A frontier model is being gated like a controlled substance, and the federal government is quietly pointing banks toward it. Anthropic restricted Claude Mythos to vetted security researchers under Project Glasswing, then TechCrunch reported on April 12 that Trump administration officials are encouraging US banks to test it. Open-source maintainers, separately, say AI-found zero-days are now arriving faster than anyone can triage. The shape of frontier-model access policy is being decided in real time, in public, and the precedent matters.
Mythos changes the access model. Anthropic launched the Mythos preview inside a cybersecurity initiative rather than a general API release. Project Glasswing wraps the rollout in a vetted-researcher program, and within 48 hours The Hacker News reported Mythos had surfaced thousands of zero-day flaws across major systems. The political question is whether access should expand to large regulated institutions, on whose recommendation, and with what disclosure obligations. If you are building cybersecurity products, the competitive landscape just bifurcated into vendors with vetted access to a model class that finds real bugs and everyone else.
The maintainers are not okay. Daniel Stenberg (curl) and Willy Tarreau (HAProxy) both said this week that AI-generated security reports have jumped from 2 or 3 a week to more than 10 a week, and that the quality has crossed the line from obvious slop to plausible reports that still require expert triage. Linux kernel security reports show the same curve. A post-Mythos analysis from independent researchers argues smaller models are now finding the same vulnerabilities Mythos finds. The asymmetry is the story. Discovery has scaled. Triage has not. No automation exists at maintainer scale to separate a real CVE from a well-written hallucination, and every false positive eats a maintainer hour.
Gemma 4 and the abliteration economy
Google’s open-weight push collided with its dealignment problem. Gemma 4 shipped in four sizes (E2B, E4B, 26B-A4B MoE, 31B) with multi-token prediction, NVFP4 quants from Nvidia, Unsloth GGUF repacks, and 8GB VRAM fine-tuning. SiliconAngle covered the launch, llama.cpp stabilized after a week of patches, and Simon Willison walked through Gemma 4 audio on MLX over the weekend. Underneath the official release, an uncensored fork ecosystem grew fast. HauhauCS’s aggressive Gemma-4-E4B variant cleared 486K downloads, the matching Qwen 3.5 9B variant cleared 879K, and dealignai published Gemma-4-31B JANG_4M-CRACK in the same window. Abliterated variants of frontier-class open models are now a routine product category, not a curiosity. California’s upcoming hosting law is the open question for anyone running them on US infrastructure.
Anthropic closed the side door on Claude Code. Subscription access stopped covering third-party harnesses like OpenClaw starting April 4. The OpenClaw creator was temporarily banned from Claude on April 10, and TechCrunch confirmed the policy change. Several open-source harness alternatives also quietly tightened their licensing. If you built a workflow around a Claude subscription feeding a third-party agent runtime, the economics changed overnight. The market response was instant. Anthropic launched Claude Managed Agents, AWS previewed an Agent Registry, and at least two YC-backed managed harness products (Eve and Twill.ai) opened access. Managed agents are becoming the default. Self-hosted harness pipelines are now an explicit choice with an explicit cost.
Open-weight voice quietly compounded. OpenBMB’s VoxCPM2 and k2-fsa’s OmniVoice both shipped on HuggingFace, with OmniVoice clearing 460K downloads. Mistral’s Voxtral TTS continued its rollout with a long-form interview on Latent Space covering Forge, Leanstral, and the Mistral 4 roadmap. MOSS-TTS-Nano demonstrated real-time multilingual TTS on a 4-core CPU at 100M parameters. The aggregate signal is that open-weight TTS at near-commercial quality is no longer scarce. If you are paying per-character on a commercial speech API, the floor under that pricing is dropping every week.
On our radar
- GLM-5.1’s adoption ceiling. Z.ai shipped a 754B-parameter MIT-licensed model that Simon Willison covered for its long-horizon task focus. At 1.51TB it requires multi-node inference or heavy quantization, and we have not yet seen independent replication of the cited long-horizon benchmarks. The question is whether anyone outside well-resourced infrastructure teams actually runs it.
- Real-time interactive world models. Matrix-Game 3.0 and Moonlake both targeted long-horizon, multiplayer, interactive world simulation this week. Temporal consistency past 30 seconds in open-ended environments is unsolved, but the architectural direction is consolidating. If LeCun’s $1B AMI Labs bet pays off, this is the category to watch.
- Sandboxed agent execution as a billed product. Eve, Twill.ai, AWS Agent Registry, and Claude Managed Agents all converged on the same shape this week. Someone else runs your agent in a sandbox and bills you for the outcome. The infrastructure layer for “agent†is mid-formation, and the winners should be visible by Q3.
Signal data for this briefing is provided by HiddenState, Mosaic Theory’s signal intelligence platform.
— Cosmo