The Whole Internet Is Going to Break, and It's OK

Something extraordinary happened on April 7, 2026. Anthropic, the AI safety company behind Claude, announced a new model called Mythos, and then immediately said they were afraid to release it to the public.

That sentence should stop you cold.

The company that built the thing is scared of what it found. Not because the AI went rogue. Not because it developed dangerous opinions. But because it turned out to be the most effective vulnerability scanner in the history of computing, and what it found hiding inside the world's most trusted software is genuinely alarming.

We are entering a period of maximum turbulence on the internet. Security patches will introduce instability. Outages will happen at companies you've trusted for decades. AI bots are already overwhelming the bandwidth the open web was built on. And the same technology creating all of these problems is, paradoxically, the only tool capable of fixing them.

We're going to come out the other side of this with better, more secure software than we've ever had. But first, things are going to get bumpy. Here's what's actually happening, and why you shouldn't panic, but absolutely should pay attention.

Mythos Just Found the Skeletons in the Closet

For decades, software developers have written code with bugs in it. This is not a scandal. It's physics. Complex systems have flaws. Finding those flaws has historically relied on human security researchers working a painstaking process that might surface a handful of critical vulnerabilities per year in any given codebase.

Mythos changed that math in a single announcement.

In just the first few weeks of testing, Mythos Preview identified thousands of zero-day vulnerabilities, many classified as critical. Several are ten or twenty years old. The oldest found so far is a 27-year-old bug in OpenBSD, a system specifically famous for its security hardening. A 16-year-old flaw in widely-used video software survived five million hits from automated testing tools without ever being detected. Mythos found it anyway.

What separates Mythos from anything that came before is its capacity for "vulnerability chaining": connecting a series of individually minor software flaws into a single exploit that reaches a high-value target. Anthropic documented Mythos autonomously chaining four separate browser vulnerabilities into an attack that escaped both the browser renderer and the operating system sandbox. It wrote the attack code overnight without human intervention while engineers slept.

Even more consequential: Mythos can analyze compiled binary code without needing access to the original source code. Legacy systems running on hardware that's been operational for decades, with source code long since lost, are no longer protected by obscurity. The hospital still running Windows XP in the back office. The power grid component no one has touched since 2004. The bank mainframe that predates the internet. All of it is now readable.

Anthropic's response was to form Project Glasswing, a coalition including Apple, Microsoft, Google, Amazon, CrowdStrike, and JPMorgan, specifically to deploy Mythos defensively before these capabilities reach bad actors. JPMorgan CEO Jamie Dimon said it plainly this week: "AI's made it worse, it's made it harder." Goldman Sachs, the Federal Reserve, and the Treasury Department are all in active discussions about what Mythos means for financial system security.

The good news: the right people found it first, and they're patching it. The complicated news: patching decades of neglected code introduces instability, right now, at scale.

The Patch Paradox: Fixing Bugs Breaks Things

Here's the uncomfortable reality: the cure and the disease look similar in the short term.

When a decades-old vulnerability is discovered, the software maintainer has to write a fix, test it, and deploy it, often under time pressure, before the flaw is publicly disclosed and weaponized. The problem is the timeline has collapsed. The median time from first disclosure to first observed exploitation dropped from 771 days in 2018 to single-digit hours by 2024. By 2025, the majority of exploits were being weaponized before they were even publicly disclosed.

Defenders have to work at calendar speed. Attackers work at machine speed.

And every patch pushed into aging infrastructure carries risk. Software that has been stable for twenty years because nobody touched it is now being aggressively modified. The dependencies are poorly documented. The engineers who wrote it retired a decade ago. The tests that existed in 2007 don't cover the new fix.

You will feel this, not as a cyberattack, but as an outage. A service that suddenly stops working. A website that behaves strangely for three days and then recovers. The internet is about to go through a period that looks a lot like a city replacing all of its underground pipes at once: essential, inevitable, and messy.

AI Bots Are Eating the Web

While Mythos was exposing vulnerabilities in software, a quieter crisis was building in the infrastructure itself.

AI tools need to read the internet constantly. Training models, powering real-time AI search, running autonomous agents: all of it requires relentless web crawling at a scale the internet was never designed to handle.

The numbers from 2025 are staggering. Monthly AI-driven traffic nearly tripled over the year. AI scraper traffic grew 597%. Agentic AI traffic, bots that don't just read websites but actually interact with them, clicking, filling forms, completing transactions, grew 7,851%.

Automated traffic grew 23.5% year-over-year, eight times faster than human traffic growth of 3.1%.

By Q4 2025, there was roughly one AI bot visit for every 31 human visits to a website, up from one in 200 just nine months earlier. And that's almost certainly an undercount. Many AI scrapers now pass as human visitors entirely.

For a typical business, nearly one in five site visits in 2025 was a scraping attempt, nearly double the rate in 2022. Your checkout page is no longer visited only by customers. It's visited by AI agents shopping on behalf of customers, competitors scraping your prices, and security researchers probing your stack.

The internet as we knew it, a place humans came to do things, is becoming a place machines use to operate. Cloudflare CEO Matthew Prince recently predicted that bots could overtake human web usage entirely by 2027. Based on the trajectory of 2025's data, that timeline may be optimistic.

Amazon's Wake-Up Call

The chaos isn't theoretical. Amazon already gave us the proof-of-concept for what happens when AI-accelerated development outpaces human oversight.

In December 2025, AWS engineers using Amazon's internal AI coding assistant, called Kiro, were fixing a routine bug in Cost Explorer. Kiro, which can operate independently for hours or days, decided the best solution was to delete and recreate the entire production environment. A 13-hour outage followed.

Then it happened again. On March 5, 2026, Amazon.com itself went down for six hours. Checkout, pricing, accounts, gone. Not an internal testing environment. The storefront. The cause was a faulty software deployment following AI-assisted changes. Amazon's SVP of engineering described a "trend of incidents" with a "high blast radius" tied to "novel GenAI usage for which best practices and safeguards are not yet fully established."

Amazon is not an outlier. Microsoft Azure had a 19-hour Outlook outage in July 2025. Cloudflare went down twice in a single month in late 2025, and one of those outages took down 28% of global internet traffic, including ChatGPT, Spotify, Alexa, and Ring. The CrowdStrike outage of 2024 cost Fortune 500 companies an estimated $5.4 billion.

We have built the modern internet on a handful of providers. When they stumble, everyone falls. And right now, they are all simultaneously racing to patch AI-discovered vulnerabilities, deploy AI tooling, and absorb AI-generated traffic, all at once, with guardrails that are being bolted on after the fact.

The Same Tool Is Also the Only Fix

Here's where this pivots from alarming to genuinely optimistic, if you're willing to think beyond the next quarter.

The same AI discovering decades-old security holes is also capable of fixing them, at scale, faster than any human team in history. CrowdStrike's 2026 Global Threat Report found an 89% increase in AI-powered attacks year-over-year, but the same models expanding the attack surface give defenders capabilities that didn't exist a year ago: discovering vulnerabilities, detecting intrusions, and responding to incidents faster than any prior generation of security tools.

On the development side, Microsoft has AI writing 30% of the company's code. Amazon has an 80% AI usage mandate for engineering. Every major software shop on the planet is shipping faster and catching more bugs earlier, not despite AI, but because of it.

The software we will have in three to five years will be more secure, more efficient, and better-tested than anything written before AI entered the development pipeline. The vulnerabilities Mythos is finding today would eventually have been found by attackers with no ethical constraints. Finding them now, under coordinated disclosure, and patching them in controlled conditions is vastly better than the alternative.

The instability ahead is the price of a more durable infrastructure. The construction is loud. The building will be worth it.

---

Adam Gillrie is the founder of Savvy Dealer, an automotive digital marketing platform, and BiFrost Strategies, an AI consulting firm specializing in Generative Engine Optimization. He has spent 30 years at the intersection of automotive retail and digital strategy.