"Whatever games are played with us, we must play no games with ourselves, but deal in our privacy with the last honesty and truth." – Ralph Waldo Emerson

Updates:

Yes, Mythos is getting a general release, timeframe in weeks (no such thing as perfect guardrails, since guardrails and their countermeasures are both in-progress areas of study, so maybe not the worst idea to develop a theory of how you can free up remediation resources quickly if you have to): https://www.anthropic.com/news/claude-opus-4-8

Security, General:

Microsoft alienated much of the offensive security research community last week with an inept reaction to a vulnerability disclosure which appears to have changed from a coordinated one to an uncoordinated one while in-flight (relatedly, (╯°□°)╯︵ ┻━┻ feelings are an everyday risk of working with corporate bug bounty programs with conflicting internal incentives, i.e. all of them, so high-EQ behavior by vulnerability report recipients is not just a nice-to-have but a first-order security practice), amid much discussion about whether the before-times disclosure models and timeframes these programs use need some modernization (yes). But, as it happened, the article which spoke to me the most was on a different topic – Jericho asking the eminently reasonable question of why there isn't a defensive Mythos: https://jericho.blog/2026/05/26/mythos-needs-to-shift-left/

Security, Apple platforms

Already fixed by Docker so you only need to update, mlx-lm model sandbox escape from Docker Desktop 4.56.0, fixed in 4.71.0: https://nvd.nist.gov/vuln/detail/CVE-2026-5843

Interesting Paper

Auditing Apple's DifferentialPrivacy.framework: Implementation Bugs, Misconfigurations, and Practical Risks, by Rishav Chourasia, Ergute Bao, Uzair Javaid, and Xiaokui Xiao, winner of a distinguished paper award at the 47th IEEE Symposium on Security and Privacy: https://arxiv.org/abs/2605.21378

Interesting Tool

Ever had a discussion about how to protect specific private user data that drifted into a debate about whether users could be harmed by their data at all? I sure have, and I think Kim Wuyts and Avi Douglen have too, because they created Context & Cringe with Devika Gibbs and Simon Gibbs from CyberSec Games, a card game which demonstrates how the intersection of data, features, and context can become embarrassing: https://contextandcringe.com

Apple Platforms Security Concept of the Week

Differential Privacy, 2017(!): https://www.apple.com/privacy/docs/Differential_Privacy_Overview.pdf