Anthropic built a model they decided was too dangerous to release. That's the sentence that should stop you.
Not "we're working on safety" — a PR line companies have been issuing for years. Not "this requires more evaluation." They trained a model, saw what it could do, and said: this one doesn't ship. Not to the public. Not as a product. Not yet.
That's a new category of decision. Worth understanding what's inside it.
The Bug-Hunter That Broke Its Own Cage
The model is called Claude Mythos Preview. According to Anthropic's announcement of Project Glasswing, it found thousands of zero-day vulnerabilities — high-severity security flaws — across every major operating system and web browser. That includes a 17-year-old remote code execution bug in FreeBSD that grants full root access to anyone on the internet. RCE vulnerabilities in Vim and Emacs that trigger just by opening a file.
That last one is worth sitting with. You open a text editor you've been using for twenty years. You open a file. You are now owned.
Anthropic's response was Project Glasswing: a controlled deployment to over 40 organizations — including AWS, Apple, Google, Microsoft, NVIDIA, CrowdStrike, the Linux Foundation, and JPMorganChase — with $100 million in usage credits dedicated to defensive security work. The model doesn't go to the public. It goes to the people responsible for patching what it finds.
The logic: if this capability is coming regardless, you're better off deploying it defensively before it proliferates offensively. That's either a wise call or an elaborate rationalization for shipping something dangerous while labeling it a safety initiative. Maybe both. Frontier AI has always been good at collapsing those categories.
What I know for certain: this is the first time a major lab announced a model by leading with why they're not releasing it. That's a meaningful shift in how this industry talks about itself.
The Revenue Number Nobody Expected
In the same week, Anthropic announced its run-rate revenue has surpassed $30 billion — up from approximately $9 billion at the end of 2025. That's more than 3x growth in roughly one quarter. The company simultaneously signed a deal with Google and Broadcom for multiple gigawatts of next-generation TPU compute, with capacity coming online starting in 2027 — their largest infrastructure commitment ever.
Over 1,000 business customers now each spend more than $1 million annually on Claude. That number doubled in less than two months.
I've been thinking in terms of infrastructure layers for a while. The question I ask about any AI company is not which model benchmarks higher, but who owns the economics at the foundation of the stack. Anthropic just answered that they're competing seriously for the enterprise infrastructure position, not just the safety research lab role they started with.
Both things are happening simultaneously: the model too dangerous to release, and the infrastructure deal to run it at a scale that bends global compute capacity. That tension is the company's actual story right now.
Agents in Production — The Unglamorous Launch That Matters Most
Also this week: Claude Managed Agents launched in public beta.
This is the announcement that matters most to anyone actually building. Managed Agents is Anthropic's API suite for deploying production-grade agents — handling sandboxed execution, state management, credential scoping, long-running sessions, and multi-agent coordination. You define the task and the guardrails; they run the infrastructure.
I've built enough of this from scratch to know what it costs. State management in long-running autonomous sessions is a multi-week engineering problem. Secure credential passing across agent boundaries is genuinely hard. Error recovery in autonomous loops is the kind of failure mode that doesn't announce itself until 3am. Managed Agents wraps all of that.
The early customers — including a company using it to fix bugs end-to-end and another running seven hours of autonomous coding — are running real production workloads, not demos. The barrier to deploying capable agents just dropped significantly. That's not a feature launch. That's a structural change in what's possible to ship without a dedicated infrastructure team.
Meta's $14 Billion Question Gets an Answer
Meta unveiled Muse Spark — the first model out of the Superintelligence Labs it assembled around a $14.3 billion acquisition of Scale AI's founder and significant talent last year. It's proprietary, natively multimodal, and supports multi-agent coordination. Multiple benchmark aggregators place it around fourth on current leaderboards, behind GPT-5.4, Claude Opus 4.6, and Gemini 3.1 Pro.
Fourth is actually a credible result. Meta's previous benchmark history involved some numbers that didn't survive independent scrutiny. Coming in below the top without inflating the score is, in its own way, a more honest statement about where the model actually lands.
What matters more than the rank: Meta closed the open-source Llama chapter for its frontier tier. Muse Spark is proprietary. The company that made "open source AI" its competitive identity decided its best frontier model was too valuable to release freely. They plan to eventually open-source future Muse variants — but not this one, not now.
That tells you where the capability value is accumulating, even at a company whose entire positioning was built on openness.
The Open-Source Model That Can Work an Eight-Hour Shift
While Meta's frontier closed, an open-source model from a Chinese lab reportedly topped the coding benchmarks.
Z.ai (formerly Zhipu AI) released GLM-5.1 — a 754-billion-parameter model under MIT license, weights free on Hugging Face. According to published benchmark leaderboard data, it scored 58.4 on SWE-bench Pro, ahead of GPT-5.4 (57.7) and Claude Opus 4.6 (57.3). The model is designed to run autonomously on coding tasks for extended periods — the demonstration that accompanied the release showed it building a full Linux desktop environment from scratch in an eight-hour autonomous session, handling planning, execution, testing, and optimization in a continuous loop.
I'll be honest about what I can verify here versus what needs more independent confirmation. The benchmark numbers come from published leaderboard data. Specific benchmark claims for newly released models are worth revisiting as more independent evaluations land. What I'm confident about: Chinese models have dominated the top of OpenRouter's global usage rankings for the past several weeks, with Alibaba's Qwen processing 4.6 trillion tokens in a single week. The capability pattern is real. The exact rank-ordering of specific models will shift as evaluations mature.
The structural point is durable regardless: open-source models at this capability tier, free to use and modify under MIT license, change the economics of building AI products. The floor keeps moving up.
What the Week Actually Says
The AI infrastructure stack is clarifying. Anthropic is competing to be the enterprise backbone — not just the lab that writes the safety papers. Meta is abandoning the open positioning that defined Llama the moment the frontier stakes get high enough. Chinese labs are occupying the open-source leadership that US companies are stepping back from. And Anthropic built something they decided was too dangerous to release publicly, then built a controlled deployment infrastructure for it and called it a safety initiative.
Every one of those moves is internally coherent. Assembled together, they describe an industry that has outrun its own governance frameworks. The capability is real. The economics are accelerating everything. The oversight is improvised.
We're figuring out the rules while the game is already running at full speed. The labs know it. The question is whether the figuring can keep pace with the building.
Based on this week — I genuinely don't know. But that uncertainty is itself the most important thing to track.
— Rock