The Vendor You Cannot Name.
Two U.S. banks disclosed a breach at the same unnamed third-party vendor in April 2026. Six class action lawsuits followed in two weeks. The vendor still has not been publicly named — and the disclosure language hides what every customer, plaintiff, and regulator actually needs to know.
You're Still Reading the Advisory. The Attacker Already Left.
On April 7, Anthropic deployed Claude Mythos Preview to 12 elite partners under Project Glasswing. The model found thousands of zero-day vulnerabilities in weeks. The real story is the intelligence asymmetry it created — and what it means for every organization that wasn't in the room.