The Labor Department just reported 189,000 new unemployment claims last week. PBS has reported it as the lowest since 1969 and even printed an economist saying there was nothing to worry about, even though the same economist warned layoffs were coming.

“There is nothing to worry about in this report. YET!,” HFE’s Chief Economist Carl Weinberg wrote in a note to clients. “At some point, elevated energy costs and prices for materials will cause firms to lay off marginal workers to protect profit margins.”

This is disinformation. I feel like I have to write about it the way someone in 1969 might have written about labor reports coming out of the Politburo in Moscow. The report counts people who filed a new state unemployment insurance application in one week. It counts nothing else. That is how disinformation works, by amplifying one true thing into a huge lie.

What’s missing from the proper context of unemployment numbers? Contractors cannot file. Gig workers cannot file. Federal workers who took the deferred resignation cannot file, because the resignation was voluntary on paper. Tech workers on severance file months later if they file at all. H1B holders risk their visa by filing. Workers who used up 26 weeks of benefits drop off and never come back. Workers whose hours were cut in half generate no claim. Workers locked out by broken state filing systems generate no claim.

Reporting only a narrow pipeline of W2 layoffs from covered employers in states that process applications on time, is a tiny slice of the labor market, and it’s probably the one that represents it the least.

Headlines have been flying about 100,000 jobs cut by the tech sector alone through April. Infamously cruel Oracle has boasted they would fire 30,000 in one round, to juice their stock price and attract Wall Street investors. Block said 4,000. Meta said at least 8,000 and probably a lot more. Microsoft offered buyouts to 7 percent of its American workforce. Quitting would logically come in at historic lows because workers are too scared to move in a market where layoff announcements are constant.

Besides all that, the 1969 comparison is dishonest. The labor force of 80 million does not match the 168 million today. The two periods and their respective numbers do not belong on the same axis.

Carl Weinberg of High Frequency Economics is who gave the most telling admission of what the wealthy value now. Nothing to worry about, he said, because the rise in cost of living (operational cost to employers) will force firms to lay off workers to protect margins. He was writing to his clients who can’t wait to see more layoffs. The workers being described as marginal, ejected to squeeze more money into the pockets of the investors, were not the audience.

Oxfam reported this same week that S&P 500 CEO pay rose 25.6 percent in 2025 while worker wages rose 1.3 percent. Twenty to one.

Time reported this same week that Oracle asked technical writers to document their workflows so AI could be trained on their work, then laid them off. 62 percent of those laid off were over 40, with many saying they thought they had a career. 27 percent had stock vesting within 90 days that the company clawed back, erasing past promises of equity. Oracle has a $400 billion market cap and just posted its best growth quarter in 15 years.

Variety reported this same week that Donnie Wahlberg offered to give back half his salary to film Boston Blue in Boston. CBS told him he could give back 100 percent of his pay and so could the rest of the cast and the show still could not afford to film there. The salaries cannot make a dent in the delta between Massachusetts tax policy and Ontario tax policy.

Each piece is reported as its own item. Together they describe a very different labor market than the White House wants anyone to see.

The Labor Department releases a measure for an economy that no longer exists. PBS says they see a chart pointing down, and pulls in an economist who tells capital to go to sleep.

In short, all the people losing their jobs in 2026 are being told by their own government that they do not exist, because to exist would mean they are worth something.

Let me explain the fundamental economics of a security industry in terms of Anthropic suddenly trying to run the American market.

• Security experts: help, snow has been falling too fast and it’s everywhere, we can’t even see.
• Anthropic: oh, scary, we are the only help you will need, because we’ve invented a velvet firehose. We will tell your board to pay us to dispense water faster than ever. Every drop will cost you.

The static analysis industry has spent the last two decades selling discovery as productivity. Coverity, Veracode, Checkmarx, Fortify, all built businesses on the same code quality proposition: scan to find a vulnerability, so you can expose bad software.

The proposition produced a blizzard of bugs and a lot of revenue. My friends and collegeaus got wealthy, very wealthy. And they did not quantitatively produce safer software. Edgescan’s 2025 Vulnerability Statistics Report finds that 45.4% of discovered vulnerabilities in large enterprises remain unpatched after twelve months. Veracode’s 2024 State of Software Security puts the average time to fix a critical flaw at 252 days, a 47% increase over five years. Two-thirds of organisations carry backlogs exceeding 100,000 findings.

Intelligence, as anyone who works in intelligence should tell you, doesn’t have a clear correlation to safety. Our 419 fraud research proved intelligence in fact can generate overconfidence and therefore more vulnerability, something I have highlighted since 2012 as a “Loch Ness Monster” market failure rewarding artifice. The constraints, in other words, were never intelligence generating vulnerability detection numbers. The constraint was, and continues to be, the opposite end: remediation throughput, a function of kindness. Increasing confidence in detection might in fact lower quality of detection, as well as fail to produce remediation benefits.

This is the long and established market inheritance Anthropic walked into blindly, shooting from the hip at vulnerability researchers and enumeration standards. The PR move it executed in April was elegant only in the way that it weaponised market failure. Like how grabbing the wheel after a tire blowout to make a car crash immediately sounds more elegant that letting the driver try to pull over safely.

I’ll lay it out here, pulling together a month of research revealing Mythos is not what it’s being billed as. On 7 April 2026, Anthropic announced Project Glasswing and Claude Mythos Preview. The framing was immediately suspicious and unvetted. Mythos found a 27-year-old vulnerability in OpenBSD and a 16-year-old bug in FFmpeg. It found privilege escalation chains in the Linux kernel.

To me this reads like Tesla in 2016 saying they’ve landed driverless capability, call the press, just because they drove a straight line on an empty well-marked highway in the desert. Yeah, that’s not what the expert sees at all, but someone who knows nothing about AI might scream with joy and say take my money.

The model was being pitched heavily, by Anthropic’s account, “capable of identifying and then exploiting zero-day vulnerabilities in every major operating system and every major web browser.” The capability therefore was plumped all the way up into being too dangerous for general release. Access was gated like a Long Island bar mitzvah, only through a consortium of the partners with the most money and least incentive to scrutinize the claims. Microsoft, Apple, Google, Amazon Web Services, JPMorgan Chase, Nvidia.

It’s like announcing the Pediatricians Association will be gifted the first driverless Tesla to judge the technology as safe for humanity. In 2016 I sat with other researchers and tore apart the Tesla driverless claims. We proved it would kill, that it failed basic safety, that the demos were highway theater. Nobody cared enough to stop Tesla.

Musk accused the people pointing out his lies of being responsible for the deaths he caused. Proof of danger was criminalized. Tesla started killing people. Mythos is the same backwards gating pattern again. Pick the audience least equipped to challenge the claim and the most susceptible to fraud, hand them the keys, call the tragic results validation.

Read the Anthropic circular-reasoning disclosures carefully. Discovery capability is asserted. Evidence sits behind extremely wealthy and privileged partnership gates. Public verification becomes irresponsible by definition, because public verification means publishing the exploits that prove the horseshit. The model is positioned as so capable that scrutinising the capability claim is itself the threat.

Anthropic is running the reverse logic on static analysis pitches. Coverity sold code scanning as a productivity gain. Mythos sells that same scanning as civilisational menace requiring prayers and wishes to stop it. Same activity. Same throughput problem on the back end. Completely opposite affect on the front end. The vendor who could not solve a remediation gap has rebranded that gap as the threat, and then sells frontier access.

Understanding the asymmetry unlocks the real story. If frontier AI was actually good at finding exploits, it would be great at preventing them instead. Point it at code, remove bugs faster than anyone else could find them, ship safer software, migrate off legacy systems at speed. Fastest AI is safest code. That kind world is definitively NOT the one Anthropic is selling in their cruelty pitches. The company that cannot survive the provable question of defensive throughput pivots into the unprovable one of offensive capability instead (e.g. strategic bombing capability makes adversaries stronger, not “obliterated”, not “deterred”). The most important thing that the model fails at gets buried by fear of the unknown. The thing the model is claimed to do gets gated behind a consortium that cannot publish its results. The danger frame is the cover for the generation-quality failure underneath, formerly known as the defense-contractor claims of mutually-assured-destruction, as I explained about vulnerability research back in 2011.

Think of it like this. Anthropic shows up in the playground and says I hear you have a problem with bullies around here reducing kindness. Well, we’ve got the biggest bully ever built, and you should pay us not to release him if you know what’s good for you. That is not safety. That is just the cruel and classic Silicon Valley investor dream of finally achieving the holy grail of normalizing a protection racket.

The discipline imposed on the previous generation of dumping rough exploits on the market was procurement. Coverity had to publish detection rates. Synopsys had to demonstrate false positive ratios. Semgrep, SonarQube, Fortify, all submitted to OWASP Benchmark scoring, however gamed. CISOs demanded numbers because boards and budgets demanded numbers to show risk was managed and manageable. All the boats were sinking at the same rate. The capability claims of discovery vendors were bounded by buyers who could compare vendors and walk towards ones that lied the least.

Mythos tries to jump outside that discipline. Bruce Schneier signed onto the alarm early, putting his name on the CSA “Mythos-Ready” paper with former CISA and NSA leadership. On April 13 he defended Mythos exclusivity by dismissing the AISLE small-model result as likely to drown in false positives. Two weeks later, perhaps as a mea culpa after being exposed for the bad math, he flagged the bad math himself: nobody knows the false positive rate on unfiltered output. He co-wrote a piece in IEEE Spectrum pivoting to “incremental step” and shifting baseline syndrome. Smart people doubling down on the wrong call is the 419 pattern. Intelligence fuels a Schneier engine running wrong with overconfidence, not any guard against it.

Why did the industry react more cautiously so late? The giant 250-page technical document was an immediate clue because it published hyperbolic adjectives where the industry standard would be a confusion matrix. Seven pages had actual useful content. The rest was saying Anthropic trades on noise. Sophisticated. Concerning. Capable. The vocabulary of unfalsifiability deployed exactly where our usual science of measurement was supposed to expose the failure modes.

The buyer also changed. Coverity was run through a CISO paid to put their reputation on the residual risks. Mythos convinces a board that their drop of rain in a hurricane is the only one that is really wet. The evidence standard collapses when the procurement process becomes a Boogeyman in a non-technical national security conversation. The price ceiling lifts all the way to “a malware caravan is coming to take your women and children” of the great McAfee disaster. Protip: McAfee lied to make money and national security wonks who listened to him set back the industry decades. The Alan Turing Institute’s CETAS report notes Mythos Preview costs five times Opus 4.6. Frontier safety theatre commands frontier safety pricing like a forever bloating McAfee denylist.

I always come back to the fact that Anthropic did not release a benchmark on discovery or exploit, while blurring discovery and exploitability in their announcements. They confidently believed their own lies, I suspect, like we found among the most intelligent 419 fraud victims. Stanislav Fort and the AISLE team ran the test that Anthropic chose not to do, or publish. They isolated specific vulnerabilities Mythos had showcased and ran the same code through small, cheap, open-weight models. Eight out of eight detected the flagship FreeBSD exploit, including a 3.6-billion-parameter model costing a dime per million tokens. One dime. Think about that discovery number on the CISO desk. A 5.1-billion-parameter open model recovered the 27-year-old OpenBSD chain. Independent measurement generated huge pressure on Anthropic and they squeaked out a response that they really meant exploit only. The capability is wide and broadly accessible. Anthropic’s framing required it to be extremely narrow and exclusive.

OpenBSD itself is the cleanest counterexample to the Mythos framing. A 27-year-old bug got disclosed, a small patch shipped, the project moved on because it’s a day of the week that ends in y. Privilege separation, pledge, unveil, default-deny. Architecture did the work and not any AI discovery. The fix was a few lines, which is exactly the work that AI should have done instead of claiming the world is about to be harmed. Drilling holes in ships just to charge admission to bailing crews that arrive is not a good business model.

Peter Swire, the Georgia Tech professor and former Clinton and Obama administration adviser, told Scientific American that “a large fraction of the cybersecurity professors believe this is pretty much what was expected, and pretty much more of the same.” Ciaran Martin, former chief of the UK National Cyber Security Centre, agreed.

The capability is real. Computers are real. The framing is theatre. AI has been killing people for over a decade already and I see exactly zero headlines about putting Elon Musk in jail, his rushed-to-market AI banned from doing further public harms.

If driverless could reduce crashes, it would show up in the data. The opposite is true, and crashes increase around driverless. If frontier models could write secure code at scale, the rational response to a 27-year-old OpenBSD bug would be rapid remediation and even migration. Find the bug, generate and deploy the fix. The bottleneck would be discovery turning into remediation, and Mythos would be the easy answer to it.

The empirical record on AI code generation is the actual story. Pearce and colleagues at NYU and Stanford found 40% of Copilot output contained vulnerabilities mapped to known CWE classes. Veracode’s multi-LLM benchmark in Java, Python, C# and JavaScript reported a 45% security test failure rate, with 86% failure against cross-site scripting. Tihanyi and colleagues ran 330,000 C programs through multiple LLMs and found 62% contained at least one vulnerability. Apiiro’s June 2025 production data showed AI-assisted developers shipping three to four times more code and ten times more security findings. Over 10,000 new findings per month, just from AI-generated code.

More AI code means more bugs, faster. That disproves both Anthropic claims to find bugs faster (false positives, over-confidence and fabrication) and claims to generate safe code faster.

This is what makes the Mythos framing so disappointing.

The same model class that cannot be trusted to write safe code is credited with understanding code well enough to weaponise it. The asymmetry is damning, not scary. Anthropic gets credit for offensive capability while remaining silent on defensive throughput, because publishing a generation-quality benchmark would expose that the discovery-capability has nothing measurable behind it.

The static analysis industry drew attention to a backlog explosion many years ago. Two decades of discovery without remediation throughput produced 100,000-finding queues at most large organisations. I remember one day a long time ago staring at 60,000 tickets full of medium and above vulns to map a bailout. We needed a steam engine and a pump. We got buckets and a few hands to carry them. Bitsight’s longitudinal data puts the typical compound monthly remediation rate at 5%. Semgrep’s 50,000-repository study shows findings open more than 90 days become unlikely to ever be fixed. I’ve seen it all.

A frontier model that scans continuously and generates findings at ten times the rate is like bringing a red velvet firehose to a blizzard. It accelerates the wrong direction for a fee. Gartner analysts told InformationWeek that less than 1% of potential vulnerabilities Mythos surfaces have been fully patched. Over 99% remain open.

The Anthropic argument is probably made circular by design, given how the ivory tower minds of Silicon Valley tend to think now. Mythos finds bugs. Maintainers cannot patch them fast enough. Therefore the world needs more Mythos. More, more, more and never satisfied but some small group of people got rich on it and bought an island far away from the disasters they produced.

Execute first, validate never.

Put it on a Google T-shirt.

An on-device agent with screen-reading permissions and a browser automation handle, was shipped to the Play Store with no announcement, then yanked. The accessibility API is the privilege escalation surface that malware has abused on Android for a decade. Now it is the foundation for a proactive assistant?

But seriously, when I hear Google margins are way up on AI replacing human workers, I see this.

Released.

Pulled.

Five hours.

COSMO uses Android’s AccessibilityService API to read the screen, then triggers proactive “Skills” based on what it sees: Document Writer, Calendar Event Suggester, Browser Agent (Mariner), Deep Research, Recall, Conversation Summary, People/Event Understanding.

Read the screen. Apply intelligence. Report back. Decades ago that’s exactly how I was doing investigations on Windows machines, which fed to prosecutions. The market called it parental monitoring software back then, deceptively. Today it’s your friendly screen watching research assistant, apparently. Not even a parental authority claim is needed anymore?

The package name is com.google.research.air.cosmo, listed as “an experimental AI assistant application for Android devices,” shipped from Google Research but pushed through the company’s main Play Store account.

Best take on this is AI coded a thing that is very bad, and then AI prematurely released it.

You don’t want to know the worst take.

What COSMO actually demonstrates is that the distinction between malware and assistant is none. Call it a double agent. The only distinction, by design, is captured by the one who benefits from blurring it. We trust Google not to abuse user data. That is the entire security model. There is no technical control behind the trust. There should be no trust.

A little lawyer bird tells me the app already is breaking the law.