RSS

GLM-5.2, not Mythos, is the real security emergency

speckx1 pts0 comments

GLM-5.2, not Mythos, is the real security emergency

Joshua Saxe

SubscribeSign in

GLM-5.2, not Mythos, is the real security emergency

Joshua Saxe<br>Jun 23, 2026

35

Share

Until last week, attackers faced a dilemma in using frontier models: even if they could manage the cat-and-mouse game of setting up fake accounts to retain API access to frontier model providers, and even if they could induce models to help them hack via creative prompting, their usage was logged, so if discovered after the fact, their tactics, techniques, procedures, goals, and targets would be exposed to defenders.<br>The cost of using frontier models, in other words, was the cost of hiding in a panopticon, and the risk that one’s intentions and secrets would be revealed after the fact. That dilemma seems to have been costly enough to help limit attackers’ use of the agentic AI revolution of the past nine months.<br>GLM-5.2 has relieved attackers of this dilemma. It’s the first open-weights model widely embraced as capable of the long-horizon agency that exploded onto the scene last November with Opus 4.5 and which benign software developers discovered while vibe-coding over the holiday break. Many report GLM-5.2 is as good as, or nearly as good as, GPT-5.5 and Opus 4.8, and at the kinds of code and terminal operations that form the bread and butter of offensive cyber operations.<br>Fine-tuning GLM-5.2 to say ‘yes’ to any request should be trivial. And one can run GLM-5.2 privately on 8 H200s in a warehouse somewhere. As quantized and pruned versions of the model are released it'll take even less capital. TL;DR: two weeks ago there was serious friction to attackers using agentic AI in earnest. As of last week, there is no stopping attackers from carrying out long-running, Claude Code–level security tasks from the shadows.<br>Access to near-frontier open weights offensive cyber agents is being democratized just as access to the frontier has been regulated

We can now expect a dark economy to emerge around serving open weights near frontier models via API, just as we have dark economies around malware, zero-day exploits, credential dumps, and initial access into victim networks. We can expect an economy of harnesses and inference providers to emerge. As this occurs, the technical frictions to adopting agentic AI will have been removed for a wide variety of attacker constituencies.<br>Meanwhile, we have denied cyber defenders access to our most advanced frontier model, Anthropic’s Mythos, on the supposed grounds that this model—which runs on private servers, where it’s watched by active, 24x7 teams dedicated to catching its misuse in a way that benefits the US and its allies, would benefit attackers.<br>And, even crazier, we’ve shut down this model on the basis of its ability to find zero-days—even after watching the defender community rally around fixing discovered bugs with frontier models far faster than attackers have exploited new zero-days in the wild.<br>The opportunity available to attackers today

Cyber security today is defined by three clusters of goal-oriented behavior:<br>stealing money from individuals via scams, fraud, and commodity malware;

stealing money from organizations via targeted ransomware campaigns;

and achieving intelligence, influence, and kinetic goals against national interests via state and quasi-state campaigns.

Supporting all three is an increasingly complex dark economy of access brokers, payment rails, and cyber-weapons marketplaces.<br>Most of this ecosystem isn’t bottlenecked by any one task but could be deeply transformed by private agentic AI to help across multiple tasks. Here’s what potentially gets disrupted with GLM-5.2-level capabilities and beyond:<br>A Claude Code–style, semi-autonomous kill-chain execution capability in which actors manage teams of hacking agents through the various stages of breaking into, persisting on, and expanding access across victim networks between trips to the coffee machine. Anthropic documented such workflows in their vibe-hacking post and their report on the first AI-orchestrated cyber espionage campaign. With private inference, zero guardrails, and better open models than existed when Anthropic wrote those reports, we can expect more of this.

A Claude Code like semi autonomous experience in authoring implants and command and control infrastructure (documented by CrowdStrike) and a Claude web interface style autonomous experience in authoring just in time one off scripts and binaries (documented by Google) that are tactically useful to a given operation.

The ability to find zero-days in the shadows and develop reliable exploits for them—around initial access, privilege escalation, and lateral movement—removing friction from the semi-autonomous cyber operations described above.

The ability—with fine-tuned, open-weights frontier models—to run long-con pig-butchering, scam, and fraud relationships with marks in convincing vernacular and with minimal human-in-the-loop supervision.

What to...

frontier attackers access models cyber model

Related Articles

US Government directive to suspend access to Fable 5 and Mythos 5

Dylan131224 ptsfable government anthropic jailbreak access mythos

Is AI ruining our skills? Early results are in – and they're not good

Michelangelo1124 ptstools skills during physicians colonoscopies tool

The Anatomy of an AI-Native Org

kiyanwang22 ptstranslated managers business translation language engineering

Apertus – Open Foundation Model for Sovereign AI

T-A16 ptsopen model apertus foundation sovereign fully

Britain Became as Poor as Mississippi

SanjayMehta15 ptsbritain mississippi next financial crisis self
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.