Eleven major corporations stepped behind a digital velvet rope this week as Anthropic deployed its Claude Mythos model for an exclusive circle of partners. The consortium, known as Project Glasswing, includes JPMorgan Chase and CrowdStrike, who are using the autonomous AI to hunt for vulnerabilities in the world's code. It is a premium security club that the rest of the internet cannot afford to join.

While the elites secure their perimeters, the masses are being fed what researchers call "unvetted slop." A North Korean APT has been spotted using "slopsquatting"—a technique that targets the fake dependencies that AI coding agents often hallucinate. These malicious packages are being injected into the software supply chains of ordinary companies that lack the millions required for a Glasswing subscription.

"The software that nobody has been looking at—proprietary binaries, embedded firmware—carries a far larger and more dangerous accumulation of undiscovered vulnerabilities," Infosecurity Magazine noted this week. Montreal-based Boost Security just raised $4 million to fight this new frontier of SDLC defense, but the gap between the gated hubs and the hollow states is widening.

The irony is that while Glasswing cleans the penthouse of the internet, the pedestrian alleys are flooding with unvetted slop; the same intelligence that secures a billionaire’s portfolio is currently teaching a bot how to poison a school district’s server.