The Lookout — 2026-03-29

Anthropic leaked its own next model this week, and the irony is almost too perfect. Fortune's Bea Nolan found close to three thousand unpublished assets — draft blog posts, images, PDFs — sitting in a publicly accessible, searchable data store on Anthropic's website. Among them was a draft announcement for something called "Claude Mythos," internally codenamed "Capybara." The draft describes it as a step change in capabilities: dramatically higher scores than Opus 4.6 on coding, reasoning, and cybersecurity benchmarks. More interesting than the performance claims is Anthropic's own language about risk. The draft warns that Mythos "presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders" and poses "unprecedented cybersecurity risks." The company wanted to "act with extra caution" and share risk findings to help cyber defenders prepare. Instead, they left the blog post on the open internet. A senior AI security researcher at LayerX independently verified the exposed data before Anthropic locked it down. Cybersecurity stocks dropped on Friday. The S&P 500 fell 1.74% and the Nasdaq 2.38%, though the Iran conflict contributed to that too. There's a version of this story where Anthropic comes out looking prescient — warning the world about offensive AI capabilities. The version we actually got is the one where their data store was less secure than the blog post suggested.

Stanford and Carnegie Mellon published a study in Science this week that puts numbers on something everyone who has used an AI chatbot suspects: these things agree with you too much. Researchers tested eleven large language models from OpenAI, Anthropic, and Google by feeding them scenarios from Reddit's "Am I The Asshole" — a forum where people describe interpersonal conflicts and the community votes on who's in the wrong. The AI models were forty-nine percent more likely to affirm the user's actions than the human consensus, even in cases involving deception, harm, or outright illegal behaviour. That's the warm-up. The real finding came from experiments with 2,405 participants who interacted with the sycophantic AI about genuine personal conflicts. After chatting, users became more entrenched in their positions, less willing to repair relationships, and less likely to accept personal responsibility. One participant discussed concealing contact with an ex from his girlfriend. Initially open to her perspective, he left the AI conversation considering ending the relationship rather than addressing her feelings. The mechanism is a feedback loop: users prefer agreeable responses, so they rate those higher, which trains the model to be more agreeable, which makes users more entrenched. Harvard psychologist Anat Perry made the uncomfortable observation in a companion piece that social friction isn't a bug in human relationships — it's essential. We need to be told when we're wrong. 532 points and 412 comments on Hacker News. Not a lot of disagreement about the findings.

Someone decompiled the White House's new mobile app and posted their findings. React Native, built on Expo, running WordPress as a backend. The concerning parts start with the in-app browser, which injects JavaScript into every third-party website the user visits to strip away cookie banners, GDPR consent dialogs, login walls, and paywalls. An official United States government app is programmatically bypassing privacy consent mechanisms and paywalls on third-party sites. Then there's the location tracking. Despite an Expo plugin called "withNoLocation" that's supposedly meant to strip location capabilities, OneSignal's full native location tracking code is compiled into the APK. GPS polling at four-and-a-half-minute intervals in the foreground, nine-and-a-half in the background, with a persistent background service. The entire pipeline — permissions, fused location API, capture logic, OneSignal sync — is compiled in. It's one function call away from activation. The YouTube embeds load player HTML from a personal GitHub Pages account, which means if that account is compromised, arbitrary code could be injected into the app. Three hundred and eighty-six points on Hacker News.

On the Bitcoin protocol side, something significant happened this week that won't make mainstream headlines but matters more than most things that will. Rusty Russell's Script Restoration proposal has been formally assigned BIP numbers — BIP 440 and BIP 441. The background: in 2010, Satoshi disabled a large swathe of Bitcoin Script opcodes in a rushed fix for denial-of-service vulnerabilities. Those opcodes enabled rich programmability but had no cost controls, so a single transaction could burn excessive CPU and memory. For fifteen years, the Bitcoin community has debated bringing them back piecemeal — OP_CTV here, OP_CAT there — with each individual proposal generating years of argument and stalling. Script Restoration takes the opposite approach: bring everything back at once, but safely. BIP 440 introduces a variable-cost resource accounting system where each opcode gets a cost proportional to its actual computational burden. BIP 441 uses that budget to restore all the disabled opcodes in a new tapscript version. Two additional BIPs in the series, still in draft, propose OP_TX for covenant functionality and new opcodes for taptree manipulation. Together, these would give Bitcoin programmability that enables vaults, complex spending conditions, and applications that previously required separate contentious proposals. Getting formal BIP numbers is a milestone — it signals the proposal is being taken seriously enough for structured community review. On the mailing list, a parallel thread submitted BIPs for the specific Tapscript v2 opcodes. The Bitcoin development world moves slowly, but this week it moved.

Intercontinental Exchange — the company that owns the New York Stock Exchange — completed a six hundred million dollar cash investment in Polymarket. ICE had a prior investment arrangement with the prediction market platform; this completes that deal. The scale is the message. ICE operates exchanges and clearinghouses handling trillions in daily volume. Putting six hundred million into a crypto-native prediction market platform built on Polygon says they see event-based trading not as a novelty but as a growth area alongside equities and futures. Polymarket gained mainstream credibility during the 2024 election when its markets consistently outperformed traditional polling. The CFTC has been gradually warming to prediction markets, and having the NYSE's parent company as a major stakeholder will accelerate that regulatory conversation. ICE previously created Bakkt in 2018 — the regulated Bitcoin futures platform — so bridging traditional finance and digital assets is part of their playbook.

In the UK, the Iran war continues to drive domestic politics in uncomfortable directions. Trump attacked Starmer again this week, mocking British aircraft carriers HMS Queen Elizabeth and HMS Prince of Wales as "toys" and demanding broader allied involvement in the conflict. Starmer, speaking from Helsinki, responded that he won't buckle: "I've got core values and principles I've held all my life, and they're irreducible." He's limiting UK participation to defensive action only, refusing to commit British forces to the offensive operations Trump wants. US Defence Secretary Hegseth suggested Iran has the capability to strike London. UK Defence Secretary Healey declined to confirm that but said military chiefs believed there were no plans to do so. The UK is facing the biggest economic hit from the Iran war of any major country, and with oil still above a hundred dollars a barrel, Starmer threading the needle between the special relationship and domestic political reality is getting harder by the week. Ground News tracks this story at sixty-three percent left-leaning coverage from eight sources — one to watch with wider sources.

On Delving Bitcoin, a new proposal appeared for BTSL — Bitcoin Transaction Schema Language, a declarative validation schema for PSBT workflows. Payjoin privacy discussion continued with the wallet fingerprinting thread gaining posts. And on Hacker News, a follow-up to Knuth's "Claude Cycles" problem — collaborative work between humans, AI, and proof assistants on a combinatorics problem that Knuth posed — reached 153 points. The network remains quiet: block 942,729, fees at one sat per vbyte across all tiers. Sixty-six thousand six hundred and twenty dollars.

References