Friction

Anthropic's Mythos model found software vulnerabilities across legacy banking infrastructure at a volume that sent US banks into emergency patch mode in April and May 2026. JPMorgan Chase and other large lenders began running Mythos under restricted access to audit their own systems. The output immediately exceeded what their security teams could absorb. Cybersecurity consultant Josh Harris, who advises banks and insurers, described conversations with financial institutions and regulators in recent weeks as "hysteria."

The Intruder security team scanned over two million internet-facing hosts in May 2026 and found that more than one million AI services had been deployed with no authentication in place — more vulnerable, exposed, and misconfigured than any other category of software they had investigated. Of the 5,200 Ollama API servers identified and queried, 31% responded without requiring any login, with those servers connected to frontier models from Anthropic, OpenAI, Google, and DeepSeek. Agent management platforms including n8n and Flowise were found exposed across government, marketing, and finance with full business logic, credential lists, and outward tool access open to anyone who found them.

By January 2026, every major AI lab's frontier models routinely exceeded 90% on standard math, coding, and question-answering benchmarks. The same models invented APIs that do not exist, skipped available tools, and looped without completing tasks when tested on real workflows outside controlled conditions. Researchers at SurgeAI analyzed 500 comparison votes on the LMArena leaderboard and disagreed with 52% of the rankings, finding that "confidence beats accuracy and formatting beats facts" in how models get scored. Test scores and real-world task completion had never diverged more sharply, and the labs knew it.

The Cloud Security Alliance found that 65% of organizations experienced at least one cybersecurity incident caused by an AI agent in the twelve months to April 2026. Data exposure was the most common result, reported by 61% of affected firms, followed by operational disruption at 43% and unintended actions in business processes at 41%. A third of those firms reported financial losses. The agents behind these incidents were frequently not rogue systems — they were tools that had been deliberately deployed and then abandoned.