Anthropic is quietly moving its most powerful model, Claude Mythos, out of the lab and toward enterprise customers, with Mythos 1 surfacing inside Claude Code and a new Claude Security product. Microsoft just dropped Fara 1.5, an open-weight browser agent that beats OpenAI's Operator on live web benchmarks. Bitcoin is stuck near $77,000 as spot ETFs bled $1.47 billion last week and the CryptoQuant demand gauge hit its worst level since December. Strive added another 1,109 Bitcoin, pushing its treasury to 16,500 coins, while Strategy paused weekly buys and tapped cash to retire $1.5 billion in convertible debt. And Tether is launching a lari-backed stablecoin directly on Georgia's national payment rails. Let's get into it.
Anthropic has spent most of 2026 keeping a model called Mythos under lock and key. It showed up publicly in March as what the company described as a step change in cybersecurity, coding, and academic reasoning. Then in April came Project Glasswing, a restricted access program with around 40 to 50 partners, names like AWS, Apple, Google, Microsoft, NVIDIA, CrowdStrike, and JPMorgan, all using Mythos to scan critical infrastructure. In a few weeks of testing, it flagged over 10,000 high or critical severity vulnerabilities in open-source software.
Now the strings are showing up in production. References to claude-mythos-1-preview have appeared inside Claude Code and a new product called Claude Security, including a toggle that briefly went live in public builds before being pulled. The picture coming together is a staged commercial rollout, branded Mythos 1, first inside two enterprise products: Claude Code as the agentic developer environment, and Claude Security as a vulnerability scanner with AI-assisted patch suggestions. The security dashboard already tracks 1,596 disclosed issues across 281 open-source projects, with 97 patched so far.
Why the slow burn? Anthropic itself has said this class of model can develop functional cyberattacks at a professional level, and that in the short term that favors attackers. Their bet is that defenders catch up if you give them the same tool first, behind guardrails, behind enterprise contracts, and behind audit logs. To that end, they also rolled out a Compliance API and 28 security integrations this week, with Cloudflare, CrowdStrike, Datadog, Microsoft Purview, Okta, Palo Alto Networks, Wiz, and Zscaler, so corporate IT can monitor every Claude conversation, upload, and project the way they'd monitor any other SaaS app.
The interesting move here isn't the model itself, it's the packaging. Anthropic is the first major lab openly saying: our most capable system is too dangerous for a chat box, so we're shipping it as infrastructure, not as a product feature. If Mythos 1 actually lands in Claude Code in the next few weeks, every other frontier lab is going to be asked the same question about what they're holding back.
Microsoft Research just released Fara 1.5, a family of browser agents in 4 billion, 9 billion, and 27 billion parameter sizes, all with open weights, built on top of Alibaba's Qwen 3.5. And on the main benchmark for live web tasks, Online-Mind2Web, the 27B model hits 72% task success. OpenAI's Operator scores 58.3%. Google's Gemini 2.5 Computer Use scores 57.3%. Even the 9B variant beats both of them at 63.4%.
The training story is the funny part. Microsoft used OpenAI's GPT-5.4 as a teacher agent to demonstrate browser tasks, then distilled that behavior into smaller open models. They also built six fake but fully functional websites, mail clients, calendars, booking systems, so the agent could practice logging in and clicking around without breaking anything real. The result is a model small enough that the 4B version runs locally on a high-end laptop. No hosted API, no per-call fee, no third party logging every URL you visit.
That last point matters more than the benchmark. Until now, if you wanted a competent agent to drive a browser for you, you were renting it from OpenAI or Google, which meant they saw everything. With Fara 1.5, a payment processor, a bank, a merchant, or just a paranoid user can run the agent on their own hardware and own the audit trail. Microsoft is also pushing this into the enterprise from the other side, with Edge for Business now offering agentic browsing where Copilot can fill forms and run multi-step workflows, but only on domains an admin has whitelisted through Microsoft Purview.
And in parallel, Microsoft released Webwright, a code-first agent framework that turns browser tasks into reusable Playwright scripts you can rerun and debug from a terminal. 86.7% on Online-Mind2Web. So Microsoft now has three agent products attacking three different markets: open weights for developers, governed Copilot for enterprises, and reproducible scripts for engineering teams. OpenAI is going to have to decide whether Operator stays a paid closed product or whether it has to compete on price.
Bitcoin is sitting around $77,000, and the picture under the hood is not great. Last week, crypto ETPs saw $1.47 billion in net outflows, with Bitcoin funds leading the damage. CryptoQuant's 30-day apparent demand indicator just turned the most negative it's been since December, which means buyers aren't absorbing the supply hitting exchanges. Glassnode is framing it as a steady drip of institutional exit through the ETFs with no visible demand offset. Swissblock is calling it a high-risk zone.
The macro overhang is real. Fresh US strikes on Iran hit over the weekend, oil rebounded, privacy tokens dropped 5%, and a reported 60-day ceasefire framework keeps Bitcoin hostage to headline risk. Treasury yields have stiffened and pushed back the timeline on rate cuts. Volatility on Bitcoin itself fell to an 8-month low, which usually resolves with a sharp move in one direction. The bull case is a cup-and-handle pattern that some chartists say targets $220,000 if $74,000 holds. The bear case is a $14 billion liquidation cascade pointing toward $60,000 if it doesn't.
Meanwhile, the corporate buyers are not in lockstep. Strive picked up another 1,109 Bitcoin this week, bringing its treasury to 16,500 coins worth roughly $1.3 billion, and it's eyeing a potential Russell 1000 inclusion that could pull in passive flows. Smaller treasury companies collectively added 603 BTC last week, buying the dip below $80,000. But Strategy, the biggest holder, paused its weekly buys and instead used cash to retire $1.5 billion in convertible debt. Saylor cleaning up the balance sheet instead of stacking is a notable shift in posture.
And then there's Metaplanet, the Japanese treasury company. Q1 revenue up 251%, operating income up 282%, but a $725 million net loss from a non-cash Bitcoin writedown when prices fell from $87,000 to $66,000. Their Bitcoin yield collapsed to 2.8% because they issued over 130 million new shares to fund purchases. Tokyo regulators blocked their planned preferred share listing. They're now flying to New York next month to pitch institutions directly. The treasury-company model worked beautifully when Bitcoin only went up. We're now finding out what it looks like in a range.
Tether and the Government of Georgia announced a stablecoin called GEL-T, a digital representation of the Georgian lari, launching directly onto national payment infrastructure. The framing is important. This isn't a private dollar token that a country tolerates. It's a sovereign currency being issued onto private stablecoin rails as official payment infrastructure, before most governments have even decided whether that model is acceptable.
The broader number to sit with: the total stablecoin market is now $322 billion. That's larger than the FX reserves of 95 countries. Dollars and other fiat held outside the traditional banking system, in tokenized form, now exceed what most sovereign treasuries hold in reserves. Stablecoins have quietly become a top-tier monetary phenomenon and the regulatory architecture is still catching up.
On the US side, the CFTC is positioned to gain broader crypto oversight under the CLARITY Act, but a New York Times investigation just reported that senior staff who raised concerns about major firms were sidelined. That's the agency Congress wants to put in charge of policing most of the US crypto market. Not a great look heading into a jurisdictional expansion.
And the risks of the stablecoin model are showing up too. StablR, a euro and dollar stablecoin issuer, just had to freeze its USDR and EURR tokens after an attacker exploited a one-of-three multisig weakness and minted $13.5 million in unbacked tokens, netting roughly $2.8 million before the freeze. A one-of-three multisig on a production stablecoin issuance key is the kind of operational decision that makes the case for boring, audited Bitcoin self-custody. The bigger stablecoins get, the more these mistakes will cost.
If Anthropic ships Mythos 1 and Microsoft keeps shipping open agents that beat closed ones, the next twelve months stop being about who has the biggest model and start being about who controls the audit trail. That's a different game, and most of the labs aren't built for it.