Something quietly alarming happened this week. On the same news cycle that Anthropic unveiled Mythos, a powerful new AI model being deployed for defensive cybersecurity, the FBI, NSA, and CISA jointly warned that Iranian hackers had escalated attacks on American critical infrastructure. The timing is not coincidental. It is the operating condition of 2026.
When Defense and Offense Share the Same Codebase
Anthropic's Project Glasswing, as The Verge reports, found security vulnerabilities in every major operating system and web browser. That sentence should stop you cold. A model capable of finding those holes at that scale is, by definition, also capable of exploiting them. The coalition of partners, Nvidia, Google, AWS, Apple, Microsoft, reads like a who's-who of the exact infrastructure being targeted. A 2024 paper in Nature Machine Intelligence by Brundage et al. warned that dual-use AI capabilities in security contexts require governance frameworks that currently do not exist at the speed AI is being deployed. We are still waiting.
The Funding Architecture Behind the Firewall
What rarely gets discussed is the capital structure underneath all of this. Anthropic is a heavily-funded private company making sovereign-level security decisions. The companies in its Glasswing coalition are also its investors and cloud partners. When private capital underwrites the tools that protect public infrastructure, the accountability loop gets very strange. TurboFund's live VC intelligence tracks how fast AI security is becoming its own funding category, separate from general AI, with its own thesis and its own risks. The question no one is asking loudly enough: who audits the auditors?