Easy as ABC: AI’s Brittle Composition
4–6–2026 (Monday)
Hello, and welcome to The Intentional Brief - your weekly video update on the one big thing in cybersecurity for middle market companies, their investors, and executive teams.
I’m your host, Shay Colson, Managing Partner at Intentional Cybersecurity, and you can find us online at intentionalcyber.com.
Today is Monday, April 6, 2026. Like last week, the Iran War both continues, and is intensifying, with Secretary of Defense Pete Hegseth just today saying that it will be the most intense day of operations against Iran, ahead of a midnight deadline tomorrow that President Trump imposed yesterday to re-open the Strait of Hormuz.
And under that backdrop, we’re going to talk about AI this week because, somehow, that seems both easier and more fun.
Easy as ABC: AI’s Brittle Composition
The story here centers around a back-to-back set of incidents at Anthropic, the makers of Claude, that cover both a data leak (with Fortune leading the way on reporting) indicating new models and capabilities.
The disclosures, which were made as a result of misconfigured draft pages on a blog, indicate both that new and more powerful models are underway and that there’s cybersecurity concerns (neither of which is, actually, news).
Fortune writes: “Anthropic appears to be especially worried about the model’s cybersecurity implications, noting that the system is “currently far ahead of any other AI model in cyber capabilities,” and “it presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders.” In other words, Anthropic is concerned that hackers could use the model to run large-scale cyberattacks.”
Again, this is not new, but does merit a bit of discussion since there seems to be agreement that the challenges posed by the tool and its potential for use by threat actors will outpace mosts organizations ability to defend.
The other bit that’s not said here is that it’s far more straightforward to use tools like Claude to carry out attacks than it is to play defense.
To make matters worse for Anthropic, they also suffered a source code leak that exposed around 500,000 lines of code across roughly 1,900 files.
People on all sides of this quickly jumped in, with some opinion writers pointing out the fragility of companies like Anthropic, while attackers put the leaked code out paired with malware to capture curious, but unsuspecting, victims.
To bring it back to the top of the show, we’re also now seeing Iran explicitly target OpenAI’s $30B “Stargate” data center in the United Arab Emriates.
It can be hard to keep up with all of this, and again re-emphasizes that the rate of change we’re experiencing is hard for people, much less organizations, to manage.
Do your best, build for what’s going to matter tomorrow, and optimize for optionality.
Anymore, it seems like flexibility is the order of the day.
Follow-Up Items
By way of follow-up from last week, Stryker a new post on their client update site indicating that as of 4/1 they are “fully operational across our global manufacturing network” (and it’s not, apparently, an April Fool’s joke).
Restoration of internal capabilities are lagging a bit, but they’ve seemed to be able to prioritize their restoration processes (something you all should do in your BC/DR plans, based on your BIAs, which I know you’re all conducting, right?).
We also got some more news from the Delve saga, wherein they’ve since “parted ways” with startup incubator and Delve investor Y Combinator, and the CEO and COO have come back with a blog post (and video!).
On the one hand, they admit to “moving too fast” and “not hitting the bar” and apologized only for “the noise they’ve caused.”
They then pivot to calling the anonymous disclosures a “malicious actor” and said that they purchased the Delve platform and “exfiltrated” Delve’s sensitive information. They assert that information is being “cherry picked,” “misconstrued,” and “taken out of context” to hurt Delve.
Lots of PR push coming here, but the words they’re using don’t do much to actually move the needle for me.
Fundraising
From a fundraising perspective, an absolute blow-out week with $39.7B in newly committed capital announced, led by:
KKR raised over $23 billion for its 14th North American buyout fund; while
Blackstone raised $6.3b for its sixth life sciences fund; and
Inflexion raised €4.5b for its seventh midmarket buyout fund, topping its target. To close out,
OceanSound Partners raised $3.4b for its third fund.
The dry powder continues to stack, and it’s worth remembering that the fundraising activities that lead to these big numbers takes many months (or years) - and hopes to be put to work in a market that also has the advantage of time - as a hedge against volatility and other mechanics.
Whether those timelines are long enough or the disruptions small enough remain open questions.
A reminder that you can find links to all the articles we covered below, find back issues of these videos and the written transcripts at intentionalcyber.com, and now sign up for our monthly newsletter, the Intentional Dispatch.
We’ll see you next week for another edition of the Intentional Brief.
Links
https://www.stryker.com/us/en/about/news/2026/a-message-to-our-customers-03-2026.html
https://delve.co/blog/delve-sets-the-record-straight-on-anonymous-attacks
https://betakit.com/claudes-source-code-leak-has-permanently-changed-the-ai-race/