The Lyceum: AI Daily — Mar 28, 2026

Anthropic's most powerful model leaked through an unlocked door — literally, a CMS default that left 3,000 internal documents publicly searchable — and now the Pentagon is using the company's own safety warnings as ammunition against it. Meanwhile, a Chinese lab just shipped a coding model trained on zero Nvidia chips that scores 94.6% of Claude Opus 4.6 on the same benchmark, and OpenAI's $200/month "unlimited" subscribers are discovering the limits of unlimited. The frontier is getting crowded, the edges are getting sharp, and the infrastructure underneath all of it — power grids, chip supply chains, billing systems — is straining visibly.

Nobody broke in. A default CMS setting automatically made uploaded files public, exposing nearly 3,000 internal documents — including a draft blog post naming an unreleased model called Claude Mythos (internal codename: Capybara). The draft described it as "larger and more intelligent than our Opus models," with "dramatically higher scores on tests of software coding, academic reasoning, and cybersecurity" compared to Claude Opus 4.6, according to Fortune's exclusive reporting.

Anthropic confirmed the model is real. A spokesperson called it "a step change and the most capable we've built to date," and said it is currently available to early-access customers. The leaked draft also warns that Mythos is "currently far ahead of any other AI model in cyber capabilities" and "presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders," per The Decoder's reporting.

Anthropic says it will release Mythos first to cyber defense organizations before broad availability. If this rollout works, it becomes the template for how labs release dangerous-capable models. If it doesn't — if the model leaks again, or if the "defenders first" window proves too short — every future safety-gated release loses credibility. Watch whether Anthropic names a release date within three weeks; that window will be a signal of how tightly the company retains control over the rollout.

Beneath the model capabilities story is a political fight that may matter more long-term. The Department of Defense has been pushing to use Anthropic's models for applications the company explicitly restricted — domestic surveillance and fully autonomous weapons. A judge temporarily blocked the DoD from designating Anthropic a security risk, but the Mythos leak landed squarely in that fight.

A senior Defense Department official, whom Gizmodo reported has financial ties to Anthropic's competitors, posted "Umm…hello? Is it not clear yet that we have a problem here?" after the leak. That official has been publicly calling Anthropic CEO Dario Amodei a "liar" with a "god complex" for weeks, and is now treating the breach as proof Anthropic can't be trusted with its own models.

What you're watching is a courtroom dispute about military AI being refought in the press using a leaked safety document — about a model that hasn't shipped yet. If the judge's temporary block holds through the main hearing, Anthropic wins the legal round. But the Pentagon doesn't need to win in court if it wins in public and legislative opinion. The signal to watch: whether lawmakers propose statutory requirements for government access to frontier models that reference "unsecured AI capabilities."

Zhipu AI (Z.ai) released GLM-5.1 on March 27, claiming a coding score of 45.3 — equal to 94.6% of Claude Opus 4.6's 47.9 on that benchmark — measured using Claude Code as the evaluation harness. That's a 28% jump over GLM-5 in six weeks. The entire model family was trained on 100,000 Huawei Ascend 910B accelerators with zero Nvidia hardware, per Z.ai's documentation.

These benchmarks are self-reported and unverified by independent labs — treat the raw numbers as preliminary. But the directional signal is hard to dismiss. The GLM Coding Plan starts at $3/month for 120 prompts, with API pricing at $1.00 per million input tokens — well below Western frontier pricing. Z.ai is reportedly teasing open weights for early April, which would flood the local-inference ecosystem with another strong Chinese model.

If GLM-5.1's numbers hold under independent evaluation, they would support arguments that U.S. export controls on Nvidia chips accelerated domestic alternatives rather than stopping progress. If they don't hold, it's still a pricing story: a frontier-adjacent model at a fraction of the cost, trained on sanctioned hardware, publicly traded in Hong Kong. Either way, this is what a parallel AI ecosystem looks like when it's working. Early community reaction is mixed — some users are calling the safety tuning "lobotomized" — which tells you the capability-versus-control tradeoff is already being stress-tested in the field.

If AI agents are going to write code for us, they need somewhere to ask questions too. Mozilla AI unveiled Cq, an open platform where coding agents — not just humans — can post problems, share verified fixes, and build shared memory. The design includes multiple trust tiers (local, organizational, global) and a confidence score that rises as solutions get validated by both agents and humans.

The pitch: instead of every Cursor or Claude Code instance rediscovering how to set up Django auth from scratch, an agent consults Cq's structured recipes. If major IDEs adopt it, Cq becomes infrastructure for agentic coding — the npm of agent know-how. If they don't, it stays a niche community site. The signal to watch is whether Cursor, GitHub Copilot Workspace, or Claude Code announce native Cq integration in the next quarter.

The security question is obvious and unresolved: a centralized knowledge base that agents trust is also a centralized attack surface for prompt injection and supply-chain poisoning. Mozilla plans human-in-the-loop verification early on, but scaling that is the hard part.

The theoretical problem became a present-day bottleneck this week. According to the Los Angeles Times, the strain on U.S. power grids from new data center construction is forcing conversations that were recently unthinkable: asking giant data centers to scale back power usage during peak demand. Data centers could consume up to 17% of all U.S. electricity by 2030, up from roughly 4–5% as of 2026.

Microsoft illustrated the scramble for power by taking over a Texas AI data center expansion that OpenAI backed away from — two huge buildings plus a 900-megawatt power plant next to OpenAI's own campus in Abilene, pushing the site to 2.1 gigawatts total. That's enough electricity for a mid-sized city, and it makes Microsoft OpenAI's direct infrastructure neighbor and compute rival.

If power-flexible data centers and grid modernization keep pace, AI expansion continues on schedule. If they don't, access to electricity becomes the primary constraint on who can train frontier models — reshaping the geography of AI development more than any export control could. A Duke University study suggests flexible data centers could save $40–150 billion in grid investment over the next decade, which tells you the incentives are there. Whether utilities and regulators move fast enough is another question.

Google Research's TurboQuant paper isn't just a paper — it moved markets. The technique compresses KV caches (the memory structures that let language models "remember" earlier parts of a conversation) by roughly 6x and accelerated attention computation by up to 8x on Nvidia H100s in Google's tests, per Zacks. Memory stocks sold off on the session as investors priced in lower future demand for high-bandwidth memory. Morningstar confirmed the chip-stock pressure.

Meanwhile, a developer on r/LocalLLaMA implemented a related optimization in llama.cpp — the engine powering most local LLM inference — that skips 90% of KV dequantization work, claiming 22.8% faster decode speed at 32K context on an M3 Max MacBook in that benchmark. Tom's Hardware covered the underlying research.

If these techniques generalize to production, they change the economics of both cloud inference (cheaper) and local inference (actually usable at long contexts). A whole class of "this only works in the cloud" applications suddenly works on a laptop. The llama.cpp implementation is a single developer's branch, not yet merged — treat it as promising, not production. But 652 upvotes from practitioners who actually run local inference is the strongest leading indicator it'll land.

While Washington argues about national AI policy, Idaho Governor Brad Little signed an AI education bill that doesn't ban tools like ChatGPT — it tells schools to lean in, with guardrails. The law directs the state board of education to create AI guidelines for K-12 and higher ed, encourages teaching students responsible AI use, and pushes districts to train teachers rather than leaving them to improvise.

This matters because most AI regulation so far has targeted data centers, copyright, or deepfakes. Idaho is one of the first U.S. states to codify "AI literacy" into education policy. If other states copy this playbook, a high-schooler in Boise treats AI like a calculator while a peer elsewhere is technically cheating for the same behavior. The next thing to watch: which curriculum providers and edtech platforms win the first statewide AI-in-classroom contracts, because those choices tend to stick for a decade.

A CMS checkbox left on default exposed the most dangerous model in the world, a $3/month Chinese subscription is chasing a $200/month American one, and someone's MacBook just got about 22.8% faster in that benchmark because a developer on Reddit decided to skip some math. The most advanced cybersecurity AI on the planet was undone by the digital equivalent of leaving your diary on a park bench — which is either a cautionary tale about hubris or the most Anthropic thing that has ever happened. Back Monday.

If someone you know is building on these models, billing against these APIs, or teaching kids who'll inherit all of it — forward this their way.