AI Intel: Glasswing Puts Cybersecurity on Notice + GLM-5.1 Gets Cheap + More

Reddit's AI crowd spent today bouncing between two very different kinds of anxiety. On one side, Anthropic basically told the market that frontier models are now good enough at offensive security work to justify a coordinated defensive program. On the other, developers kept asking a simpler question: if open and cheaper models are getting this close, why should anyone keep paying flagship prices by default?

That is the real mood check for mid-April. The conversation is no longer just “which lab shipped the smartest demo.” It is about whether the model is deployable, licensable, stable, and worth the bill. Here is today's AI Intel briefing from the Reddit layer, with a few public updates added where the numbers matter.

1. Project Glasswing made cybersecurity the biggest AI story on the board

What happened: Anthropic officially launched Project Glasswing, a defensive security program built around Claude Mythos2 Preview, an unreleased frontier model. Anthropic says Mythos2 has already found thousands of high-severity vulnerabilities, including issues across every major operating system and every major web browser. On Anthropic's own benchmark for vulnerability reproduction, Mythos Preview scored 83.1% versus 66.6% for Opus 4.6. The company is putting up up to $100 million in usage credits and another $4 million in direct donations to open-source security groups, while partners like AWS, Apple, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, Nvidia, and Palo Alto Networks test the model on real defensive work.

Why it matters: This matters because Anthropic is not marketing Mythos2 as “better chat.” It is framing the model as proof that the capability frontier has crossed into cyber offense territory. That changes the industry conversation fast. Once a lab says models can outperform nearly everyone except top human specialists at finding and exploiting bugs, the argument stops being theoretical. It becomes about who gets access, who gets locked out, and how fast the rest of the stack has to harden.

Developer angle: If you build with AI, stop treating security as a downstream audit problem. Model-assisted vuln discovery is now upstream. The obvious play is to use these systems for patching, code review, dependency triage, and exploit simulation before attackers get similar capability at scale. Teams that wait for “the general release” are missing the point. The point is that the bar for defensive engineering just went up.

2. GLM-5.1 is pushing the open-model story out of hobby territory

What happened: GLM-5.1 kept showing up in developer circles because it is not just another open release with nice charts. Z.ai says the model scored 58.4 on SWE-Bench Pro, edging past GPT-5.4 at 57.7 and Claude Opus 4.6 at 57.3. Pricing is part of why Reddit paid attention: public coverage and vendor pricing pages put GLM-5.1 around $1.40 per million input tokens and $4.40 per million output tokens, versus Anthropic's API pricing of $5/$25 for Opus 4.6 and $3/$15 for Sonnet 4.6. Even if you haircut the benchmark win, that is still a very loud price-performance signal.

Why it matters: Open-model hype is cheap. Shipping something that actually forces developers to revisit their default routing is different. GLM-5.1 matters because it narrows the gap where it hurts: coding tasks, long-running agent work, and cost math. That does not mean proprietary flagships are dead. It means the old sales line — pay way more, get obviously better outcomes — is getting harder to defend.

Developer angle: The single-model stack keeps looking dumber. Use the expensive frontier model where failure is costly. Use a model like GLM-5.1 for longer coding runs, scaffolding, or benchmark-heavy automation where cost discipline matters. And if you want that flexibility without rebuilding your client every week, an OpenAI-compatible layer like KissAPI is the boring answer for switching between premium, cheap, and fallback models fast.

3. Google and Meta are telling you where the real bottlenecks are

What happened: Two numbers kept hanging over today's discussion: $2.4 billion and $21 billion. Google's deal around Windsurf reportedly includes paying $2.4 billion in licensing fees under non-exclusive terms while hiring key staff. Separately, Reuters reported that Meta expanded its CoreWeave partnership with a fresh $21 billion commitment for AI cloud capacity, with CoreWeave saying the arrangement runs through December 2032.

Why it matters: This is the part of the AI race that benchmark threads usually miss. The market is not only buying models. It is buying distribution, developer surface area, and raw compute supply. Google wants the people and product DNA behind a serious coding workflow. Meta wants guaranteed capacity so it does not lose another cycle on inference bottlenecks. When the numbers get this large, you are looking at a supply-chain war, not a model war.

Developer angle: Build as if concentration risk is going to get worse, not better. If one vendor owns your editor, another owns your cloud lane, and a third owns your favorite flagship model, you have already built a brittle stack. Portable SDKs, standard interfaces, and model routing are no longer “nice architecture.” They are procurement insurance.

4. Reddit still cares about feel, not just intelligence

What happened: Even with all the big-money news, the product-level complaints did not go away. Users are still nostalgic for the older GPT-4o feel — more direct, less flattened, less prone to sounding like a compliance memo. Claude users are still touchy about premium pricing versus unpredictable limits. Anthropic's current paid plans are not subtle: Pro is $20/month, while Max starts at $100/month and runs to $200/month, with usage limits still governed by capacity and weekly controls. That is exactly why every drift in quality or quota policy hits harder than it used to.

Why it matters: Because product feel is now part of the moat. A model can be smarter on paper and still lose if people do not trust what they are getting from one week to the next. Reddit keeps hammering the same point: users hate paying premium prices for premium uncertainty. The labs that win from here will not just ship stronger models. They will ship more predictable ones.

Developer angle: Track the ugly metrics, not just the shiny ones. Refusal rate. Re-prompt rate. Session abandonment. Tool-call retries. Model drift complaints. These are the signals that tell you when users are quietly losing trust. If your app depends on one provider's mood, you are not building on capability. You are renting it.

Quick Hits

• Claude is moving deeper into enterprise workflow capture. Anthropic's Claude Cowork push now includes tighter org controls, while Zoom's new connector feeds meeting summaries, transcripts, and action items straight into Cowork and Claude Code workflows.
• Anthropic's pricing still leaves room for routing games. On API, Sonnet 4.6 sits at $3/$15 per MTok and Opus 4.6 at $5/$25. That keeps cheaper open and Chinese models in the conversation every single day.
• The market is getting harder to fake. “Open,” “agentic,” and “enterprise-ready” all mean less than they did six months ago unless the benchmark, the license, and the ops story all line up.