AI's Security Reckoning, India's IT Squeeze, and the Agent Economy Arrives

---

Claude Mythos Just Made Vulnerability Research Uncomfortable

Anthropic's Mythos model autonomously discovered and exploited a critical vulnerability in OpenBSD that survived 27 years of professional code review, fuzzing, and security audits. It also reportedly uncovered thousands of high-severity flaws across operating systems and core internet infrastructure — work that would previously require entire teams of security researchers working over months.

Preview access went to Big Tech companies first, which is itself a signal: the organisations most capable of operationalising these findings at scale have early access to a model that outperforms human vulnerability analysts on their core task.

Who this affects directly:

• Penetration testers and vulnerability researchers whose primary value is finding what others missed
• Junior and mid-level security analysts performing manual code review and PoC development
• Security consulting firms whose billing model depends on human-hours spent on discovery work

A separate ArXiv paper this week showed an LLM agent automating proof-of-concept generation for reported vulnerabilities — the labour-intensive reproduction work that security teams currently delegate to engineers. Two signals, same direction.

---

India's IT Sector Faces a Structural Squeeze

TCS extended only 25,000 fresher offers this fiscal year, with future campus hiring now explicitly contingent on demand clarity. This is a departure from the predictable entry-level recruitment cycles that made Indian IT services a reliable graduate employment pipeline.

Kotak flagged Mythos specifically as a disruption risk to India's IT services sector, which depends on developer and engineer headcount to deliver offshore software development. The threat is not abstract: if AI models can handle software engineering tasks at scale, the labour arbitrage model that built firms like TCS, Infosys, and Wipro loses its core premise.

Anthropic simultaneously launched specialised AI tools for legal, financial, HR, and cybersecurity tasks — directly competing with the consulting and outsourcing vendors that employ large numbers of knowledge workers in these domains.

The numbers that matter:

• 25,000 fresher offers at TCS, down from historical norms, with future hiring tied to demand
• Mythos benchmarks showing a "step-jump" in software engineering performance, per Kotak's analysis
• Anthropic now competing in legal, financial, and HR tooling — sectors that represent significant outsourcing revenue

---

The Agent Infrastructure Build-Out Is Accelerating

Three separate signals this week describe the plumbing being laid for autonomous agent workflows. Sierra launched Ghostwriter, a platform that builds agents from natural language descriptions — removing the need to click through UI-based application development. HolaOS (1,868 GitHub stars in days) positions itself as the environment for "long-horizon work, continuity, and self-evolution" in agent systems. Astropad released Workbench, a remote desktop tool built specifically for supervising AI agents on Mac hardware from mobile devices.

CyberAgent, one of Japan's largest advertising and gaming conglomerates, deployed ChatGPT Enterprise and Codex across advertising, media, and gaming divisions to improve "decision velocity."

These are not experiments. They are infrastructure investments.

ProPublica's unionised staff — roughly 150 members — went on strike this week over AI implementation, layoffs, and wages. The newsroom is the latest organisation where AI deployment has moved from policy discussion to workforce reduction.

---

What This Means

If you work in security research or penetration testing, the 27-year-old OpenBSD vulnerability is a concrete benchmark, not a projection. The question is no longer whether AI can match human auditors on discovery — it demonstrably can. Roles that survive will be those that interpret, prioritise, and respond to findings at a systems level, not those that generate them.

If you are entering or advising on Indian IT careers, TCS's conditional hiring language is a direct signal that entry-level volume hiring has structurally changed. Building a career plan around joining a large IT services firm as a fresher and developing skills over time assumes a pipeline that is visibly contracting.

If your role involves any workflow that can be described as "find the problem, document it, route it" — whether in medical coding, regulatory affairs, vulnerability analysis, or content moderation — AWS's healthcare agent deployment paper and the Triage framework for LLM task routing both describe the same pattern: routine classification and documentation work is the first tranche to be automated, not the last.