Jordan: Anthropic built an AI model that found thousands of vulnerabilities hiding in major operating systems and browsers — some of them sitting undetected for nearly thirty years. Then they decided not to release it. Let that sink in for a moment.

Alex: This is Cleartext. I'm Alex Chen. Thursday, April 30th, 2026. Today we're covering a lot of ground — AI agents breaking identity frameworks, the US government drawing a line on Chinese AI theft, a supply chain attack inside the SAP ecosystem, a destructive wiper hitting Latin American energy infrastructure, and a critical cPanel zero-day that's been exploited in the wild for months. Jordan, let's get into it.

Jordan: Let's start with the Anthropic Mythos story because the implications are significant and I don't think the security community has fully processed them yet. Anthropic built this model, Mythos, watched it discover thousands of previously unknown vulnerabilities across major operating systems and browsers — flaws that had been sitting dormant for up to three decades — and then said, we're not putting this in the world. That's a responsible decision. But the decision itself tells you everything about where we are.

Alex: Right. The responsible disclosure isn't the story. The capability is the story. Because if Anthropic got there, others are getting there. And some of those others are not going to make the same call.

Jordan: Exactly. And the CyberScoop piece frames this correctly — the deeper problem is that AI agents are creating a category of non-human identity that existing IAM frameworks simply weren't designed for. We're not talking about a service account you provision once and forget. We're talking about autonomous agents making decisions, calling APIs, accessing systems, spawning other agents. The identity surface area is expanding in ways that aren't being tracked.

Alex: This is the conversation I've been having with peers for six months. Most organizations can't give you an accurate inventory of their human identities, let alone machine identities. And now we're adding agents that can act autonomously, that can inherit permissions, that can operate across trust boundaries — and nobody's governing that. The Cisco move to acquire Astrix starts to make more sense in this context. If the rumored $250 to $350 million acquisition goes through, it signals that Cisco sees non-human identity as a tier-one security category, not a niche problem. That's validation worth noting when you're going to your board asking for budget to address identity sprawl in your agentic environment.

Jordan: And for listeners who are already deploying AI agents in any capacity — pilots, internal tools, copilots with elevated access — the question you need to be asking right now is: who governs the identity lifecycle of that agent? What credentials does it hold? What can it access? How do you revoke it? If you can't answer those questions, you have a gap.

Alex: Let's pivot to the geopolitical thread because there are two converging stories here. The US government is formally stepping in to address what the intelligence community is calling distillation attacks — Chinese AI labs extracting the capabilities of frontier models by querying them at massive scale. You ask the right questions, in the right sequence, you can reverse-engineer what makes a model powerful without ever touching its weights.

Jordan: It's model theft through the API. And it's elegant, which is why it's a problem. The countermeasures are hard. You can rate-limit, you can detect anomalous query patterns, but at scale, with sophisticated adversaries rotating through different access vectors, this is not a solved problem. The US government stepping in suggests the commercial ecosystem hasn't been able to contain it on its own.

Alex: The second thread is the botnet shift among Chinese threat actors. Broad adoption of botnet infrastructure for operations. Attribution becomes dramatically harder. Detection becomes harder. But the flip side — and the Risky Biz write-up makes this point — is that botnets are also more disruptible. Authorities can seize nodes, take down infrastructure. So there's an enforcement opportunity embedded in the problem.

Jordan: For defenders, though, the immediate practical implication is this: if you're hunting for nation-state activity in your environment using traditional IOC-based attribution, you're going to miss more. Botnet traffic blends. You need behavioral detection, anomaly-based approaches. The signatures aren't going to save you.

Alex: Now let's talk about Lotus Wiper, because this is a pattern that matters regardless of geography. Destructive wiper malware, living-off-the-land techniques, targeting Venezuelan energy firms and utilities. No flashy custom tools. Just the operating system's own capabilities turned against itself.

Jordan: LotL-based wipers are specifically hard to detect because you're looking for legitimate tools doing illegitimate things. The forensic trail is designed to look like normal system activity until it isn't. Energy sector CISOs specifically — your detection logic needs to account for this. If you're not running behavioral baselines that can distinguish admin activity from destructive activity, that's where the gap is.

Alex: And Latin America is not an isolated case. This is a pattern we've seen in Ukraine, in the Middle East, increasingly wherever there's geopolitical instability. The technique migrates. Your sector might not be today's target, but the playbook travels.

Jordan: SAP. Let's go there. Supply chain attack targeting SAP-related npm packages, credential theft, multiple research firms flagging it simultaneously.

Alex: If you run SAP — and a significant portion of our audience does — this needs to be in your incident response queue today. The attack vector is Node.js integrations, npm packages that developers pull in as part of SAP ecosystem development. Compromised packages with credential-stealing malware. The breadth of the research response — Aikido, Onapsis, Wiz, Socket, others — suggests the campaign was widespread enough that multiple teams hit it independently.

Jordan: Run your software composition analysis now. Map your SAP-adjacent development pipelines. If you have developers pulling in packages from the SAP ecosystem via npm, you need to know what versions they're using and whether those versions are clean.

Alex: Brief note on the Sri Lanka situation — two separate cyber incidents, over three million dollars lost, targeting the finance ministry. I raise this not because it's a massive number in absolute terms, but because the pattern matters. Two incidents in rapid succession suggests the initial response didn't close the underlying vulnerability. And the context — a country still recovering from sovereign debt crisis, constrained security resources — that's a cautionary tale for any organization operating lean. Resource constraints don't reduce your threat exposure. They just reduce your ability to respond.

Jordan: cPanel. CVE-2026-41940. Authentication bypass, critical severity, actively exploited since late February, public proof of concept now available.

Alex: If you have cPanel or WHM in your environment — and many enterprises do through managed hosting or legacy web properties — this is a patch-now situation. It was already being exploited before the PoC dropped. With the PoC public, the exploitation bar just got lower. Check your versions. If you're not on the latest release, you're exposed.

Jordan: And worth flagging: the "late February" detail means this was a zero-day for months before public disclosure. That's a reminder that patching at disclosure time still means you were behind.

Alex: Before we close out, let's talk about the broader theme this week, because I think there is one. Congress is debating whether to designate data centers as standalone critical infrastructure. State CISOs are reporting declining confidence in their ability to manage cyber risk — the Deloitte-NASCIO data is striking — and that mirrors what I'm hearing from private sector peers. The combination of AI complexity, budget pressure, and expanding attack surface is creating a confidence gap that's real and that boards need to understand.

Jordan: The non-human identity problem, the AI distillation problem, the agentic vulnerability discovery problem — they're not separate issues. They're all facets of the same transition. We're moving into an environment where the threat actors have AI capability, where the attack surface is being reshaped by AI, and where the defensive frameworks we built for a human-speed, human-scale threat environment are starting to show their age.

Alex: What to watch: the Cisco-Astrix deal, if it closes, will be a signal to the entire identity market. Watch whether other major platform vendors make similar moves in the next 90 days. The non-human identity category is going to consolidate fast. And on the regulatory side, if that data center designation moves forward, the compliance implications are significant for any enterprise with meaningful data center footprint.

Jordan: And watch the AI model governance question. Anthropic made a responsible call on Mythos. Not everyone will.

Alex: That's Cleartext for Thursday, April 30th. If this episode was useful, share it with a peer. We'll be back tomorrow. Stay sharp.