AI Security Is Now a Token Spending Game

The AI development pace has not slowed down one bit. Three stories dropped this week that deserve your attention if you write code for a living: a government agency's first independent audit of an AI model's cyber capabilities, a popular AI coding tool going all-in on parallel agents, and a critical ML library finding a vendor-neutral home.

TL;DR: Claude Mythos Preview passed the UK AI Safety Institute's cyber evaluations, raising uncomfortable questions about the economics of AI security. Cursor 3 shipped a tiled agents window for running multiple AI assistants side by side. Safetensors joined the PyTorch Foundation, keeping its serialization format community-owned.

The UK's AI Safety Institute Put Claude Mythos Under a Microscope

Anthropic built an LLM so good at hacking that they did not release it publicly. Instead, critical software makers got early access through a program called Glasswing, giving them time to harden their systems. That model is Claude Mythos Preview, and the AI Safety Institute (AISI) just published their independent evaluation of it.

The results back up Anthropic's bold claims. On expert-level capture-the-flag challenges, Mythos Preview succeeded 73 percent of the time. No previous model could touch that difficulty tier before April 2025. But the real eyebrow-raiser is the scaling data.

AISI ran the model against a 32-step simulated corporate network attack called "The Last Ones," estimated to take a human 20 hours. Mythos Preview completed all 32 steps in 3 out of 10 attempts. More tokens consistently meant more progress. None of the models showed diminishing returns at the 100 million token budget tested.

This reframes security as a raw token expenditure problem. Defenders need to spend more tokens finding vulnerabilities than attackers spend exploiting them. It is a low-temperature lottery where the ticket price is compute cost.

Open source libraries benefit from this dynamic. When a corporation spends tokens hardening a widely-used OSS dependency, that security work benefits every user of that library. The tokens multiply across downstream consumers, which is why Karpathy's recent advice to "yoank" simple dependencies and reimplement them with AI coding agents starts to look shortsighted in the security context.

The implication for developer workflows is a three-phase cycle: develop, review, and harden. Anthropic already ships a code review product priced at $15 to $20 per review. Expect hardening to become a standard step in agentic pipelines.

Cursor 3 Ships Parallel Agents in a Tiled Layout

Cursor rolled out version 3 with a new Agents Window that lets you run multiple AI assistants side by side. The headline feature is tiled layout, which splits your view into panes so you can run and compare several agents in parallel without tabbing between them.

Voice input got a meaningful upgrade too. The new system records a full voice clip and transcribes it with batch speech-to-text, which Cursor claims is more reliable and accurate than their previous push-to-talk implementation. Press and hold Ctrl+M to dictate.

Branch selection in the empty state is a quality-of-life win. Previously, launching an agent from scratch defaulted to your current branch. Now you can pick a branch first and launch a cloud agent directly against it, cutting out the extra checkout step.

Bugbot, Cursor's automated code reviewer, learned some new tricks. It can now learn from pull request feedback, turning reaction patterns and reviewer comments into rules that improve future reviews. Teams and Enterprise users can also give Bugbot access to MCP servers for additional context during reviews.

The overall direction is clear: Cursor is betting that developers will want to run many agents at once, comparing outputs and orchestrating them like a team. The Agents Window is the interface for that workflow.

Safetensors Found a Vendor-Neutral Home

Safetensors, the serialization format that became the default for sharing model weights across the Hugging Face Hub, joined the PyTorch Foundation this week under the Linux Foundation.

The format launched in 2022 as a direct answer to pickle-based model files, which could execute arbitrary code on load. Safetensors uses a simple structure: a JSON header with a 100MB hard limit describing tensor metadata, followed by raw binary data. No code execution. Zero-copy loading with lazy deserialization.

Hugging Face built it to solve a real problem in open model sharing. Today tens of thousands of models across all modalities use it as their primary format. The team did not anticipate that level of adoption when they started.

The move to the PyTorch Foundation is about governance, not technology. The format, APIs, and Hub integration stay exactly the same for existing users. The change is that the trademark, repository, and governance now sit with the Linux Foundation instead of any single company. Hugging Face's two core maintainers remain on the Technical Steering Committee and continue leading day-to-day development.

The roadmap ahead includes device-aware loading so tensors go directly onto CUDA or ROCm without CPU staging, first-class tensor and pipeline parallel loading APIs, and formal support for FP8 quantization plus block-quantized formats like GPTQ and AWQ.

The big picture goal is PyTorch core integration. If Safetensors becomes the native serialization system for torch models, that eliminates another conversion step in the already convoluted ML deployment pipeline.

Sources: AI Safety Institute evaluation of Claude Mythos Preview, Drew Breunig's cybersecurity-as-proof-of-work analysis, Cursor changelog, Hugging Face Safetensors announcement