April 12, 2026
Contrary Research · email · 5 mins
Anthropic’s Claude Mythos Preview claims to “surpass all but the most skilled humans at finding and exploiting software vulnerabilities” and says it discovered thousands of zero-days including a 27-year-old OpenBSD bug and a 16-year-old FFmpeg flaw. Access is restricted to ~40 firms (Amazon, Apple, Microsoft, Google, JPMorganChase, etc.) under Project Glasswing, backed by $100M in credits — a launch alarming enough that Treasury Secretary Bessent and Fed Chair Powell reportedly convened an emergency meeting with major bank CEOs. The panic likely overshoots reality: researcher Boyan Milanov called the claims “largely unsubstantiated,” and the model card’s implied 50-exploit figure collapses to just 4 distinct bugs (full-exploit rate: 4.4%) once two repeated vulnerabilities are removed — a pattern consistent with AI labs using safety warnings to pursue regulatory capture rather than reflect genuine capability leaps.
Intel is joining SpaceX and Tesla’s Terafab initiative, which targets one terawatt per year of compute for AI, robotics, satellites, and proposed space data centers. Intel fills the critical gap: SpaceX and Tesla have no chip fabrication expertise, and a leading-edge fab requires years and $20B+. Intel Foundry’s existential problem has been the absence of anchor customers willing to commit to American-made chips — Terafab hands it two of the highest-profile names in tech, validating the thesis that hyperscalers and tech giants are incentivized to diversify away from Taiwan for both geopolitical risk and domestic regulatory reasons.
Three seemingly separate Meta stories this week may be one: Meta employees consumed 60.2 trillion tokens from Anthropic in 30 days; Meta’s internal “Claudenomics” leaderboard (which ranked employees by Claude usage) was abruptly shut down after reports of deliberately wasteful token consumption; and Meta launched Meta Spark, its first proprietary model from Alexandr Wang’s Meta Superintelligence Lab. The connecting hypothesis — that Meta orchestrated mass Claude usage to distill reasoning traces for training Spark — is corroborated by Bloomberg reporting that Spark trained on outputs from OpenAI, Google, and Alibaba’s Qwen, with Meta publicly acknowledging it uses “distillation with strict safeguards” from openly available AI models.
Quotable:
“Mythos’s full-exploit rate drops to 4.4% once two repeated bugs are removed, implying four distinct bugs total rather than the fifty the model card implies.” — on the gap between Anthropic’s Mythos cybersecurity claims and independent analysis
Tomasz Tunguz · email · 3 mins
Anthropic’s Mythos launch implied frontier-scale models are required for serious security work — but this framing doesn’t hold up. Project Glasswing, backed by $100M in compute credits and $4M in donations, showcased Mythos finding a 27-year-old OpenBSD bug, a 16-year-old FFmpeg bug, and a Linux kernel privilege escalation chain built by autonomously chaining vulnerabilities from user access to full machine control.
AISLE tested a Mythos-reported vulnerability — a 17-year-old FreeBSD remote code execution overflow — against models costing 100x less, and all eight models found it. A 3.6-billion-parameter model at $0.11 per million tokens matched what Anthropic framed as requiring restricted frontier access. On false-positive benchmarks across 25 models, cheaper open models outperformed Claude Sonnet 4.5, GPT-4.1, and every Anthropic model through Opus 4.5 — scaling ran inverse to cost.
Security capability is jagged, not smooth: no single model dominates across tasks. GPT-OSS-120b aced the 27-year-old OpenBSD SACK chain in one call (A+) but failed basic Java data flow analysis. Qwen3 32B scored a perfect CVSS 9.8 on FreeBSD, then graded the same SACK code “robust to such scenarios” (F). Rankings reshuffle entirely depending on the task.
The pipeline architecture — not the model — is the real moat. Detection commoditizes first; triage is harder (only one model correctly identified patched code as safe all three times; most fabricated bypass arguments about signed integers in unsigned fields). Exploitation is where Mythos actually separates: it conceived a 15-round RPC payload delivery chain no cheaper model replicated. Each pipeline stage (scanning, detection, triage, patching, exploitation) has different scaling properties.
Broad deployment of cheap models beats sparse deployment of expensive ones. AISLE has produced 180+ validated CVEs across 30+ projects — 15 in OpenSSL, 5 in curl — by running their analyzer on pull requests before code ships. The OpenSSL CTO praised report quality. Anthropic’s own technical scaffold (containers, file scanning, crash oracles, surface ranking, validation) is nearly identical to what AISLE runs. The architecture differentiates; the model inside is interchangeable.
Quotable:
“A thousand adequate detectives searching everywhere find more bugs than one brilliant detective who must guess where to look.” — on why cheap models deployed broadly beat expensive models deployed sparingly
The Big Think Interview · email · 29 mins
Trauma is fundamentally different from stress — not just worse, but categorically distinct. Stress effects are temporary and resolve when the stressor is removed. Trauma divides a life into before and after: the event continues to be experienced even when the danger is gone, the perpetrator is in prison, or the war is over. Rachel Yehuda, a leading PTSD researcher, has spent her career documenting why the body fails to fully recalibrate after traumatic events.
~70% of people worldwide — and ~25% of Americans — have experienced at least one potentially traumatic event (life threat, interpersonal violence, combat, natural disaster), yet PTSD prevalence is far lower than trauma exposure. This means trauma alone does not cause PTSD; it is the individual’s subsequent processing, narrative-making, and social environment that determine whether symptoms become chronic.
Culture directly shapes PTSD rates across nations, independent of raw trauma exposure. Societies have done such a thorough job validating trauma’s psychological toll that many people now automatically expect mental health problems after trauma exposure — which itself can become a driver of symptoms. Yehuda argues this framing has become counterproductive and needs to be balanced with an equally strong message that trauma is survivable and tools exist to move forward.
The core mechanism sustaining PTSD is not the traumatic event itself but the self-blaming narrative built afterward. A woman who survived interpersonal violence concludes she didn’t fight hard enough; a 9/11 survivor wonders whether running to safety rather than helping others was cowardly; a combat veteran believes the aggression that kept him alive makes him a monster. Every time the trauma is recalled — which can be very often — the narrative is reinforced, until the person believes the problem is not what happened, but who they are.
Existing cognitive behavioral therapies for PTSD (CBT) are logically correct — they target these “altered cognitive schemas” — but fail a large fraction of patients in practice. Going back to a severe traumatic event in an ordinary state of consciousness is simply too emotionally overwhelming, so patients disengage or unconsciously hold back the worst material. The therapy addresses a trauma-adjacent version of events, not the full thing, leaving the core untouched.
MDMA is not a classic psychedelic. Unlike psilocybin, LSD, or ayahuasca — which produce ego dissolution, mystical experiences, and coherence-destroying altered states — MDMA allows users to remain conversational and present. This distinction is critical: with classic psychedelics, most therapeutic work happens in integration sessions after the experience; with MDMA, active psychotherapy can occur during the session itself.
Phase 2 and phase 3 clinical trials of MDMA-assisted therapy show approximately two-thirds of treated PTSD patients report no longer meeting diagnostic criteria for PTSD post-treatment. That recovery rate is exceptionally high by psychiatric standards for any intervention. The FDA approval process is in its final stage.
MDMA produces a qualitatively different kind of insight than CBT. Where CBT produces intellectual understanding (“I logically accept I couldn’t have done more”), MDMA allows the same truth to be felt — experienced with visceral self-compassion rather than acknowledged as an abstraction. A survivor can move from knowing she was helpless to feeling it as a truth, which is what actually dissolves the self-punishing narrative.
Societal narratives actively worsen PTSD by reinforcing the self-blame already present in survivors. Holocaust survivors returning to Israel were asked “why did you go like lambs to slaughter?” — a question that transplants the responsibility for genocide onto its victims. Vietnam veterans called “baby killers” on return had significantly worse adjustment than veterans whose service was acknowledged. The cultural response to trauma is not neutral; it either compounds or begins to dissolve the self-blame at PTSD’s core.
MDMA acts, in Yehuda’s framing (quoting Stan Grof), as the brain’s equivalent of a telescope or microscope — it doesn’t change what is there, it allows you to see a level deeper than ordinary consciousness permits. The first layer visible to ordinary awareness is “how did I let this happen?” MDMA gets past it to the layer underneath: “I had no other options; I survived because I did the only thing possible.” It also allows the MDMA-induced state of calm to reduce the fear of approaching traumatic material in the first place, potentially facilitating something like fear extinction in the amygdala — studies show MDMA specifically dampens amygdala hyperactivity when PTSD patients are exposed to trauma reminders.
MDMA-assisted therapy is not passive. The current FDA clinical-trial protocol is a three-month commitment: three 90-minute preparation sessions, three full medicine sessions (described as “the most challenging therapy sessions of your life”), plus integration sessions afterward — 12 psychotherapy sessions in total. A patient who approaches it expecting a passive cure will likely avoidant-use the altered state the same way they avoid the trauma in daily life, and not benefit.
Epigenetic changes on stress-receptor genes appear to be a core biological mechanism for why trauma’s effects persist. People with PTSD show lower cortisol levels (opposite to acute-stress profiles), which correlates with a failure to shut off the stress response. Molecular changes on these receptor genes can alter their function long-term — not genetic mutation, but a change in how genes are regulated. Crucially, epigenetic marks survive cell division, making them durable across the body’s entire regeneration cycle.
Intergenerational epigenetic effects are real but widely misunderstood. Yehuda’s work on adult children of Holocaust survivors found epigenetic changes on stress-related genes in the same locations as in the survivors themselves — without those children directly experiencing the Holocaust. She is explicit that this is not “inherited trauma”: it may represent an adaptive mechanism transmitting calibrated threat-alertness to the next generation (e.g., heightened sensitivity to antisemitism), which is functional when antisemitism resurges and maladaptive when it doesn’t.
Animal research (Emory University, not Yehuda’s lab) provides a mechanistic proof of concept: male mice conditioned to fear cherry blossoms (via electric shock) passed that fear and corresponding epigenetic changes in brain and sperm to offspring — offspring who were never shocked. Critically, when fear extinction was performed on the conditioned father before mating, his offspring did not inherit the epigenetic changes. This suggests successful treatment may not only heal the patient but interrupt transmission to the next generation.
PTSD is not primarily a fear disorder, and treating it as one is a partial error. Guilt, shame, and deep self-blame are equally central — and may be causally upstream of the over-consolidated fear response. MDMA therapy is deliberately non-directed: therapists are trained to follow wherever the patient goes, including to childhood events or post-trauma injustices that have nothing to do with the indexed trauma. One veteran told Yehuda that the systemic racism he experienced after returning from war was more damaging than anything that happened in combat — a reminder that the post-trauma social environment is as clinically relevant as the event itself.
Quotable:
“What most people find when they really go into a deep state where they have empathy and when they are in the presence of therapists that can help them process the traumatic experience is that they actually were heroes — that they survived something that was designed to kill them or hurt them and that they did so as best as could be expected.” — Rachel Yehuda on what MDMA-assisted therapy reveals
‘Lenny’s Newsletter’ via PubsforSubs · email · 11 mins
The biggest risk of company-wide “vibe coding” rollouts isn’t productivity — it’s security and duplication. When Alice Roussel’s team moved to AI-first development with 100+ people using Claude Code independently, two colleagues built nearly identical campaign dashboards without knowing it. More seriously, Aaron Nichols flags that supply chain attacks on AI-assisted desktop builds are “a huge risk right now” — unsanitized dependencies, exposed credentials, and no standard for distributing security practices across builders who’ve never shipped production code before.
Shared context infrastructure is the unlock for teams using AI tools in parallel. Nichols describes making all AI conversations “transcribed and available centrally to agents,” combined with a shared, agent-accessible space for documentation, strategy, and principles. Without this, individual AI sessions are siloed — agents can’t build on each other’s work, and duplicate efforts compound. His team built their own collaborative review UI because nothing off-the-shelf (Google Docs, Notion) works cleanly with agents yet.
A “build → friction → fix” loop is more effective than top-down AI process mandates. Marshall advocates naming friction explicitly after each build cycle and using Claude itself to resolve it — iterating until workflows emerge organically. Alice Roussel’s practical takeaway aligns: rather than enforcing process, create shared foundations (product context, design system, reusable components in .md files) and light collaboration norms (when to build alone vs. consolidate), plus dedicated “playground sessions” to onboard laggards. Priya Mathew Badger’s team runs quarterly AI learning days for exactly this.
Interview processes grow longer without getting more predictive because interviewers lack explicit evaluation frameworks. Dana Daniele’s question surfaces a structural problem: more rounds and more panelists collecting “vibes” does not equal better signal. Daniel Heo-Lu’s solution: a scorecard with tiered criteria (bad/good/good-for-senior-IC), plus 3 “stem” questions with optional follow-up probes for a 45-minute interview — mandatory stems ensure consistency, probes allow depth. Miroslav Pavelek adds that calibration comes from shadowing + comparing scorecards until junior interviewers align with senior ones before going solo.
Leadership offsites fail when they substitute fake activities for real work and lack a neutral facilitator. Joshua Herzig-Marx: “If a ski team went sledding to improve their performance — fun? Sure. Actually improving performance? Not at all.” The fix is practicing real work with explicit plan/do/review cycles. Aaron Nichols adds that most offsites also lack pre-work to define the one challenging outcome the team can’t reach when not in the same room — and without a facilitator who has no stake in the discussions, no one can hold the agenda when conversations run long.
Offsite structure matters: mixing bonding, vision, and alignment in the same sessions undermines all three. Ashwin’s formula that has worked in practice: fly in Monday (casual drinks), Tuesday for cross-executive org alignment, Wednesday for team bonding activities, Thursday for vision crystallization, Friday morning presentations then travel. Separating the modes across distinct days prevents the diffuse, unfocused sessions that characterize most offsites that try to accomplish everything at once.
Quotable:
“If you are an org where people feel like it’s more important to deliver than to learn these tools, then it can be challenging. There needs to be some space available for learning, exploring, and having ‘lost work’ to that.” — Aaron Nichols, on what kills AI adoption in companies
Andrew Ross Sorkin · email · 9 mins
The Trump Labor Department proposed a rule on March 30, 2026, that would open the $12 trillion 401(k)/defined-contribution market to private equity, private credit, real estate, and cryptocurrency — asset classes previously excluded as too risky, illiquid, or expensive for individual savers. The rule tells plan sponsors to evaluate any investment — traditional or alternative — on the same six criteria: performance, fees, liquidity, valuation, benchmarking, and complexity. Firms like Apollo, Blackstone, Blue Owl Capital, and KKR, which have lobbied for this access for years, celebrated.
The safe harbor the rule offers employers is weaker than advertised. It doesn’t grant immunity from lawsuits — plaintiffs can still win by showing the evaluation process was flawed or the outcome unreasonable. The 2024 Supreme Court decision eliminating the Chevron doctrine stripped courts of any obligation to defer to the Labor Department’s interpretation, meaning a judge can simply disagree that following the six-factor checklist satisfies ERISA’s fiduciary standard. Fred Reish, a retirement law attorney, says plaintiff lawyers will frame the rule as an attempt to “water down” ERISA.
Smaller employers that sponsor 401(k) plans typically rely on consultants for investment selection and lack the expertise to evaluate illiquid, opaque asset classes. The rule’s six criteria are hard to apply where assets aren’t publicly traded, valuations are subjective, and standardized benchmarks don’t exist. Barbara Roper, former director of investor protection at the Consumer Federation of America and ex-SEC senior adviser under Biden, warns that ordinary savers “will get the high-cost, lower-performing products — the ones that at best match public markets and at worst significantly underperform.” Ludovic Phalippou of Oxford’s Saïd Business School found both in 2020 and again in 2025 that private equity, net of fees, has merely matched public markets over the past two decades.
The timing is catastrophic for the rule’s proponents. Blue Owl Capital, among the firms best positioned to benefit, has seen its stock fall more than two-thirds from its peak and recently capped investor withdrawals from two funds amid a surge in redemption requests. KKR is down nearly half from its peak; Bitcoin is off roughly 40% from its high. Sen. Elizabeth Warren put the contradiction bluntly: “As cracks emerge in the private credit market, private equity returns fall to 16-year lows and crypto keeps tumbling, President Trump has decided now is the time to stick all of these risky assets into Americans’ 401(k)s.”
Employers face a genuine no-win dilemma. Skip the alternative assets, and they face pressure from workers who want them and from a president who ordered the change via executive order in August 2025. Add them and suffer losses, and the safe harbor may not prevent lawsuits. Jerome Schlichter of Schlichter Bogard — the St. Louis law firm that pioneered plaintiff suits over retirement plans — says employers will need to perform “a lot more due diligence” on alternatives precisely because they’re opaque. Rule comments close June 1, with a final version expected by year-end.
Quotable:
“As cracks emerge in the private credit market, private equity returns fall to 16-year lows and crypto keeps tumbling, President Trump has decided now is the time to stick all of these risky assets into Americans’ 401(k)s.” — Sen. Elizabeth Warren, the day the proposed rule was released
Bloomberg Weekend · email · 5 mins
Pakistan helped broker the temporary US-Iran ceasefire, signaling the rise of middle powers in a post-American regional order. Former Pakistani ambassador Maleeha Lodhi credits personal ties between Pakistan’s army chief and Trump for positioning Islamabad as a credible mediator. “The era of America’s dominance in the region is basically over,” she says — and the new world order resembles a jungle less governed by hierarchy than by shifting, overlapping alliances that are simultaneously more cooperative (on trade, climate, public health) and more dangerous (on security).
Prediction markets on platforms like Kalshi and Polymarket are expanding from politics into weather, with traders now placing bets on specific storms and temperatures. Climate scientists are skeptical that these markets improve forecasts — the core question is whether prices aggregate genuinely new information or simply redistribute money in zero-sum bets. One trader’s stated hope: “I would prefer to be societally useful” — an ambition that captures both the promise and the self-serving rationalization of the prediction-market boom.
Bloomberg’s Derek Wallbank trained for the Paris Marathon using ChatGPT as coach and nutritionist, feeding it years of exercise and diet data over six months — losing 20 pounds and receiving an immediately bespoke program. The experiment exposed AI’s fundamental ceiling: the system was impressive until it started hallucinating training metrics, revealing that fluency and accuracy are not the same thing at the edges of personalized, long-horizon tasks.
Quotable:
“I would prefer to be societally useful.” — a prediction market trader, on whether betting on weather events can do more than just redistribute money
Roula Khalaf · email · 4 mins
Trump issued a publicly stated ultimatum to Iran — reopen the Strait of Hormuz or face “the end of Iranian civilisation” — then, shortly before his own Tuesday deadline, announced a two-week ceasefire brokered by Pakistan. The FT reports Trump had been pressing Islamabad for weeks to bring Tehran to a pause; the deal reopens the waterway but stops well short of any durable settlement.
The ceasefire did not extend to Lebanon: within hours of the announcement, Israel struck 100 targets there in 10 minutes, killing at least 357 people and wounding more than 1,220 in what the FT calls one of the deadliest single bombing campaigns in the country’s history. Washington and Jerusalem insist Lebanon is outside the ceasefire’s scope; Pakistan and Iran dispute that reading, and Netanyahu has since authorised direct negotiations with Beirut under US pressure.
Iran immediately reasserted control of the Strait after the Lebanon strikes by halting oil-tanker passage and announcing it will charge up to $2mn per tanker in cryptocurrency for transit rights — a deliberate mechanism to recoup war costs and retain leverage over global energy flows. The ceasefire failed to alleviate the oil crisis, and the Islamabad talks opening today must still resolve the Strait’s permanent status alongside Iran’s nuclear and missile programmes.
Quotable:
“We started with Donald Trump’s wildly inappropriate ultimatum to Iran: reopen the Strait of Hormuz or face the end of Iranian civilisation.” — Roula Khalaf, FT Editor, on the week’s opening diplomatic move
Kyle Harrison from Investing 101 · email · 8 mins
Naval Ravikant’s “be yourself with passionate intensity” is necessary but incomplete. Your specific combination of knowledge, capability, and desire is unreplicable — no one can beat you at being you. But the framework breaks down the moment you don’t actually know who you are: without an internal filter, every career option looks equally plausible, and you’re a compass that doesn’t know where north is.
Paul Graham and Palmer Luckey appear to give opposite advice but are saying the same thing. Graham says follow your excitement — it’s a signal from your subconscious that you’re wired for something. Luckey says follow your talent — the #1 dream job for kids today is YouTuber, and telling an average, non-charismatic kid to chase that is a lie, not encouragement. The real question isn’t passion vs. skill; it’s whether you know yourself well enough to find where the two overlap.
Self-knowledge without relational awareness is just narcissism with a business plan. In Whiplash, Miles Teller’s character pre-emptively dumps his girlfriend because his drumming obsession will consume him — he knows what he wants but has zero framework for what he owes other people. Knowing yourself includes knowing what you need from others, what you owe them, and where ambition ends and humanity begins.
Pre-packaged identity frameworks — Enneagram, MBTI, attachment style, political tribe, diet, productivity system — are a dangerous shortcut. The more you outsource the question of who you are, the more you hand power to whoever is optimizing those frameworks, who is optimizing for the group, not for you. The Oracle doesn’t tell Neo he’s The One; she tells him the opposite. Real self-knowledge comes from the accumulated evidence of your own life: what you keep returning to, what you’re willing to suffer for, where interest, capability, and meaning converge into something that looks, from the outside, like obsession.
Quotable:
“Knowing yourself doesn’t mean knowing yourself in isolation. It doesn’t mean constructing a hermetically sealed identity and then demanding that everyone else accommodate it. That’s not self-knowledge. That’s narcissism with a business plan.” — on the Whiplash model of ambition
FT Weekend · email · 4 mins
Manosphere influencers hold power over teenage boys not through ideology alone but through a carefully constructed persona: the aspirational “older brother.” Simon van Teutem’s Weekend Essay argues they have cynically filled a gap — the real older brother who might have modelled adulthood — by promising a route out of adolescent insecurity that requires blaming women. Unlike an actual sibling, they are extracting substantial income from doing so.
Dubai’s hold on its immigrant workforce is a collective act of self-deception that the city has engineered by design. Rahul Bhatia, who grew up in the UAE, writes that Dubai “turned normal people into actuaries of their own fortune” — migrants perpetually recalculate their prospects, persuading themselves the pay-off is coming, which keeps the city’s economy running on optimistic deferral rather than honest accounting.
Quotable:
“turned normal people into actuaries of their own fortune” — Rahul Bhatia on why Dubai’s immigrants sustain the fiction that everything is fine
Alex Duffy / Playtesting · rss · 3 mins
A robust secondary market for AI training data has emerged and is accelerating. Reddit, Shutterstock, and News Corp are each making hundreds of millions annually licensing high-quality data to AI labs, with those contracts growing ~20% per year per their quarterly filings. News Corp’s CEO stated plainly: “We’re essentially an input company [for AI].”
Specialized data beats scale — a small model fine-tuned on fewer than 2,000 examples from real lawyers, bankers, and consultants recently outperformed all but the very best frontier models on corporate legal work. Because it uses an open-source base model, the company now only incurs inference costs, making it a fraction of the price of frontier alternatives.
Operational business data — Dropbox file counts, Zendesk ticket histories, enterprise workflows — has become a sought-after commodity. Mercor, which supplies training data to AI labs, reached a $10B valuation and was described as one of the fastest-growing companies in history before losing four terabytes of data to hackers in April 2026. Competitors Turing, Handshake, and SID.ai immediately began cold-outreach to founders to acquire that operational data and fill the gap.
Quotable:
“We’re essentially an input company [for AI].” — News Corp CEO, on the company’s data licensing strategy