleged dishonesty is documented across years and sources. The New Yorker piece compiles allegations from Ilya Sutskever's memos, Dario Amodei's notes, former board members, and Microsoft executives — including one who said there is a 'small but real chance' Altman is remembered as a Madoff- or SBF-level scammer.
7. There was no written report on Altman's 2023 firing. Farrow and Marantz reveal that the outside law firm investigation following Altman's reinstatement was deliberately kept out of writing, leaving stakeholders at a nominal nonprofit with only an 800-word press release.
8. Succession at OpenAI is now openly discussed. There are periodic conversations among senior OpenAI executives about succession, with Fiji Simo previously floated as a candidate; tensions with CFO Sarah Friar over IPO readiness echo the pattern of Altman sidelining internal constraints.
9. Look up — literally. Kevin recommends following NASA's Artemis II mission, which has carried four astronauts roughly 252,756 miles from Earth; Casey recommends Acme Weather, a $25/year app from the Dark Sky team that flags lightning, beautiful sunsets, auroras, and even rainbows in your neighborhood.

Anthropic's Cybersecurity Shock Wave: Claude Mythos Preview and Project Glasswing

Kevin frames this as potentially the biggest AI story of the year. On Tuesday, Anthropic announced Project Glasswing — named for the transparent-winged glasswing butterfly — and unveiled a new model, Claude Mythos Preview, that the company says is too dangerous to release to the public. Instead, Anthropic is distributing roughly $100 million in Claude credits to a consortium of major tech and infrastructure companies, including Cisco, Broadcom, Microsoft, Apple, and Amazon, granting them access only for defensive cybersecurity work: hardening their systems before the general public — or adversaries — get hold of comparable capabilities. Notably, OpenAI and Meta are not part of the consortium.

What the model has already done

Anthropic has run Mythos internally for several weeks and claims it has discovered vulnerabilities in every major operating system and web browser. Two patched examples were highlighted: a 27-year-old security flaw in OpenBSD — an open-source operating system specifically designed to be hard to hack and used in firewalls and routers — and a critical exploit in the widely used open-source video tool FFmpeg, which Anthropic says had been scanned by automated security tools roughly five million times without anyone finding it. The implication is that an advanced reasoning and coding model can outpace decades of professional security researchers.

Why this matters for the software stack

Modern software is built on a stew of proprietary code and shared open-source libraries that have been battle-tested for years and bolted into everything from browsers to routers. If a model like Mythos can systematically surface previously unknown 'zero-day' exploits across that foundation, the entire industry faces a forced reset. Kevin says people should expect a wave of app and firmware update prompts over the coming months.

Two scenarios for the next six months

Casey relayed analysis from former Yahoo and Facebook security chief Alex Stamos, who sees two possibilities. In the optimistic case, the set of truly critical bugs is finite; defenders working hard over the next six months or so can patch the top 1% of critical infrastructure — Linux, popular open-source libraries, core networking equipment — before bad actors catch up. In the pessimistic case, the model is already capable enough to invent novel exploits indefinitely, producing an ever-expanding problem as capabilities scale toward something like superintelligence.

The long tail problem

Even in the optimistic scenario, Kevin notes a human bottleneck: there aren't enough maintainers to review every proposed fix submitted to open-source projects, and there will always be lag between patch release and adoption by, as he put it, 'the person running the router at the medium-sized business in Tulsa.' Vast amounts of older infrastructure simply won't be updated in time.

Not a marketing stunt

Both hosts argue Anthropic's withholding is not a hype play. If it were, giving away the model's defensive use to direct competitors and a government that has been actively hostile to the company would be self-defeating. The U.S. government has tried to classify Anthropic as a supply-chain risk and ordered federal agencies to stop using Claude, meaning the national security apparatus does not currently have access to a tool that can find critical exploits in every major piece of software in the world.

The Iran example

Casey grounded the stakes in the present: the U.S. is at war with Iran, and Wired reported this week that Iranian hackers have already successfully compromised parts of American water and energy infrastructure — without anything like a Mythos-grade model. The risk if such tools fell into adversaries' hands is therefore not abstract.

The capability gap returns

Kevin observes that since GPT-2 in 2019 — when OpenAI (then including future Anthropic founders) held back the model out of misinformation fears — there has been roughly no gap between what labs have internally and what the public can use. Mythos reopens that gap. Kevin finds this tenuous and worries it may be permanent; Casey notes it's consistent with Anthropic's founding thesis that building at the frontier is the only way to steer the frontier, even though that thesis requires building the dangerous thing in the first place.

The regulatory vacuum

Casey emphasizes that model development of this scale and seriousness remains essentially unregulated in the U.S., with the previous administration's framework thrown out by the current one over competitiveness concerns. A private company is now sitting on what it claims is a near-universal exploit generator, and there is no formal oversight.

Practical security advice for listeners

Casey's guidance: defenders have some runway, so wait and see, but lock down the basics. Use a password manager (he uses 1Password), never reuse passwords, generate them randomly rather than using pet names, and enable multi-factor authentication via an authenticator app on critical accounts. Kevin jokes that he plans to selectively pre-leak embarrassing facts about himself to get ahead of any breach — disclosing, for the record, that he used to like the Black Eyed Peas.

Hard Fork Live 2 Announcement

The hosts announced the second installment of Hard Fork Live on June 10 in San Francisco at the Blue Shield of California Theater — a larger venue than last year. Tickets go on sale Friday, April 17 at nytimes.com/events. Kevin floated 'Too Hard, Too Fork' as a title and was overruled.

Ronan Farrow and Andrew Marantz on Their New Yorker Profile of Sam Altman

The 16,000-word New Yorker piece, 'Can Sam Altman Be Trusted?', is a forensic accumulation of accounts from people across Sam Altman's orbit. Farrow stresses the piece is deliberately even — his own mother told him after reading it that she 'kind of liked' Altman — but argues that even against Silicon Valley's baseline culture of founder hype, the preponderance of close, long-term associates alleging that Altman lies about things big and small is extraordinary.

Why the green sweater matters (and doesn't)

Marantz cites the small detail of Altman telling them he wears a gray sweater every day to avoid decision fatigue, then showing up for the next interview in a green one. The hosts and writers agreed it would be wrong to treat that as a smoking gun; the point of the piece is precisely that there is no single gotcha. The case made by Altman's critics — including the memos compiled in the lead-up to his November 2023 firing — only coheres when laid out as a long narrative rather than a bullet list.

Filtering for competitive smears

Farrow and Marantz worked hard to separate evidence-based critique from the active smear campaign Altman is the target of, particularly from Elon Musk's camp. They report that Musk intermediaries are circulating 'pretty spicy and pretty unsubstantiated' material in Silicon Valley, some of which they document as inflated or untrue. Casey called this one of the most important aspects of the piece: while damning overall, it acknowledges that Altman is also genuinely being smeared.

What's new in the reporting

Marantz says the piece puts to rest several long-standing claims. Altman and Paul Graham have always said Altman left Y Combinator voluntarily, but the reporting suggests he was effectively pushed out. Altman has framed Gulf fundraising as routine, but the reporting indicates his ties to Emirati and Saudi royals are deeper than previously known. Farrow adds that the contents of Ilya Sutskever's memos and Dario Amodei's notes are documented in detail, with more sources now on the record.

The phantom law firm report

Farrow's most striking new finding: as a condition of removing the directors who tried to fire him, Altman agreed to an outside law firm investigation meant to restore legitimacy. There never was a written report. Instead, an 800-word press release vaguely cited a 'breakdown in trust.' One of the two board members Altman helped select to oversee the process now says explicitly that 'a written report was not needed.' Legal experts told them keeping such inquiries out of writing — particularly at what was structured as a 501(c)(3) — is a red flag.

On-the-record critics and shifting opinion

Kevin highlighted the unusual willingness of insiders to go on record. A Microsoft executive is quoted saying there's a 'small but real chance' Altman is remembered as a Bernie Madoff or Sam Bankman-Fried-level scammer. An unnamed board member describes him as 'unconstrained by truth' with 'an almost sociopathic lack of concern for the consequences' of deceiving people. Farrow notes that a class of pragmatic Silicon Valley investors who gave Altman the benefit of the doubt at the time of the firing — partly because there was so little public information — now say they wouldn't have, knowing what they know.

Counterpoint: Sam still has real believers

Kevin pushed back on the idea that everyone now sees Altman the same way, noting that thoughtful, discerning people inside and outside OpenAI continue to defend him, often privately. Marantz conceded there were legitimate on-the-record defenders, but argued the question is what baseline you start from: if you measure Altman against the original pitch of OpenAI — a nonprofit, safety-focused research lab that would aggressively comply with regulation — the defense that 'all founders shade the truth' becomes much harder to sustain.

Does the person running the lab even matter?

Asked why character matters when the technology itself is what could blow up the world, Farrow gave two answers. First, OpenAI itself answered this question at its founding by warning against an 'AGI dictatorship' — they explicitly argued the integrity of the person who gets there first is pivotal. Second, and more importantly, the absence of regulatory structures around these figures means we are ceding decisions of existential consequence to individual whims and inter-company mud fights. Marantz added that the very fact we are seriously discussing 'AGI dictators' at all is insane — and yet the founders themselves clearly see the race that way.

OpenAI's expanding press footprint

Marantz noted that the day after the piece closed, OpenAI announced an acquisition of TBPN, the prominent tech chat show — one of several announcements clustered around the New Yorker's publication window, including a new safety fellowship and a new governance plan that Farrow characterized as 'airy' and seemingly designed to occupy conversational space on the same topics as the article.

Constraints, sidelined

A former colleague is quoted in the piece describing Altman's pattern: set up elaborate guardrails, then skillfully navigate around them. Casey connected this to a fresh story in The Information about tensions between Altman and CFO Sarah Friar, who has reportedly expressed doubts about a 2026 IPO and has been excluded from key financial meetings. Farrow added that succession at OpenAI is now openly discussed, with Fiji Simo previously floated as a potential first successor candidate — although Simo has since gone on medical leave amid broader reshuffling.

Can OpenAI exist without Sam?

When Altman was fired in 2023, the prevailing view was that the company couldn't function without him. Marantz argues that's no longer obviously true: at the scale OpenAI has reached, it has become possible to imagine a Steve Jobs-to-Tim Cook style transition. Casey noted that Altman has hired an unusual number of former public-company CEOs — from Instacart, Nextdoor, and Slack — bringing 'sharp and pointy elbows' into the room. Farrow contrasted this with earlier in Altman's career, when one former board member said he had deliberately stacked the board with 'JV people' unprepared for ruthless corporate warfare.

The Uber crash

Kevin asked about a deadpan detail in the piece: before Altman and Amodei's first scheduled dinner at an Indian restaurant in 2015, Altman texted that his Uber had been in a crash and he'd be 10 minutes late. Farrow and Marantz declined to editorialize, saying they liked presenting the anecdote 'uninflected.' Kevin made a half-joking appeal for the Uber driver in question to email the show.

One Good Thing(s)

The hosts noted that the segment now usually contains two things and they should probably rename it.

Kevin: NASA's Artemis II mission

Kevin says he has been obsessively following Artemis II, which has carried four astronauts — Victor, Christina, Jeremy, and Reid — approximately 252,756 miles from Earth, farther than any humans have gone before. He learned new astronomical concepts including the 'corona structure' and the 'terminator line' (the boundary between the lit and unlit sides of the moon), and that the proper term is 'far side' rather than 'dark side' of the moon. He calls the astronauts his new Mount Rushmore, says the mission has reignited his faith in humanity, and argues we should go to the moon every year. Casey shared a stat that the New York Times offered for scale: the distance traveled would require a chain of about 2.37 billion Nathan's Famous hot dogs.

Casey: Acme Weather

Casey recommends Acme Weather, a new iOS app from Adam Grossman, Josh Reyes, and Dan Bruton — the team behind the beloved Dark Sky, which Apple acquired in 2020 and shut down in 2022. Acme Weather costs $25/year and is differentiated by, among other things, showing a range of possible forecasts on a line chart rather than a single number (a 'Bayesian' weather app, Kevin quipped), push notifications for predicted lightning in your neighborhood, alerts for beautiful sunsets, umbrella reminders, sunscreen alerts for high UV, possible aurora borealis sightings, and — Casey's favorite — community-submitted rainbow alerts inspired by Waze. An Android version is reportedly coming later.

Farewell to Jen Poyant

The hosts closed the episode by saying goodbye to their long-serving executive producer Jen Poyant, who is leaving the New York Times for a new adventure. Both Kevin and Casey thanked her as a friend and mentor and a critical force in shaping the show since nearly its beginning.