the capability-access gap: anthropic gates mythos, carlini drops the quote, the personal AI middle goes hollow

mythosglasswinganthropicpersonal-aicarliniharness-engineeringclaude-skillscapability-access-gap
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
░                                                 ░
░   ┌─────────────────────────────────────────┐   ░
░   │                                         │   ░
░   │       ┌─── mythos ───┐                  │   ░
░   │       │              │                  │   ░
░   │   [ glasswing ] ◆ ── locked  ▓▓▓▓▓      │   ░
░   │       │              │                  │   ░
░   │       └─── carlini ──┘                  │   ░
░   │            │                            │   ░
░   │            ↓                            │   ░
░   │   ░░░░░ middle hollow ░░░░░             │   ░
░   │            │                            │   ░
░   │            ↓                            │   ░
░   │   [ your disk ]  ←  the only seat       │   ░
░   │                     not reserved.       │   ░
░   │                                         │   ░
░   └─────────────────────────────────────────┘   ░
░                                                 ░
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

today

anthropic built a model so capable at finding bugs they won’t ship it. nicholas carlini says he found more bugs in six weeks with it than in his entire 20-year career. anthropic also rolled out “managed agents” — the cloud platform every agent startup secretly feared. martin fowler coined “harness engineering” to name the discipline half the internet was already practicing. someone extracted karpathy’s entire body of work as a claude skills repo and hit 702 stars in days. three indie memory systems hit hacker news in the same 48 hours while a celebrity launch with fake benchmarks took the front page on reddit. the through-line: the capability-access gap is now structural, and the only seat at the table that isn’t reserved is the one you build yourself.

■ signal 1 — claude mythos + project glasswing: the first model anthropic is embarrassed to sell

strength: ■■■■■ → multiple sources

anthropic announced project glasswing alongside claude mythos. mythos is a frontier model so effective at finding and exploiting vulnerabilities that anthropic decided shipping it publicly would cause real-world harm. glasswing is the gating program: vetted security researchers only, with priority access promised to fortune 500 companies and (presumably) governments. the public gets a neutered version.

stratechery wrote a same-day analysis. daniel miessler argued the public is taking the wrong message from it. simon willison called it “necessary.” reddit split 50/50 between “responsible disclosure” and “cartel behaviour.”

this is the first time a frontier lab said the quiet part out loud: we have a model, you can’t have it.

→ self.md take: the gap between the best AI in the world and the AI you can run on your own machine just stopped being a gap that closes with time. it’s now a gap maintained by policy. for personal AI, this clarifies everything. the model on your disk and the model behind an NDA are no longer the same species, and they will not converge. “which model you can access” is about to become a class marker as real as “which neighborhood you live in.” the romantic argument for personal AI just became a topological one.

■ signal 2 — nicholas carlini’s 20-year quote

strength: ■■■■■ → source

nicholas carlini — anthropic security researcher, formerly google brain, one of the most decorated and notoriously skeptical AI security people alive — publicly stated he’s found more exploitable bugs in the last few weeks using claude mythos than in his entire 20-year career without it.

954 upvotes on r/singularity. quoted in every glasswing writeup. carlini does not hype.

→ self.md take: personal AI has always been pitched as the defender — your private assistant, your sovereign stack, your local server. carlini’s quote inverts the picture. the same capabilities that could defend you can automate finding everything that’s already broken about your stack. every weird endpoint, every token sitting in a config file, every shell script your agent runs with sudo — the speed at which “someone” can find those is now decoupled from the speed at which humans can patch them. the shield and the sword are the same model, and the sword shipped first. audit your own stack like carlini would. don’t wait for someone with mythos to do it for you.

■ signal 3 — the indie memory wave: mnemo, kg, palinode all land in 48 hours

strength: ■■■■ → multiple sources

three independent open-source memory systems for AI agents hit hacker news in the same window:

none are from big labs. all three are taking different angles on the same unsolved problem: how does an agent remember things across sessions without becoming a vector-search hairball.

meanwhile, milla jovovich (yes, that milla jovovich) made huge waves with “mempalace” claiming 100% on longmemeval. penfield labs published a full teardown showing none of the benchmark scores are real. the celebrity launch hit 7,000+ upvotes on r/singularity. the indie repos hit 2-4 points on hacker news.

→ self.md take: memory is the hardest open problem in personal AI, and the attention economy is broken in a useful way. the celebrity launch with fake benchmarks gets all the eyeballs. the three indie repos doing the actual work get crickets. the self.md thesis — your life is a repo, your memory is plaintext, git is the store — is quietly winning on substance while losing on attention. if you’re building in this space: don’t compete on benchmarks. compete on durability. markdown-in-git will outlive every typed bayesian hypercube.

■ signal 4 — martin fowler names the discipline: “harness engineering”

strength: ■■■■ → source

martin fowler — the man who literally wrote the book on refactoring — published “harness engineering for coding agent users” on his main blog. the argument: what the community has been fumbling around with for the last six months (agent configs, skills, permissions, sandboxing, context management, recovery loops) is actually one emerging discipline. harness engineering: the practice of designing the structure around an agent so that the agent does the right thing for the right reasons with the right guardrails.

he gave the discipline a name. that’s the entire point.

→ self.md take: naming things is power. once fowler gives a discipline a name, it becomes something you can hire for, write books about, and — crucially — agree on. for personal AI, this is the moment the wild experimentation phase ends and the textbook phase begins. expect the next six months of tooling and courses to cluster around this term. the people who get fluent in harness engineering now are going to look, in hindsight, like the people who got fluent in devops in 2014. read the post. it’s boring on purpose. boring is what a discipline looks like when it stops being a vibe and starts being a job title.

■ signal 5 — someone extracted karpathy’s life work as a claude skills repo

strength: ■■■■ → source

forrestchang/andrej-karpathy-skills hit 702 stars in a few days. the repo is exactly what it sounds like: someone scraped andrej karpathy’s blog posts, lectures, tweets, nanogpt, nanochat, and turned every distinct concept into a claude skill file. “implement attention from scratch” — skill. “tokenize a dataset” — skill. “write a training loop karpathy-style” — skill.

the first time a single person’s tacit knowledge has been packaged this aggressively as reusable agent primitives.

→ self.md take: this is what we’ve been calling “the living appendix.” your favorite thinker’s entire body of work — not as bookmarks, not as a RAG corpus, but as executable skills your agent can invoke. you don’t just read karpathy. you use karpathy. extend the pattern: simon willison as skills. armin ronacher as skills. your own old blog posts as skills. the bookshelf of 2025 was a list of authors. the bookshelf of 2026 is a list of skill directories. expect a wave of <thinker>-skills repos in the next month, and start your own.

■ signal 6 — claude managed agents: anthropic becomes the AWS of agents

strength: ■■■■ → source

anthropic shipped “claude managed agents” — a full stack for building and deploying agents at scale, directly inside the anthropic console. r/ClaudeAI took it as the inevitable step: claude code was the bait, managed agents is the hook. simon willison noted it in passing. community reaction split between “they’re finally eating every agent startup” and “they just officially became aws for agents.”

paired with mythos + glasswing in the same week, the picture sharpens.

→ self.md take: anthropic is now building a two-tier world. top tier: mythos behind glasswing. middle tier: managed agents in their cloud. neither tier has any room for the “one person running agents on their own box” use case — the exact case self.md represents. the personal AI movement is no longer local-first by aesthetic preference. it’s local-first because the managed tier wants your data and the elite tier won’t let you near the model. you’re squeezed on both sides. build the layer that can’t be squeezed.

one-liner takes

meta

today’s radar has a single spine: the capability-access gap is now visible at every layer of the stack. frontier models gated by NDA (mythos). security capability gated by lab headcount (carlini). agent deployment gated by cloud console (managed agents). and the only response that scales for one person is to own every layer you can — in plaintext, in git, on your disk. the personal AI OS isn’t a product category anymore. it’s the only seat at the table that isn’t reserved.

read the full essay for the long form.

sources