The week’s two clearest AI security stories are mirror images of each other.
Project Glasswing — Anthropic’s program to hunt critical software vulnerabilities before hostile actors can exploit them — is expanding to 150 more organizations, including operators of industrial control systems and critical infrastructure. The numbers already on the board are striking: Claude Mythos has found more than 10,000 high- or critical-severity vulnerabilities across widely-used software, scanned over 1,000 open-source projects, and produced working exploits on the first try in 83% of cases it attempted. Among the finds: a 27-year-old zero-day in OpenBSD, a system that has spent three decades marketing itself as the most security-hardened general-purpose OS in common use.
Meanwhile, Google filed a lawsuit against the “Outsider Enterprise,” a China-based phishing-as-a-service ring that built its campaign tooling partly around Gemini. For $88 a week — or $200 a month for the committed — criminal affiliates got ready-made phishing pages with Gemini-generated custom code, campaign management, and a Telegram support channel. Between November 2025 and April 2026, the network generated over 9,000 fake websites and 1.59 million fraudulent URLs. In a two-week window this spring alone: 2.5 million smishing texts to Android users in the U.S.
Both stories rest on the same underlying fact: frontier language models are very good at writing and understanding code, including malicious code. Which side gets there first, and with what guardrails, is a deployment question, not a technical one. Glasswing is a bet that defenders can be made faster. The Outsider Enterprise is what happens when the market delivers that capability without any.
Claude Fable 5
The model powering Glasswing’s defensive work reached the public on June 9 in a constrained form. Anthropic released Claude Fable 5 alongside Mythos 5 as two products split not by capability but by a safety classifier layer. Fable 5 routes flagged requests in cyberoffense, biology, and chemistry to the weaker Opus 4.8; Mythos 5 keeps those paths live for vetted security researchers and government users.
Simon Willison spent two days with Fable 5 and called it “relentlessly proactive”: tasked with inspecting a CSS scrollbar bug, it wrote its own pyobjc code to enumerate Safari windows, took macOS screenshots, injected JavaScript into the app’s templates, and — while Willison stepped away from his desk — opened Firefox and then Safari on its own. The model benchmarks more than 10% above Opus 4.8 on most evaluations, comes with a 1 million token context window, and is free for Pro and Max subscribers through June 22, after which pricing goes to $10/$50 per million tokens in/out.
Open weights close the gap
MiniMax M3 arrived June 1 with a pointed claim: the first open-weight model to combine frontier-grade coding, a 1-million-token context window, and native multimodal input in a single downloadable package. Its 59.0% score on SWE-Bench Pro — above GPT-5.5 and Gemini 3.1 Pro on the same benchmark — is vendor-reported and awaits independent replication. Still: API pricing at $0.30/$1.20 per million tokens at launch, with weights scheduled to drop within 10 days.
The pattern in 2026 is consistent. The gap between the proprietary frontier and the best open-weight models closes another notch every few weeks. A 59% SWE-Bench Pro score would have been remarkable from any lab six months ago. Today it’s a Wednesday release from a Chinese team most Western developers hadn’t heard of last year.