Sam: Cloudflare ran Anthropic's Mythos Preview across more than fifty of their internal code repositories. The model found exploit chains that earlier frontier models had missed — multi-step vulnerability sequences where you chain together individual weaknesses to get a meaningful attack. That's a harder problem than finding a single bug, and the gap between "found something" and "found nothing" there has real consequences.

Priya: Welcome to AI Revolution for Tuesday, May 19th, 2026. I'm Priya Nair.

Sam: And I'm Sam Kim. Today we're deep in Anthropic's week — Mythos Preview is everywhere, from Cloudflare's security infrastructure to briefings with central banks. We'll get into why domain-specialized models are pulling ahead of generalists in specific tasks, what Cursor's Composer 2.5 tells us about the economics of AI development tools, and a utility megamerger that's really a story about what it costs to power all of this. Let's get into it.

Priya: So let's start with Mythos and what Cloudflare actually found. When you say exploit chains — walk me through why those are specifically harder for a model to find.

Sam: So a single vulnerability is relatively tractable. You're looking at a bounded piece of code, you understand the input and output conditions, you identify where the assumption breaks. Models have gotten reasonably good at that. Exploit chains are different because the vulnerability is emergent. Step one might be a low-severity information disclosure. By itself, unremarkable. Step two uses that information to escalate privileges somewhere else. Step three uses those privileges to reach something sensitive. No individual step looks critical in isolation — you have to hold the whole chain in your head simultaneously and reason about how the pieces compose.

Priya: And that requires a kind of multi-hop reasoning that's closer to what a sophisticated attacker actually does.

Sam: Right. A human security researcher building a chain like that might spend days on it. The interesting thing with Mythos is that Anthropic apparently trained it specifically on security reasoning — this isn't a general-purpose model that happens to be good at code. It's specialized. And the Cloudflare result, which is a real production environment with real code, is a more meaningful signal than benchmark performance. They called the project Glasswing internally. Fifty-plus repos is a substantial surface area.

Priya: And then the second Mythos story is frankly stranger. Anthropic is briefing finance ministries and central banks on vulnerabilities in global financial infrastructure that Mythos uncovered.

Sam: I've been sitting with this one. It's genuinely unusual. An AI lab discovering systemic vulnerabilities and then doing sovereign-level disclosure briefings — that's a new thing. The responsible disclosure question here is thorny at scale. When you're talking about flaws that could affect financial infrastructure across multiple countries, the coordination problem is enormous. Who gets told first? In what order? What's the remediation timeline before the information is public?

Priya: And the fact that Anthropic is handling that coordination, rather than a government body or an established security firm with existing relationships — that's the part I keep returning to.

Sam: It raises real questions about what role AI labs end up playing. They're not a government. They're not a traditional security vendor. But if your model is generating this class of finding, you've got to do something with it.

Priya: There's also a practical implication here for how organizations think about their attack surface. If a specialized model can find chains that general frontier models miss, and those general models are already being widely deployed for security review — that's a gap that matters.

Sam: Exactly. Organizations using Claude 3 or GPT-5 for their security scanning and feeling good about the results should probably revisit that. Domain-specific models trained on security reasoning may be operating in a different capability tier for this task.

Priya: Which connects directly to Cursor's Composer 2.5 story. Different domain, same underlying dynamic.

Sam: Very much so. Composer 2.5 is built on Kimi K2.5 as the base, but Cursor trained it on twenty-five times more synthetic tasks than their previous model. It matches Opus 4.7 and GPT-5.5 on coding benchmarks, at meaningfully lower cost. The mechanism there is synthetic data amplification — you generate large volumes of structured training examples in the specific domain you care about, and the fine-tuning narrows the model toward exactly the capability distribution that matters for your use case.

Priya: The "fraction of the cost" part is worth unpacking though. Benchmark parity doesn't always mean equivalence in practice.

Sam: Fair point. Benchmarks for coding tend to be task-completion oriented — does the code run, does it pass tests. They're reasonable proxies but they're not exhaustive. Where general frontier models still have edges is in the messier, more contextual cases — large codebases with unusual conventions, cross-language reasoning, debugging that requires understanding intent rather than just syntax. Composer 2.5 is probably exceptional at the high-frequency coding tasks developers actually spend most of their time on. That might be enough for most users.

Priya: And it has real pricing implications for the industry. If specialized fine-tuning on synthetic data can close most of the gap with a general frontier model for a specific domain, you don't need to pay frontier inference prices for domain-specific workflows.

Sam: That's the economic pressure that's building. General-purpose frontier models are expensive to run. If domain-specialized models trained on synthetic data are viable at a fraction of the cost, there's a strong incentive to build and use them. We're going to see more of this pattern.

Priya: Okay, let's talk infrastructure, because the NextEra and Dominion story is important context for everything else we cover.

Sam: NextEra is pursuing an acquisition of Dominion Energy, and the explicit driver is data center power demand. This is the AI compute buildout becoming visible in the energy sector. Data centers are power-intensive in ways that are hard to overstate — a large GPU cluster running continuous inference draws hundreds of megawatts. Multiply that across the number of facilities being built, and you're reshaping regional grid demand curves.

Priya: And utility mergers at this scale take years and require regulatory approval. The fact that this deal is being structured around data center demand tells you something about how long infrastructure investors expect this buildout to continue.

Sam: It's also a consumer cost story. When utilities consolidate around large industrial customers, residential and small commercial customers typically absorb more of the fixed costs. The Ars Technica piece flags that bills are likely to rise. The compute buildout has externalities that don't show up in the price of an API call.

Priya: Quick note on the Anthropic-Stainless acquisition. Stainless built tooling that automates SDK generation and maintenance — the libraries developers use to talk to APIs. Their clients included OpenAI, Google, and Cloudflare.

Sam: Somewhat awkward now. SDK tooling is unglamorous but genuinely load-bearing. Every developer who calls the Claude API is going through an SDK, and the quality of that SDK shapes the integration experience significantly. Anthropic owning this capability in-house makes sense from a developer experience standpoint. What happens to the existing clients is the interesting question.

Priya: Before the looking ahead segment, let's do a quick hit on two more stories. Anthropic updated Claude Managed Agents with self-hosted sandboxes and MCP tunnels.

Sam: The meaningful change here is execution control. Previously, when Claude agents ran tools, that execution happened on Anthropic's infrastructure. Now enterprises can move that execution into their own environment. For regulated industries — finance, healthcare, defense — that's often a hard requirement, not a preference. Data residency requirements, audit obligations, security perimeters. MCP tunnels provide the secure channel between the agent and enterprise systems. Anthropic keeps the orchestration layer, which is the interesting boundary.

Priya: They're splitting the difference between "we control everything" and "you control everything." The agent brain stays with Anthropic; the execution environment can move to you.

Sam: And then the Agora-1 world model from Odyssey is worth a mention. They ran GoldenEye as a four-player simultaneous AI simulation. Two separate models — one for game state, one for rendering. The technical interest is the multi-agent state problem: four players acting concurrently with separate observations and independent state trajectories. That's meaningful for simulation environments used in robotics and multi-agent training, where you need interactive worlds that respond coherently to multiple agents at once.

Priya: And on the policy side — a conservative coalition called Humans First sent an open letter to President Trump calling for mandatory pre-deployment safety testing via executive order. The notable thing here is the coalition. AI safety advocacy has largely been associated with one part of the political spectrum. When you see pressure coming from multiple directions simultaneously, the probability of near-term federal action increases.

Sam: Agreed. The specific ask — executive order requiring mandatory safety testing before frontier model deployment — is a concrete policy instrument. Whether this administration acts on it is a separate question, but the political landscape for AI regulation is shifting.

Priya: So what are we watching from here?

Sam: The Mythos results are going to accelerate questions about what security tooling organizations should actually be using. If domain-specialized models find things that general models miss, security teams need to know which tier of tooling they're running. I'd expect Anthropic to face both commercial demand for Mythos access and policy pressure around how findings get disclosed.

Priya: The Composer 2.5 story is one to track for its implications on the model provider landscape. If specialized fine-tuning on synthetic data keeps closing the gap with general frontier models for specific domains, that puts pressure on the business case for using frontier models everywhere. We may be entering a period where the smart architecture decision is a portfolio of specialized models rather than one generalist.

Sam: And the energy infrastructure story is going to keep getting more significant. Every capacity constraint in the power grid is eventually a constraint on compute availability. The data center buildout is now large enough to move utility M&A. That's not a small thing.

Priya: That's Tuesday, May 19th. Show notes and links to all of today's stories are at cleartext.fm. We'll be back tomorrow.

Sam: See you then.