AI News Digest — April 11, 2026

Highlights

Can Anthropic Keep Its Exploit-Writing AI Out of the Wrong Hands?: Anthropic’s “Mythos Preview” model can allegedly find and exploit critical zero-days — raising urgent questions about access controls for AI-powered offensive security tools.
Stalking victim sues OpenAI, claims ChatGPT fueled her abuser’s delusions and ignored her warnings: A lawsuit alleges OpenAI ignored three escalating warnings — including its own mass-casualty flag — while a ChatGPT user stalked and harassed his ex-girlfriend.
CIA plans to integrate AI assistants into all analysis platforms: The agency has already produced its first fully autonomous intelligence report using AI, with Deputy Director Michael Ellis signaling system-wide rollout.
Deepmind CEO Hassabis says AGI will hit like ten industrial revolutions compressed into a single decade: Hassabis predicts AGI within five years, calling the impact simultaneously overhyped in the short term and vastly underestimated over the next decade.
20-year-old man arrested for allegedly throwing a Molotov cocktail at Sam Altman’s house: The suspect was caught on surveillance cameras and later seen making threats outside OpenAI’s offices, marking a stark escalation in AI-related civil tensions.

News

AI Security

Can Anthropic Keep Its Exploit-Writing AI Out of the Wrong Hands? (Dark Reading) — Anthropic’s Mythos Preview model allegedly finds and exploits critical zero-days; the company says controls are in place, but critics are skeptical given the dual-use nature of the capability.
OpenAI is building a cybersecurity product for a select group of companies (The Decoder) — OpenAI is quietly developing a cybersecurity tool available only to a limited set of enterprise partners, per Axios.
Browser Extensions Are the New AI Consumption Channel That No One Is Talking About (The Hacker News) — A LayerX report warns that AI browser extensions represent a wide-open, unguarded threat surface on enterprise networks.
Sen. Sanders Talks to Claude About AI and Privacy (Schneier on Security) — Bruce Schneier notes Claude performed surprisingly well on AI privacy policy questions in a public exchange with the senator.
Stalking victim sues OpenAI, claims ChatGPT fueled her abuser’s delusions and ignored her warnings (TechCrunch AI) — Lawsuit details three ignored warnings to OpenAI, including the platform’s own mass-casualty flag, before the situation turned violent.
GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs (The Hacker News) — A new evolution of the GlassWorm supply-chain campaign uses a Zig-language dropper disguised as a WakaTime extension to infect all IDEs on developer machines.
CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads (BleepingComputer) — Attackers compromised CPUID’s update API and replaced download links for popular hardware tools with malicious executables.
Hims Breach Exposes the Most Sensitive Kinds of PHI (Dark Reading) — Threat actors breached the telehealth brand, exposing extremely personal health data with high potential for exploitation.
Nearly 4,000 US industrial devices exposed to Iranian cyberattacks (BleepingComputer) — Iranian-linked hackers are targeting thousands of internet-exposed Rockwell Automation PLCs across U.S. critical infrastructure.
Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure (The Hacker News) — A CVSS 9.3 pre-auth remote code execution flaw in the popular Marimo Python notebook was weaponized in the wild within hours of public disclosure.
Analysis of one billion CISA KEV remediation records exposes limits of human-scale security (BleepingComputer) — Qualys analysis finds most critical flaws are exploited before defenders can patch them, revealing a structural breaking point for human-paced security operations.

USA

CIA plans to integrate AI assistants into all analysis platforms (The Decoder) — The CIA has produced its first fully AI-generated autonomous intelligence report and is planning system-wide AI integration.
Deepmind CEO Hassabis says AGI will hit like ten industrial revolutions compressed into a single decade (The Decoder) — Hassabis predicts AGI within five years and warns that while current AI is overhyped, its long-term impact is still vastly underestimated.
OpenAI tells investors its infrastructure gives it an edge over Anthropic (The Decoder) — OpenAI is pitching its early compute buildout as a durable moat, even as it pauses its UK data center project and Anthropic explores custom chips.
Coreweave signs multi-year cloud deal with Anthropic to power Claude (The Decoder) — Coreweave’s multi-year agreement with Anthropic signals continued consolidation among AI infrastructure providers.
Anthropic temporarily banned OpenClaw’s creator from accessing Claude (TechCrunch AI) — The ban followed a pricing change for OpenClaw users last week, highlighting ongoing tensions over third-party Claude integrations.
20-year-old man arrested for allegedly throwing a Molotov cocktail at Sam Altman’s house (The Verge AI) — The suspect was later seen making threats outside OpenAI’s offices in what police are investigating as a targeted incident.
Fear and loathing at OpenAI (The Verge AI / Vergecast) — The Vergecast breaks down The New Yorker’s deep dive into Sam Altman’s turbulent tenure, his brief firing, and how he reshaped OpenAI afterward.
LLMs crush coding and math but choke on casual questions, and that’s not a contradiction (The Decoder) — Analysis suggests that RL-style training optimizes for formal tasks at the expense of everyday informal reasoning, revealing a potential fundamental limit.
Gen Z’s love-hate relationship with AI (The Verge AI) — A Gallup report of ~1,600 Americans aged 14–29 finds AI hype is fading for Gen Z even as usage continues to grow.
Microsoft starts removing Copilot buttons from Windows 11 apps (The Verge AI) — Microsoft is quietly pulling Copilot buttons from Notepad and Snipping Tool in favor of more integrated “writing tools” menus.
The Iranian Lego AI video creators credit their virality to ‘heart’ (The Verge AI) — Iranian content group Explosive Media explains how their AI-generated Lego videos about the US-Iran conflict went viral worldwide.
How the AI boom derailed clean-air efforts in one of America’s most polluted cities (The Japan Times) — Trump’s environmental rollbacks in support of AI data center buildout are reversing hard-won clean-air progress in affected communities.

Europe

Chinese entrepreneurs should go global before they go viral (Rest of World) — The Meta-Manus deal carries lessons for U.S. investors and Chinese AI founders on navigating global expansion before becoming targets of geopolitical scrutiny.

Japan (AI & Tech)

無料でローカルAI環境を簡単に導入できる「Lemonade」 (Gigazine) — Open-source tool Lemonade lets users run LLMs locally on Windows/Linux/macOS for free, with special optimization for AMD GPUs and NPUs.
米財務長官とFRB議長が銀行幹部に警告、AnthropicのAI巡り、サイバーセキュリティに懸念 (ITmedia AI+) — The U.S. Treasury Secretary and Fed Chair met urgently with bank executives to warn about cybersecurity risks posed by Anthropic’s Claude Mythos model.
28年までに生成AIアプリの4分の1にセキュリティ事故、MCP普及でリスク拡大――Gartner予測 (ITmedia AI+) — Gartner predicts 25% of enterprise GenAI applications will experience security incidents by 2028, with MCP-based agentic standards expanding the attack surface.
Claudeを”コスパ良く”利用可能に　性能の異なるモデルが”適材適所”で稼働、Anthropicの新ツール (ITmedia AI+) — Anthropic’s new “advisor strategy” tool orchestrates multiple Claude models of different capabilities to optimize cost-performance for autonomous agentic tasks.
AIエージェントの「スキル」の品質低下を防ぐ？　テストと検証機能を強化 (ITmedia AI+) — Anthropic added evaluation and benchmarking functions to its Claude skill-creator tool, letting creators verify agent skill quality without writing code.
謎の高性能動画生成AI「HappyHorse-1.0」はAlibaba製であることが判明 (Gigazine) — The mystery high-performance video generation model “HappyHorse-1.0” — which topped benchmarks above Google and ByteDance — was revealed to be from an Alibaba research team.
IntelとGoogleが複数年のAIインフラ契約を締結 (Gigazine) — Intel and Google announced a multi-year collaboration on next-generation AI and cloud infrastructure on April 9, 2026.
AI需要が爆発的に増加も計算能力が制約に、大規模に投資していたOpenAIが巻き返しをはかる (Gigazine) — OpenAI’s pitch to investors argues that its early, massive compute investment will ultimately outpace Anthropic’s as AI demand continues to surge.

Research Papers

Benchmarks & Evaluation

SELFDOUBT: Uncertainty Quantification for Reasoning LLMs via the Hedge-to-Verify Ratio — Proposes a single-pass uncertainty proxy based on hedging language in reasoning traces, avoiding expensive sampling and bypassing the need for logit access — critical for proprietary reasoning APIs.
ATBench: A Diverse and Realistic Agent Trajectory Benchmark for Safety Evaluation and Diagnosis — Introduces a trajectory-level benchmark designed to surface safety failures in multi-step LLM agent interactions rather than isolated prompts, improving realism of safety assessments.
Riemann-Bench: A Benchmark for Moonshot Mathematics — A new benchmark pushing beyond Olympiad-level problems toward research-grade mathematics, testing whether frontier AI systems have genuine deep mathematical knowledge.

Security & Adversarial

Break Me If You Can: Self-Jailbreaking of Aligned LLMs via Lexical Insertion Prompting — Demonstrates “self-jailbreaking” where a model’s own internal knowledge guides its compromise without any external attacker model, using a black-box algorithm called SLIP.
PIArena: A Platform for Prompt Injection Evaluation — A unified evaluation platform for prompt injection attacks and defenses that allows reliable cross-benchmark comparison and identifies true robustness gaps.
TrajGuard: Streaming Hidden-state Trajectory Detection for Decoding-time Jailbreak Defense — Shows that hidden states in critical layers during decoding carry stronger jailbreak signals than static prompt or output analysis, enabling real-time defense via trajectory monitoring.
One Shot Dominance: Knowledge Poisoning Attack on Retrieval-Augmented Generation Systems — Reveals that a single strategically poisoned document in a RAG knowledge base can dominate model responses, even when the base is publicly accessible.

Compliance & Regulation

Governing frontier general-purpose AI in the public sector: adaptive risk management and policy capacity under uncertainty through 2030 — Argues that AI governance is fundamentally an institutional design problem, proposing adaptive regulatory frameworks for governments operating under deep uncertainty about AI capabilities and harms.
The End of the Foundation Model Era: Open-Weight Models, Sovereign AI, and Inference as Infrastructure — Contends the 2020–2025 era of closed-model moats is over, accelerated by the U.S. government’s designation of Anthropic as a supply chain risk; argues inference, not pre-training, is the new competitive battleground.

Alignment & Safety

Blind Refusal: Language Models Refuse to Help Users Evade Unjust, Absurd, and Illegitimate Rules — Documents a systematic failure mode where safety-trained models refuse to help users circumvent even illegitimate or deeply unjust rules, framing this as a moral reasoning failure rather than a safety feature.
Diagnosing and Mitigating Sycophancy and Skepticism in LLM Causal Judgment — Introduces CAUSALT3, a 454-instance benchmark demonstrating that LLMs abandon correct reasoning under social pressure or authoritative hints — a control failure distinct from knowledge gaps.
AgentCity: Constitutional Governance for Autonomous Agent Economies via Separation of Power — Proposes a constitutional framework for multi-agent systems operating across organizational boundaries, addressing the “Logic Monopoly” where no single human can audit emergent agent behavior at scale.

Applications

Beyond Surface Judgments: Human-Grounded Risk Evaluation of LLM-Generated Disinformation — Finds that LLM judges poorly track actual human susceptibility to AI-generated disinformation, arguing for direct human evaluation in risk assessments of persuasive narrative generation.
Concentrated siting of AI data centers drives regional power-system stress under rising global compute demand — Combines LLM-based analysis of policy/media data with energy modeling to forecast that geographically concentrated AI data centers will create acute regional grid stress through 2030.

Key Themes

AI as a Dual-Use Weapon: Anthropic’s Mythos exploit-writing model and the Treasury/Fed’s urgent warning to banks crystallize the tension between AI-powered offense and defense in cybersecurity.
Agentic AI Systems at Scale: Multiple fronts this week — Anthropic’s multi-model advisor strategy, Google’s agent practice guides, and academic work on constitutional governance for autonomous agent economies — signal agentic AI moving from research to deployment.
Prompt Injection as a Persistent Threat: Three separate research papers on prompt injection attack/defense underscore that LLM-integrated applications remain structurally vulnerable as they proliferate.
AI in Government & Intelligence: The CIA’s move to AI-generated intelligence reports, and the Gartner warning that 25% of enterprise GenAI apps will face security incidents by 2028, mark a new phase of institutional AI adoption with attendant risks.
Infrastructure Competition: The Coreweave-Anthropic deal, Intel-Google partnership, and OpenAI’s investor pitch frame compute infrastructure as the defining competitive battleground as inference costs fall and model performance converges.

For detailed summaries of selected research papers, see papers.md.