Anthropic shipped the most capable model it has ever built — and immediately decided the world was not ready for it. In the same month, a packaging mistake gave the internet 512,000 lines of internal source code, and a new product erased $7 billion from Figma’s market cap in a single session. These three events are not coincidences. They are signals about where the capability frontier is moving and how fast enterprise exposure is growing.

The model that will not ship — and why that decision matters

Claude Mythos Preview spent several weeks autonomously scanning every major operating system and browser for zero-day vulnerabilities. It found thousands — many previously unknown to the software’s own developers. One finding stands out: the model fully autonomously identified and exploited a 17-year-old remote code execution vulnerability in FreeBSD, gaining root from an unauthenticated position anywhere on the internet, with no human involvement after the initial request.

Anthropic’s response was to not release the model. Instead, they built a controlled access program called Project Glasswing, bringing AWS, Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, NVIDIA, and over 40 critical infrastructure operators into a structured early-access channel — committing $100 million in model credits and $4 million to open-source security organizations.

This is the pattern I have seen emerge in enterprise AI governance conversations over the past twelve months: the governance question is no longer whether your organization is ready to use AI, but whether your organization is ready for AI capabilities that operate without supervision. Mythos-class models doing autonomous security research are not a 2030 scenario. They are a 2026 deployment decision made by one company on behalf of the rest of the internet. Every enterprise security team now needs a position on what happens when equivalent capabilities are no longer restricted to controlled channels. OpenAI announced a similarly scoped cybersecurity rollout one week after Glasswing — this is an industry direction, not an isolated choice.

Anthropic plans to use Mythos to refine safety controls before the upcoming Claude Opus model reaches general availability. That sequencing — capability first, control refinement second, broad release third — is the responsible AI framework in practice, not in documentation.

Read more: Anthropic — Project Glasswing | Anthropic — technical blog

The source code leak that revealed the agentic roadmap

On March 31, a routine npm packaging error shipped the full Claude Code source — 512,000 lines across 1,906 TypeScript files — to the public. Within hours, tens of thousands of copies were circulating on GitHub. The leak has three distinct implications, each requiring a different response.

The first is the product preview. Analysts found a fully built but unreleased autonomous agent mode called KAIROS — Claude Code taking action without user prompting, on a continuous heartbeat cycle — pointing toward always-on background agent behavior as a near-term product direction. “Undercover mode” was also discovered: instructions for Anthropic employees contributing to public open-source repositories to avoid revealing they are AI agents and to omit AI attribution from commit messages entirely.

The second is the active security threat. Threat actors have already seeded trojanized forks with backdoors and data exfiltrators. Any team using Claude Code should verify every installation against Anthropic’s official channels and treat any GitHub repository claiming to contain “leaked Claude Code” as a supply chain attack vector.

The third is the build pipeline hygiene lesson. Anthropic confirmed this was human error in release packaging, not a security breach. The immediate operational takeaway for any team shipping developer tooling: treat .npmignore as a security boundary, not a packaging convenience. The distinction between “what should not go into the package” and “what should not be public” is the same distinction — and it needs to be enforced at build time, not discovered after the fact.

Read more: Ars Technica | VentureBeat | The Hacker News

Anthropic enters the $60B design software market

Claude Design launched on April 17 in research preview for Pro, Max, Team, and Enterprise subscribers — a tool for collaborative visual work including designs, prototypes, slides, and one-pagers, powered by Claude Opus 4.7. On launch day, Figma’s stock fell 7.28%. Adobe shares also dropped. Anthropic’s Chief Product Officer Mike Krieger had quietly resigned from Figma’s board three days earlier — on April 14 — a signal the market missed in real time.

The strategic pattern here is deliberate. Claude Code went from research preview to a product generating over a billion dollars in annualized contribution in six months. MCP — the Model Context Protocol — reached 100 million monthly downloads and became the industry standard for connecting AI to external tools and data. Claude Design is the next output from the same product pipeline. The design-to-code loop now closes entirely inside Anthropic’s own toolchain: Claude Design reads your codebase and design files during onboarding, builds a team-specific design system, and hands off to Claude Code with a single instruction.

For enterprise software buyers, the vendor concentration question has shifted. The relevant question is no longer “which AI provider should we use” but “how much of our workflow are we comfortable consolidating inside a single vendor’s stack.” Anthropic now captures 37% of all trackable business spending on generative AI software, ahead of OpenAI’s 33%. The product cadence is now clearly part of an IPO narrative — the company is in early discussions with Goldman Sachs, JPMorgan, and Morgan Stanley about a listing as early as October 2026. Organizations reviewing their enterprise software strategy should factor in that Anthropic’s market position six months from now will likely be substantially different from today.

Read more: Anthropic — Claude Design

The human bottleneck nobody is benchmarking

As organizations scale multi-agent development workflows, a bottleneck is emerging that no vendor roadmap addresses: human cognitive bandwidth. The pattern is consistent. A developer starts with two parallel agent threads. Adds a third. A fourth. By noon, nothing is being reviewed carefully — but it feels like productivity. That feeling is the problem.

The agent does the generating. You still do all the evaluating, deciding, trusting, and integrating — and those tasks run on a single thread on your side of the loop. Addy Osmani at Google Cloud AI now frames this as a measurable skills gap the industry has not yet named properly. What scales is not your throughput of understanding — it is your throughput of supervision.

In enterprise agentic deployments, the most dangerous failure mode I consistently see is not the model doing something wrong — it is the human operator approving something without actually reading it. The control that matters most is brief quality: a vague specification creates constant re-engagement mid-flight, a crisp brief with clear acceptance criteria makes each agent thread nearly self-contained. The implication for technology leaders is direct. Engineering teams adopting agentic workflows need new operating norms around session design, parallel thread limits, and review cadence — not just access to more powerful models. The skills that make a strong technical lead translate directly here. Engineers who have avoided management work will feel this shift most acutely.

Read more: Addy Osmani — cognitive load and parallel agents

Worth watching

NVIDIA Ising: the open-model playbook moves into quantum computing. The NVIDIA Ising model family delivers up to 2.5x faster and 3x more accurate quantum error correction decoding, while reducing processor setup time from days to hours. Early adopters include Fermi National Accelerator Laboratory, Harvard SEAS, and Lawrence Berkeley National Laboratory. The models are open-source and integrate into the CUDA-Q stack — the same infrastructure play NVIDIA ran with CUDA for classical GPU computing two decades ago. Near-term enterprise relevance remains narrow: Ising solves calibration and error correction, not business applications directly. Organizations with R&D exposure to quantum should establish vendor relationships now. The competitive advantage in five years will come from early familiarity with the calibration layer, not late-stage hardware procurement. Read more: NVIDIA newsroom

This month’s pattern is consistent: the frontier is moving faster than governance frameworks, vendor consolidation is accelerating, and the human review bottleneck is becoming the limiting factor — not model capability.

What does that gap look like in your organization right now?

Check it:

AI Governance is no longer optional (Mar 10, 2026) AI’s Platform Reset: Three January Signals That Will Define the Next 12 Months (Jan 27, 2026) AI Agents Are Already Running Your Code — and Occasionally Deleting Your Email | Week of 24 February 2026 Your Agent Has Admin Access. Nobody Asked For That. (Jan 14, 2026)