Today’s Future Blueprint is brought to you by:

Hi AI Futurists,

For the past year both Anthropic and Google have been saying AI was about to start writing real cyber attacks. On Monday Google's security team said it caught the first one in the wild. The model behind it was not Mythos, and it was not Gemini. Let's take a look.

Our agenda.

  • Our partner: descope

  • Top AI news

  • Hackers used AI to break into a real company. Google caught them.

  • 3 AI tools to boost your workflow

  • AI Investment Report

Best,
Lex Sokolin

P.S. Enjoying the newsletter? Have a suggestion? Hit reply and let us know!

Manage your settings: Share | Unsubscribe | Upgrade

Grow: Reach our 200,000+ Audience and Become a Sponsor Here

Ecosystem: AI Venture Fund | Fintech Research | Lex Linkedin / Twitter

Ship AI agents and MCP servers with identity built-in

Every company has an AI / MCP project, but identity becomes a blocker. Following the MCP spec, debating on DCR vs CIMD, issuing short-lived credentials…the list goes on.

Descope Agentic Identity Hub is an identity provider for AI agents that lets developers easily add auth, access control, and credential management to their AI systems.

  • WisdomAI got MCP auth running in 1.5 days

  • Daylight Security shipped an MCP server with auth built-in

  • Cequence uses it under-the-hood in their AI Gateway

Join 1000+ orgs and begin your agentic identity journey

Top AI news

⚖️ Claude for Legal arrives with 12 plug-ins and Westlaw inside (LawSites). 1.9 billion legal documents now sit one prompt away. Anthropic just did to law what it did to finance last week.

💼 OpenAI launches a $4B Deployment Company and buys Tomoro (Constellation Research). TPG leads 19 partners, and 150 deployment engineers come with the buy. Six days after Anthropic shipped Blackstone.

💻 Google retires the Chromebook and unveils the Googlebook (TechCrunch). Gemini lives inside the cursor and the major PC makers are all building one. Apple's MacBook Neo is on notice.

🌊 Cowboy Space raises $275M to put data centers in orbit (SpaceNews). Baiju Bhatt's rocket doubles as a 1 MW AI data center once it gets there. The compute problem just became an aerospace problem.

🛩 Helsing nears $1.2B at an $18B valuation (SiliconANGLE). Dragoneer and Lightspeed lead a round oversubscribed many times over. Europe just minted its most valuable startup.

🧠 Anthropic lets Claude agents "dream" (9to5Mac). Overnight, the agents review past sessions and prune their own mistakes. Harvey says task completion jumped 6x.

🎨 Wix shipped its own LLM and dropped third-party APIs (TechRadar). The new model runs the Wix Harmony website builder end-to-end. CEO Avishai Abrahami called it the first of many.

📊 Greenboard raises $20M for AI-native compliance (Fortune). GreenboardGo turns 500 financial firms' rule books into a chatbot. Base10 led, Y Combinator rode along.

🔁 SAP buys into n8n at a $5.2B valuation (PYMNTS). The open-source automation tool more than doubled its valuation in six months. SAP found its agent orchestration story without building one.

🧪 Judgment Labs raises $32M to evaluate AI agents (BusinessWire). Three Gen-Z founders, two Lightspeed-led rounds in six months. The eval layer is now its own category.

Google caught the first real AI cyber attack

Google's security team went public on Monday with what it called the first confirmed case of hackers using an AI to write a working cyber attack and aim it at a real company. The AI found a previously unknown weakness on its own, then wrote the code to walk past two-factor login. Google says it caught the campaign before it spread, and that the AI behind it was almost certainly not Google's Gemini or Anthropic's Claude Mythos. Both labs have been saying for a year that this exact moment was coming. Anthropic locked Mythos up last month rather than ship it. On Monday the warning showed up inside someone's production system.

Locking up Mythos was supposed to be the safety valve. Anthropic announced Project Glasswing in April, brought in Apple, Google, Microsoft, JPMorgan, and CrowdStrike, and committed $100 million in credits to keep that capability inside a closed circle of trusted partners. The bet was that only the top labs could build a model dangerous enough to matter, and those labs would handle the access list. The model Google caught last week did not come from that closed circle. Someone took a publicly available model, sharpened it for one specific job, and went looking for targets. The lockdown only covers the brand-name versions of the tools.

Anyone running a product in 2026 just got a baseline shift. Any service with a customer login or a payment flow is now in range of an AI doing reconnaissance on it around the clock, for the cost of a GPU. The teams that come out of the next year in good shape are the ones that move their patch cycles from quarterly to weekly on anything internet-facing, push their vendors on AI-aware detection, and stop treating 2FA as the finish line. Cyber vendors that have been pitching AI-first defense, including most of the Glasswing partner list, just got their first real-world receipt. CrowdStrike, Palo Alto, and SentinelOne should expect a busy quarter. The arms race that everyone has been writing about since 2024 now has a real victim and a real date.

Takeaways at a Glance:

  • Google's security team disclosed on May 11 the first confirmed case of hackers using AI to find an unknown software flaw and write working attack code for it

  • The flaw let attackers slip past two-factor login, and Google said the AI-led campaign aimed to hit many companies at once before it was stopped

  • Google said the AI behind it was unlikely to be Gemini or Anthropic's Claude Mythos, which points to a publicly available model someone sharpened for the job

  • Anthropic restricted Mythos under Project Glasswing in April with Apple, Google, Microsoft, JPMorgan, and CrowdStrike as initial partners, plus $100 million in usage credits

  • The disclosure landed a week after Microsoft, Google, and xAI agreed to give the federal AI safety center early access to unreleased models for review

What We Think About It:

  • A lockdown only works if attackers care about the guest list. Every company with a website is now in range of an AI-driven attack. That used to be a 2027 problem. It is now a 2026 problem. Prepare accordingly.

What You Can Do Right Now:

You don’t have to be an alarmist… but here are some things to consider:

  • Turn on hardware keys or passkeys for your own email, banking, and work logins this week. The "I'll do it later" excuse just expired

  • If you run a product, look at every screen that lets a customer reset a password or change an email. Those are the front doors AI attackers will probe first

  • Ask your IT or security lead one question: "If this happened to us next month, would we know?" The answer tells you whether to push for budget now

  • If you sit on a board, put cyber on the next agenda. The AI-defense conversation that was a 2027 line item is a 2026 one now

  • If you invest in cyber, the holdings that can detect AI-driven attacks just got more valuable. The ones that cannot, less so.

Get more done with these AI tools

Latitude: Observability platform for AI agents in production.

  • Surfaces agent failure modes before they reach users, with full trace replay

  • Built specifically for Claude Code, with logs that match how the agent reasons

  • Designed for engineering leads who own the on-call rotation for AI features

Liminary: Shared memory layer for AI work sessions.

  • Persists context across chats, agents, and tools you already use

  • Treats memory as a first-class object instead of a buried summary

  • Lets every assistant on your stack pick up where the last one left off

Pipali: AI coworker that runs on your machine, not the cloud.

  • Executes browser, file, and SaaS workflows locally with privacy baked in

  • Built for sensitive work where you cannot ship the task to a third party

  • Keeps the audit trail on your laptop, not someone else's server

AI Investment Report

This 158-page research report provides the first comprehensive taxonomy of public companies, private ventures, and tokenized protocols building the infrastructure for autonomous AI systems. Compiled by Lex Sokolin, former Chief Economist at ConsenSys, fintech strategist at Autonomous Research, and current Managing Partner at Generative Ventures, this report delivers institutional-grade analysis of 100+ companies across 14 critical infrastructure layers. Learn more here.

AI & Robotics Encyclopedia (2026 Q1 Update)

A 121 page report mapping 95 companies across AI infrastructure, foundation models, robotics, agents, and decentralized networks — with quarterly financial tracking from industrial foundations through end-state machine coordination. A material update on our initiation report last year.

Future Blueprint • Future Blueprint

That’s all for today, folks!

  • Reach out to our audience by becoming a sponsor here.

  • If you’re enjoying the newsletter, share with a friend by sending them this link: 👉 https://www.futureblueprint.xyz/subscribe

  • Looking for past newsletters? You can find them all here.

  • Working on a cool A.I. project that you would like us to write about? Reply to this email with details, we’d love to hear from you!

Reply

Avatar

or to participate

Keep Reading