Anthropic Mythos – We’ve Opened Pandora’s Box

Posted on April 28, 2026 by steve blank

This article previously appeared in The Cipher Brief.

For a decade the cybersecurity community was predicting a cyber apocalypse tied to a single event –  the day a Cryptographically Relevant Quantum Computer could run Shor’s algorithm and break the public-key cryptography systems most of the internet runs on.

We braced for a one-time shock we would absorb and adapt to. NIST (the National Institute for Standards and Technology) has already published standards for the first set of post-quantum cryptography codes.

It’s possible that the first cybersecurity apocalypse may have come early. Anthropic Mythos now tilts the odds in the cybersecurity arms race in favor of attackers – and the math of why it tilts, and how long it stays tilted, is different from anything our institutions were built to handle.

In 2013, Edward Snowden changed what people knew
In 2013 Edward Snowden changed what people understood about nation-state cyber capabilities. In the decade that followed disclosures and leaks of nation state cyber tools reduced uncertainty and accelerated the diffusion of cyber tradecraft.

The defensive playbook that followed – compartmentalization, need-to-know, leak-surface reduction, clearance reform, “worked” because the Snowden leaks and those that followed were one-time disclosures, absorbed over a decade, with the system returning to something like equilibrium.

We got good at responding to the shocks of disclosures. It became doctrine.

It was the right doctrine for the wrong future.

Pandora’s Box
In 2026 Anthropic Mythos (and similar AI systems) changes what people can do. Mythos found Zero-day vulnerabilities and thousands of “bugs” that were not publicly known to exist (a must read article here.) Many of these were not just run-of-the-mill stack-smashing exploits but sophisticated attacks that required exploiting subtle race conditions, KASLR (Kernel Address Space Layout Randomization) bypasses, memory corruption vulnerabilities and logic flaws in cryptographic libraries in cryptography libraries, and bugs in TLS, AES-GCM, and SSH.

The reality is a number of these were not “bugs.” There were nation-state exploits built over decades.

What this means is that Anthropic Mythos, and the tools that will certainly follow, has exposed hacking tools previously only available to nation-states and transformed into tools that Script Kiddies will have within a few months (and certainly within a year.) No expertise will be required to apply that tradecraft, compressing both the learning curve and the execution barrier.

All Government’s Will Scramble
When Mythos-class systems are used to analyze the code in critical infrastructure and systems, the hidden sophisticated zero-day exploits that are already in use, (including ones nation-states have been sitting on for years) will be found and patched. That means the sources intelligence agencies used to collect information will go dark as companies and governments patch these vulnerabilities.

Every intelligence service will scramble, likely with their own AI, to find new exploits and accesses to replace the ones that have been burned. This will build a cyber arms race with a new generation of AI-driven cyber exploits to replace the ones that have been discovered.

Whichever side sustains faster AI adoption – not just “procures” it, but ships it into operational systems, holds a widening advantage measured in powers of two every four months.

The constraint for intelligence agencies (and companies) wont be their budgets, or authorities or access to models. It will be their institutional capacity for change – the rate at which a defender organization can actually change what it deploys.

The Long Tail Will Not Be Patched
Anthropic has given companies early access to secure the world’s most critical software,.

That will help Fortune 100 companies. But the Fortune 100 is not just a small part of the software attack surface.

The attack surface includes the unpatched county water utility, the regional hospital, the third-tier defense supplier, the school district, the state Department of Motor Vehicles, the municipal 911 system, and the small-town electric co-op. It includes the tens of thousands of systems running software nobody has time to patch, maintained by teams that have never heard of KASLR.

Every one of those systems is now exposed to nation-state-grade tradecraft, wielded by attackers with no expertise required. Mythos-class hardening at the top of the pyramid does not trickle down. The long tail will stay unpatched for years.

Attackers Advantage – For Now
Under continuous exponential growth of AI designed cyber attacks, a cyber defender using traditional tools can’t just respond just once and stabilize their systems. They’ll need to keep investing at a rate that matches the offense’s growth rate. A one-time defensive shock like compartmentalization might work against a sudden attack, but it will fail against sustained exponential pressure of these AI attack tools because there’s no stable equilibrium to return to. A defender’s investment rate now has to track the offense’s exponential growth rate.

Ultimately/hopefully, the next generation of AI driven cyber-defense tools will create a new equilibrium.

What We Need to Do
Mythos and its follow-ons will change how we think about cyber-defense. We can’t just build a set of features to catch every exploit x or y. We need to build cyber systems that can maintain or exceed the capability rate of the attackers.

Here are the three tools governments and cyber defense companies need to build now:

  1. Measure the Gap Between Attackers and Defenders.  We need to know the gap between what the attackers can do and what we can defend against. We need to develop instrumented red/blue exercises (a simulation of a cyberattack, where two teams – the red team and the blue team – are pitted against each other) to estimate the number of new vulnerabilities vs cyber defense mitigation.
  2. Measure the Defender Response Time. For each corporate or government mission system, measure how long it takes to implement a change from identification to production deployment. Then treat each organizational obstacle as equivalent to technical debt that needs to be fixed and obstacle to be removed..
  3. Specify Speed, Not Features. Any new Cyber Defense tools and architecture – including the next-generation cloud-native systems sitting in review right now – should have explicit ‘rate’ requirements. Claims of “our product delivers X capability is now the wrong specification. “Closes detection gap at rate greater than or equal to the offense growth rate” is the right one.

Summary

Buckle up. It’s going to be a wild ride – for companies, for defense and for government agencies.

Mythos is a sea change. It requires a different response than what the current cyber security ecosystem was built for, and one the current system is not built to produce.

We are not behind yet. The gap between Mythos and what we can build to defend is small enough today that a serious response can still match it. A year from now, the same response will be eight times too slow. Two years, sixty-four.

By the way, the only thing left in Pandora’s Box was hope.

Filed under: National Security, Technology | 1 Comment »

AI and Teaching – The Brave New World

Posted on April 22, 2026 by steve blank

This article previously appeared in the Entrepreneur & Innovation Exchange (EIX)

This is the 16th year we’ve been teaching the Stanford Lean LaunchPad class. This year, from the first hour of the first class, we realized we were seeing something extraordinary happen. It was both the end and beginning of a new era. 

Teams showed up to the first day of class with MVPs (Minimal Viable Products) looking like finished products that previous classes had taken weeks or months to build. After the class, as the instructors sat processing what just happened, we realized there’s no going back. 

I’ve been writing about how AI is going to change startups, but the shock of seeing 8 teams actually implementing it was mind blowing. And not a single team thought they were doing anything extraordinary.  

Class Observations: Product Development Velocity is Off the Scale
The old sequence for our class was simple – we had teams replicate what they would do in a startup. Have an idea. Build a team. Get out of the building to talk to customers to understand their problems, do Agile development and DevSecOps to build Minimal Viable Products (MVPs) over 10 weeks to test the solutions. And if they were going to build a company, discover and  develop a “moat” of proprietary code and features.

This year, in the first week of the class our students used multiple AI tools to replace what previously would have taken a large development team. They used Perplexity and ChatGPT for research, Claude Code and Replit to build apps, Vercel/v0 for prototyping, Granola to auto-transcribe and summarize customer interviews. The whole flow was compressed.

Because it was so easy to have an idea and then build something in minutes/hours, our students showed up on the first day of the class with products. They no longer had to wait weeks or months before testing whether anyone cares.

What we realized we were watching was a massive acceleration of the Customer Discovery / Customer Validation timeline. 

Learning 1. Impedance Mismatch Between Product Development and Learning
By the third week of the class we observed that the velocity of product development meant that teams could now generate more products than they could validate. The amount of product did not equal the amount of learning. Teams were so overwhelmed with so much information from the AI tools that they lost sight of the goal of customer development. They started to believe that the product itself was the truth.

Consequence 1. AI has made Customer Validation Harder
The abundance and ease of creating MVPs has become an accidental denial of service attack on the search for a repeatable and scalable business model. While this is an artifact of today, it means we need a different model for Customer Development as rapid coding isn’t going away.

Learning 2. Student Dependence On ChatGPT Decreased the Quality of Insights After week two of the class, it was clear teams were delegating communication to an AI. This dumbed down communication turned into AI slop. ChatGPT and Claude are no substitute for thoughtful communication – whether it’s email, PowerPoint or weekly summaries of Lessons Learned. Luckily you can spot this quickly.

Learning 3. Customers are Feeling Disrupted
As the student teams got out of the building, they discovered that potential customers were already feeling disrupted by AI. Many of the companies the teams demo’d to realized that they were seeing not just incremental improvements, but in fact were being shown a “going out of business” scenario.

Learning 4. Customers realize their proprietary data might be their only moat
In some cases, potential customers who would have previously shared their data with students are now asking for NDAs to share information with the team. Customers are realizing that closely held and hard-won information might be one of the few barriers to AI.

Potential 1: Customer Co-Design
As AI tools are allowing our teams to build higher fidelity MVPs, a few are beginning to consider using the MVPs as digital twins (as a simulation of the final product.) When put in the cloud and shared with potential earlyvangelists, startups can now start co-designing the product with potential prospects.

Teams can monitor if the digital twin is being used, how it’s used, and the feedback of what features are needed can be shared instantly. Teams can update the digital twin as they add features.

Potential 2: Agent/Customer Outcome Fit
Today, software applications are built to give users information and then expect the users to do the work via a user interface of dashboards, alerts, workflow tools and reports. But customers buy software to get a job done, not to look at more screens. Getting the job done is what AI Agents (orchestrated by tools like OpenClaw) will autonomously enable. For some teams, future class sections may see the search for Product/Market fit become the search for AI Agent/Customer Outcome fit. Minimum Viable Products (MVPs) will become Minimum Productive Outcomes (MPOs.)

Lessons Learned

  • MVPs are No Longer an Indication of Technical Competence
    • Vibe coding has transformed MVPs to the equivalent of PowerPoint slides
  • Speed to MVPs Hasn’t Yet Meant Faster Learning About Building a Company
    • While we’re still early in the class, the blinding speed of the first week’s onslaught of MVPs hasn’t yet translated into faster learning about customer validation.
  • Business Process and Business Models Still Matter
    • The bottleneck for our student teams has moved from needing the resources to build high-quality MVPs to judgment: how to choose the right problem, how to read user signals correctly, and deciding what to build next.
  • Product/Market Fit and Agent/Outcome Fit Will Co-Exist (for a while.)
    • While some customers are ready to move to an Agentic workflow, for others delivering Product/Market Fit is still what users want to see.
  • Startup Teams Will Be Smaller
    • Our class teams are 4-5. In the past, if they decided to pursue their idea and start a company they would need to hire a larger team to build the product, manage the product, find out whether they had product/market fit, create demand, etc. That’s mostly no longer true.
    • Most teams won’t need to raise money to find out if the problem is real or before they know if users care.
  • Enterprise Pricing Models Will Change
    • Some teams are already testing pricing that will shift from per/seat to workflows, outcomes, results, resolutions, successful task
  • Customer Development Will Change
    • Because the Customer Development cycle is faster and multiple MVPs now can be run simultaneously…
    • Effort shifts to the extra time needed on hypotheses testing because the velocity and volume of product development can overwhelm signals from potential customers
    • As MVPs rapidly change, they need to be instrumented to monitor customer usage/interactions

More Learning In the Weeks Ahead

Filed under: Lean LaunchPad, Technology | 5 Comments »

Nowhere Is Safe

Posted on April 9, 2026 by steve blank

Drones in Ukraine and in the War with Iran have made the surface of the earth a contested space. The U.S. has discovered that 1) air superiority and missile defense systems (THAAD, Patriot batteries) designed to counter tens or hundreds of aircraft and missiles is insufficient against asymmetric attacks of thousands of drones. And that 2) undefended high value fixed civilian infrastructure – oil tankers, data centers, desalination plants, oil refineries, energy nodes, factories, et al -are all at risk. 

When the targets are no longer just military assets but anything valuable on the surface, the long term math no longer favors the defender. To solve this problem the U.S. is spending $10s of billions of dollars on low-cost Counter-UAS systems – detection systems, inexpensive missiles, kamikaze drones, microwave and laser weapons.

But what we’re not spending $10s of billions on is learning how to cheaply and quickly put our high-value, hard-to-replace, and time-critical assets (munitions, fuel distribution, Command and Control continuity nodes, spares), etc., out of harm’s way – sheltered, underground (or in space). 

The lessons from Gaza reinforce that underground systems can also preserve forces and enable maneuver. The lessons from Ukraine are that survivability while under constant drone observation/attack requires using underground facilities to provide overhead cover (while masking RF, infrared and other signatures). And the lessons from Iran’s attacks on infrastructure in the Gulf Cooperation Council countries is that anything on the surface is going to be a target.

We need to rethink the nature of force protection as well as military and civilian infrastructure protection.

Air Defense Systems
For decades the U.S. has built air defense systems designed for shooting down aircraft and missiles.The Navy’s Aegis destroyers provide defense for carrier strike groups using surface-to-air missiles against hostile aircraft and missiles. The Army’s Patriot anti-aircraft batteries provide area protection against aircraft and missiles. The Missile Defense Agency (MDA) provides missile defense from North Korea for Guam and a limited missile defense for the U.S.  MDA is leading the development of Golden Dome, a missile defense system to protect the entire U.S. against ballistic, cruise, and hypersonic missiles from China and Russia. All of these systems were designed to use expensive missiles to shoot down equally expensive aircraft and missiles. None of these systems were designed to shoot down hundreds/thousands of very low-cost drones.

Aircraft Protection
After destroying Iraqi aircraft shelters in the Gulf War with 2,000-lb bombs, the U.S. Air Force convinced itself that building aircraft and maintenance shelters was not worth the investment. Instead, their plan – the Agile Combat Employment (ACE) program – was to disperse small teams to remote austere locations (with minimal air defense systems) in time of war. Dispersal along with air superiority would substitute for building hardened shelters. Oops. It didn’t count on low-cost drones finding those dispersed aircraft. (One would have thought that Ukraine’s Operation Spider’s Web using 117 drones smuggled in shipping containers – which struck and destroyed Russian bombers – would have been a wakeup call.)

The cost of not having hardened aircraft shelters during the 2026 Iran War came home when Iran destroyed an AWACS aircraft and KC-135 tankers sitting in the open. Meanwhile, China, Iran and North Korea have made massive investments in hardened shelters and underground facilities.

Protecting Ground Forces
The problem of protecting troops with foxholes against artillery is hundreds of years old. In WWI, trenches connected foxholes into systems. Bunkers were hardened against direct hits. Each step was a response to increased lethality from above. Today, drones are the new artillery; a persistent, cheap and precise overhead threat but with the ability to maneuver laterally, enter openings, and loiter. And mass drone attacks put every high value military and civilian target on the surface at risk. Fielding more hardened shelters for soldiers like the Army’s Modular Protective System Overhead Cover shelters is a first step for FPV kamikaze drones defense, but drones can get inside buildings through any sufficiently sized openings. 

Drone Protection
Ukraine has installed ~500 miles of anti-drone net tunnels with a goal of 2,500 miles by the end of 2026. These are metal poles and fishing nets stretched over roads but they represent the same instinct: the surface is a kill zone, so cover it. Russia has done the same.

The logical response is to go underground (or out to space) but the technology to do it quickly, cheaply, and at scale is genuinely new. The gap in current thinking is between “put up nets” (cheap, fast, limited) and “build a Cold War concrete bunker” (expensive, slow, permanent). What’s missing is the middle layer – rapidly bored shallow tunnels that provide genuine overhead cover for movement corridors, equipment parking, and personnel protection. 

What tunnels solve that nets and shelters don’t
A net stops an FPV drone’s propellers. A shelter stops shrapnel. But a tunnel 15-30 feet underground is invisible to ISR, immune most to top-attack munitions, can’t be entered by a drone through a door or window, and survives anything short of a bunker-buster. Gaza proved that even with total air superiority and ground control, Israel has destroyed only about 40 percent of Gaza’s tunnels after two and a half years of war.

That’s an asymmetric defender’s advantage the U.S. military should be thinking about for its own use, not just as a threat to overcome.

What’s changed to make this feasible is that we may not need boring tunnels per se, but instead modular, pre-fabricated tunnel segments that can be installed with cut-and-cover methods at expeditionary bases. Or autonomous boring machines sized for military logistics (smaller versions of the Boring Company TBMs) corridors rather than highway traffic.

The problem is a lack of urgency and imagination
The problem is real, the incumbents (Army Corps of Engineers) are slow, and the existing commercial tunneling industry isn’t thinking about expeditionary military applications.

The doctrinal gap is between “dig a foxhole with an entrenching tool” (individual soldier, hours) or deploy a few Army’s Modular Protective System Overhead Cover shelters or “build a Cold War hardened aircraft shelter” (major construction project, years, billions). There’s no doctrine for rapidly boring hardened underground movement corridors, dispersed equipment shelters, or protected command post positions using modern tunneling technology.

Army doctrine treats excavation as something done with organic engineer equipment — backhoes, bulldozers, troops with shovels — to create individual fighting positions and cut-and-cover bunkers. The Air Force doctrine barely addresses physical hardening at all, having spent 30 years assuming air superiority would substitute for it.

Nobody in the doctrinal community is asking: what if the Army could cut and cover 100 meters of precast tunnel segments in a day or if we could bore a 12-foot diameter tunnel 30 feet underground at a rate of a hundred of meters per week and use it as a protected logistics corridor, command post, or aircraft revetment?

Summary
Oceans on both sides and friendly nations on our borders have lulled America into a false sense of security. After all, the U.S. has not fought a foreign force on American soil since 1812.

Protection and survivability is no longer a problem for a single service nor is it a problem of a single solution or an incremental solution. Something fundamentally disruptive has changed in the nature of asymmetric warfare and there’s no going back. While we’re actively chasing immediate solutions (Golden Dome, JTAF-401, et al), we need to rethink the nature of force protection, and military and civilian infrastructure protection. Protection and survivability solutions are not as sexy as buying aircraft or weapons systems but they may be the key to winning a war.

The U.S. needs a coherent protection and survivability strategy across the DoW and all sectors of our economy. This conversation needs to be not only about how we do it, but how we organize to do it, how we budget and pay for it and how we rapidly deploy it.

Lessons Learned

  • There is no coherent protection and survivability strategy that addresses drones across the DoW and the whole of nation
    • Just point solutions
  • For troops near the front, tunnels could reduce visual, thermal, and RF signature while providing fragment protection with a network of small, concealed, overhead- covered positions, short connectors, buried command posts, protected aid stations, and revetted vehicle hides.  
  • We need to underground assets that cannot be quickly replaced 
    • Command posts, comms nodes, ammunition, fuel distribution points, repair facilities, key power systems, maintenance spares, and high-value aircraft or drones.  
    • Think protected taxiways, blast walls, covered trenches, buried cabling, alternate exits, redundant portals, and rapid runway repair. Sortie generation under attack depends on a whole system, not one bunker.  
  • We need to work with commercial companies to harden/defend their sites
    • Provide active defenses and incentives for under-grounding critical facilities
  • The Army and Air Force need to rethink their doctrines and techniques for Protection and Survivability
    • Army Techniques Publications (ATP) 3-37.34 – Survivability Operations treat excavation as something done with backhoes, bulldozers, troops with shovels to create individual fighting positions and cut-and-cover bunkers. Update it.
    • The Air Force needs to do the same with AFDP 3-10, AFDP 3-0.1 (Force Protection and AFTTP 3-32.34v3, AFH 10-222, Volume 14 and UFC 3-340-02
  • We need to think of force and infrastructure protection not piecemeal but holistically
    • Part of any weapons systems requirement and budget should now include protection and survivability 
    • Protection and survivability should be deployed concurrently with weapons systems
  • We need a Whole of Nation approach to protection and survivability for both the force and critical infrastructure

Filed under: National Security, Technology Innovation and Modern War | 7 Comments »