Meta Uses Employees to Train AI That Will Replace Them

**TOP NEWS HEADLINES** Following yesterday's coverage of Meta's employee tracking program, new details emerged: the surveillance feeds a specific "Model Capability Initiative," coinciding with planned layoffs of around 10 percent — meaning employees are effectively being used to teach systems how to replace them, with no opt-out available. Anthropic's Mythos cybersecurity model — deemed too dangerous for public release — has reportedly been accessed by an unauthorized Discord group, who used naming conventions leaked in a separate data breach plus a borrowed contractor login to slip past Anthropic's defenses. Not exactly a confidence-inspiring start for AI safety. OpenAI launched Workspace Agents in ChatGPT: five Codex-powered templates that integrate directly with Slack, Salesforce, and more — essentially a grown-up, enterprise-grade successor to the GPT Store that never quite found its footing. GPT-5.5, nicknamed "Spud," just dropped, hitting 82.7 percent on Terminal-Bench 2.0 and claiming state-of-the-art performance on real-world knowledge work across 44 occupations — though at $30 to $180 per million tokens, it's priced for serious enterprise buyers, not casual users. Google unveiled its eighth-generation TPUs at Cloud Next — two distinct chips for the first time, one optimized for training, one for inference — a direct move to reduce dependence on Nvidia and own the full AI compute stack. And Sony's Ace robot just beat professional ping-pong players under full Olympic rules, using nine cameras and reinforcement learning trained entirely in simulation, with a reaction time thirty times faster than a human blink. --- **DEEP DIVE ANALYSIS** **The Mythos Leak: What Happens When AI Gets Too Powerful to Contain** Let's talk about the story that should make every AI safety researcher lose sleep tonight. Anthropic built what they called the most dangerous model they've ever released — a cybersecurity AI named Mythos, capable of advanced attack simulation. They released it on April 10th, exclusively to vetted partners under something called Project Glasswing. They said it was too powerful for public release. Two weeks later, a random Discord group was using it daily. This is worth sitting with. The first unauthorized access to one of the most restricted AI systems ever built didn't come from a nation-state. It didn't come from sophisticated hackers. It came from hobbyists who guessed a URL, cross-referenced naming conventions leaked in an unrelated data breach at recruiting platform Mercor, and used a borrowed contractor login. That's it. That's the security perimeter that stood between a powerful cyberattack-simulation AI and the open internet. **Technical Deep Dive** Mythos sits in a category that barely existed two years ago: AI systems with genuine offensive cybersecurity capability. We're not talking about a chatbot that can explain SQL injection. We're talking about a model capable of sophisticated attack simulation — the kind of capability that, in the wrong hands, could be used to probe infrastructure, identify zero-days, or accelerate exploit development. Anthropic's deployment model for Mythos relied on access control through obscurity and credentialing — a third-party vendor network under Project Glasswing. The vulnerability wasn't in the model itself. It was in the assumption that URL structure and naming conventions could stay secret when contractor credentials are floating around and data breaches are a near-weekly occurrence in the tech industry. The MythosWatch ledger — a public tracker showing 51-plus governments, regulators, and banks with authorized access — actually tells you something critical: the attack surface for credential compromise grows with every new authorized partner added to that list. More access points equals more exposure. The architecture of controlled AI deployment is fundamentally at odds with the scale at which these companies want to operate. **Financial Analysis** The financial stakes here are significant and cut in multiple directions. Anthropic just hit a private secondary market valuation approaching one trillion dollars — driven by investor confidence in its product direction, its Claude Code traction, and its reputation for safety-first development. That reputation is now taking a hit it can't afford. Microsoft is integrating Mythos into its security development process. Fifty-one governments and major banks are authorized users. These are enterprise relationships built on trust and compliance guarantees. A leak of this nature — even one where the Discord group claims no malicious intent — creates immediate liability questions. What happens if the next group that finds the access point isn't so forthcoming about their intentions? Insurance, indemnification clauses, and government contract renewals all become conversations that Anthropic's sales and legal teams now have to navigate. There's also the competitive angle. OpenAI, Google, and Meta are all watching this closely. Anthropic has positioned safety as its core differentiator. If that positioning cracks, the premium valuation that's pricing it ahead of OpenAI in recent deal momentum becomes very hard to justify. **Market Disruption** The Mythos incident crystallizes a tension that's been building across the entire industry: the gap between how fast AI capability is advancing and how slowly security infrastructure is catching up. We're in a moment where AI labs are routinely building systems they themselves acknowledge are too powerful for general release — and then trying to control that power through partner networks, credentialing, and deployment restrictions that were designed for a much slower threat environment. The competitive disruption here isn't just about Anthropic. Every major lab with a restricted model program — and that's all of them at the frontier level — is now being asked the same question: if Anthropic's Project Glasswing couldn't hold for two weeks, what's protecting yours? Expect to see rapid investment in AI access control as a standalone product category. Companies like Brex, whose open-source CrabTrap proxy inspects every outbound agent request before it hits an external API, are suddenly looking very well-positioned. The infrastructure layer between powerful AI and the real world is about to become extremely valuable. **Cultural and Social Impact** Here's the cultural reality check: the Discord group that accessed Mythos almost certainly isn't unique. They're just the ones Bloomberg found. The broader implication is that we've entered an era where the distance between "restricted dangerous AI" and "available to motivated hobbyists" may be measured in weeks, not years. That changes the social contract around AI development significantly. When companies say a model is "too dangerous to release," we've been implicitly trusting that the danger is actually contained. The Mythos leak suggests that trust needs independent verification. The White House called emergency meetings over this model. Foreign governments were briefed. And the actual security posture was: hope nobody guesses the URL. This is also a story about how quickly the public is losing patience with the gap between AI safety rhetoric and operational reality. Gergely Orosz's "fake-door test" critique of Anthropic's pricing experiment this week taps the same vein — a company that pitches safety and integrity as core values is being held to a very high standard of consistency, and right now it's failing that test in multiple places simultaneously. **Executive Action Plan** If you're leading an organization that either deploys restricted AI systems or relies on them, here's what this week demands. First, audit your vendor credential surface immediately. The Mythos breach didn't require sophisticated hacking — it required a leaked credential from a third-party contractor. Map every point where your AI access controls depend on a human not losing their login information. Treat those as active vulnerabilities, not theoretical risks, and implement hardware-key or device-bound authentication for any system you consider sensitive. Second, assume your naming conventions and URL structures are not secret. Security through obscurity failed Anthropic in days. If your deployment architecture relies on adversaries not guessing where your systems live, rebuild it around the assumption they already know. Zero-trust architecture for AI API access — where every request is authenticated and logged regardless of source — should be the baseline, not the premium option. Third, and this is the strategic play: use this moment to get ahead of regulatory scrutiny. Governments with authorized Mythos access are now asking hard questions about AI containment. If you operate in regulated industries — finance, healthcare, defense — proactively brief your compliance and government relations teams on your AI access control posture before a regulator asks. The companies that come to that conversation with documentation and a clear architecture will have a very different experience than the ones who get caught flatfooted. The era of assuming AI safety is someone else's problem is over.