The SignalThe AI That Found Your Zero-Days — And t…
    AI & Technology

    The AI That Found Your Zero-Days — And the Chip That's Coming for Intel

    Anthropic's secret Claude Mythos model found over 10,000 critical software vulnerabilities through Project Glasswing. Meanwhile, Nvidia unveiled its N1X chip at Computex, GitHub Copilot switched to token-based billing, and Colorado's AI Act begins enforcement June 30.

    1 Jun 2026

    The AI That Found Your Zero-Days — And the Chip That's Coming for Intel

    From Anthropic's secret vulnerability hunter to Nvidia's PC ambitions, the week AI got serious about hardware, security, and your wallet.

    Anthropic Built a Bug-Hunting AI It's Afraid to Release

    There's a peculiar kind of power in a tool you choose not to sell. Anthropic has spent the past several weeks doing something audacious and quietly terrifying: letting an unreleased AI model loose on the world's most critical software — and watching it find more than 10,000 high- or critical-severity vulnerabilities across every major operating system and every major web browser.

    The model is called Claude Mythos Preview. Anthropic describes it as a new compute tier above Claude Opus, a system explicitly designed not to be made generally available because of its dual-use cybersecurity risk. The initiative built around it is called Project Glasswing, a $100 million defensive cybersecurity program launched in April 2026 with roughly 50 partner organizations including AWS, Apple, Cisco, Google, Microsoft, NVIDIA, Cloudflare, JPMorgan Chase, and Mozilla. The premise is as elegant as it is sobering: if an AI this powerful can find zero-days faster than any human red team, better to point it at defenders first.

    What Mythos found in just weeks of internal testing is staggering in scope. Thousands of previously unknown flaws in the software stack that most of the internet — and most of modern finance, healthcare, and logistics — runs on. Cloudflare published its own write-up of what the model surfaced in their systems. The Ringer ran a piece asking, in only partly hyperbolic terms, whether Claude Mythos could destroy the internet. Anthropic's answer, essentially, is that it could — which is exactly why they aren't releasing it to the public and why, paradoxically, they're using it to patch the internet before the wrong people build something similar.

    The signal Project Glasswing sends is larger than any individual vulnerability. We are entering an era where the most dangerous AI capabilities aren't chatbots that write bad essays — they're autonomous systems that can probe digital infrastructure at a scale and speed no human or human-led team can match. Anthropic is betting $100 million that the right response is to get there first and patch fast. Whether that bet pays off may depend on how long it takes adversarial actors to build their own version of Mythos.

    Nvidia Just Declared War on Intel and AMD — From a Chip Factory in Taiwan

    Jensen Huang is not known for understatement. But the announcement he delivered at Computex 2026 in Taipei on June 1 was remarkable even by his standards: Nvidia is now in the PC chip business, and it brought an ARM-based processor that fuses together Nvidia's own Blackwell GPU and a custom MediaTek-designed CPU into a single package with 128 gigabytes of unified memory.

    The chip is called the N1X — or, in the product that debuted at Computex, the RTX Spark. Microsoft, Dell, HP, ASUS, Lenovo, and MSI are all building laptops around it. Dell is expected to launch an XPS variant first. The technical specs are serious: 6,144 CUDA cores, a 20-core CPU configuration, and TSMC's most advanced manufacturing process. It is, in every meaningful sense, Nvidia's first real attempt to colonize the consumer PC market — territory that Intel and AMD have owned for decades.

    The strategic implications cut deep. ARM-based chips have been creeping into the PC market since Apple's M1 in 2020 demonstrated what happens when a company builds a chip specifically for its own software and workloads. Qualcomm followed with its Snapdragon X chips, targeting Microsoft's Copilot+ PC push. Nvidia's entry is different in kind: it brings CUDA, the software ecosystem that the entire AI industry runs on, directly into laptop silicon. For developers who need to run local AI models, fine-tune small language models, or build agentic applications without spinning up cloud compute, a laptop with native CUDA support could be genuinely transformative.

    It's also a direct provocation. Intel has spent years trying to catch up on AI inference performance. AMD has its own ARM ambitions. Nvidia has spent the past five years becoming the most valuable company in the world almost entirely on the strength of its data center chips — now it's coming for the device in your bag.

    GitHub Copilot's Pricing Shock: The Flat Rate Is Dead

    For developers who've come to rely on GitHub Copilot as a monthly fixed cost, June 1, 2026 marks an uncomfortable transition. Starting today, Copilot moves from flat-rate subscriptions to usage-based billing measured in AI Credits — tokens consumed by the model, priced at $0.01 per credit. Copilot Pro stays at $10/month, Pro+ at $39/month, Business at $19/user/month. What changes is what those prices buy.

    Inline code completions and Next Edit Suggestions remain included and don't burn credits. Everything else — Copilot Chat, large-context code reviews, agent-mode sessions, and long-running coding workflows — now draws down a credit pool. Heavy users relying on agents or extended conversations with large codebases are looking at potential overages. Developer communities lit up in April when the change was announced: one Visual Studio Magazine headline captured the mood succinctly — "You Will Get Less, But Pay the Same Price."

    GitHub's logic is coherent from a cost-management perspective. Advanced models like GPT-5.4 and reasoning-tier systems are genuinely expensive to run at scale, and a flat subscription that doesn't account for usage creates perverse incentives. But the shift lands at an awkward moment: developers were only beginning to integrate agentic Copilot workflows — the kind where the AI iterates autonomously on a codebase for minutes at a time — and those are precisely the workflows most likely to generate sticker shock.

    This is the broader story of AI's economics in 2026. The promotional pricing era is ending. Compute costs are real, models are getting more powerful and more expensive to run, and the platforms that bet on flat-rate subscriptions to drive adoption are quietly repricing toward usage. Expect more announcements like this throughout the year.

    The Regulatory Clock Is Running — and It's Set for June 30

    While the tech industry debates chips and pricing, a more consequential countdown is underway in Colorado. The state's Artificial Intelligence Act — one of the most comprehensive AI regulations enacted in the United States — enters enforcement on June 30, 2026. Any developer or deployer of a "high-risk" AI system making consequential decisions in areas like employment, healthcare, education, housing, insurance, or government services needs to have a risk management program in place, conduct impact assessments, provide consumer disclosures, and demonstrate active mitigation of algorithmic discrimination.

    Colorado is not alone. The EU is finalizing its Code of Practice for AI-generated content labeling, also expected by the end of June. The White House issued an executive order in late 2025 signaling intent to consolidate AI oversight at the federal level — a direct attempt to preempt a patchwork of state laws, though that effort faces active opposition from states that aren't waiting for Washington to act. California's CCPA automated decision-making provisions are set for January 2027.

    For most consumer-facing AI products, the Colorado law is the near-term pressure point. "High-risk" is defined broadly enough to capture hiring tools, loan approval systems, clinical decision support, and educational assessment platforms. Compliance isn't trivial — it requires documentation, testing, and disclosure mechanisms that many smaller AI companies haven't built. The grace period expires at month's end; after that, enforcement begins.

    The regulatory patchwork creates real compliance headaches. A model deployed across the US might now face different legal obligations in Colorado, California, and under any eventual federal framework — not to mention the EU AI Act for any company with European users. This isn't a hypothetical compliance burden. It's the new cost of doing business in AI at scale.

    The Bottom Line

    The week of June 1, 2026 laid out in sharp relief what the next phase of AI actually looks like: a Claude model that finds vulnerabilities at a scale no human team could match, a chip that could put CUDA on every developer's laptop, a pricing shift that ends AI's free-lunch era, and regulation that is no longer a future concern but an immediate compliance deadline. The romantic phase of AI — the demos, the wonder, the breathless speculation — is giving way to something harder-edged and more consequential. The infrastructure is being built, the bills are coming due, and the rules are being written. How well the industry navigates all three at once will determine what the next decade of AI actually delivers.

    Sources