271 Firefox vulnerabilities found in one night by a single AI model. Frank, Jakko, and a former Dutch intelligence officer dig into what selective access to that kind of power actually means.
An AI model discovered 271 previously unknown security vulnerabilities in Firefox in a single night. Anthropic, the company behind it, decided the model was too powerful to release publicly, making it available only to a select group of partners. That decision alone tells you something about where we are.
This is the story that kept Frank awake. He's a self-described tech nerd, app developer, and product builder who spends his weekends on a touring motorcycle and his evenings tinkering. His co-host Jakko works on socially responsible digitization for Dutch municipalities and the broader public sector. Together, they launched a podcast to talk about the things that keep them up at night: technology, science, society, and where those three things collide. This is their first episode, recorded in the nave of a Seventh-day Adventist church in Breukelen, which they're using as a recording space. Only in the Netherlands.
The Firefox story sits at the intersection of capability and accountability. The model in question, reportedly Anthropic's internal "Mitels" project (also referenced as Project Glasswing), is powerful enough that its creators chose to withhold it from the public. Instead, access went to a small group — mostly large American technology and defense companies. Then it turned out that a group of users had found a way in through Discord, without any hack, simply by knowing where to look.
"Are we as humanity wise enough to handle this kind of intelligence? I fear the answer is: certainly not all of us."
Frank draws a direct comparison to the atomic bomb: a technology developed and then handed to people who may not be equipped to use it responsibly. What drives humanity, he argues, is largely personal and economic gain. Put us on a maturity scale and we're still in elementary school. Equipping elementary school students with nuclear weapons is, at best, a questionable policy.
Jakko's framing is blunter: we can all write five lines of code now, but if someone with real skills gets hold of a model like this and decides to go on the offensive, that's a serious problem for critical infrastructure.
Jesse Dijkstra joins by phone. He's a former AIVD (Dutch intelligence service) officer, now working at the Digitale Doetank, a group focused on moving digital autonomy from policy papers into actual implementation. His perspective on the Firefox story is measured but clear.
AI that finds vulnerabilities at scale will reshape the entire security market — and access determines who wins.
The core issue, Dijkstra explains, is that AI is very good at pattern recognition and at identifying what deviates from what source code should look like. Whether the specific vulnerabilities found in the Firefox case are extrapolatable to other software is still an open statistical question, but AI is also very good at statistics. The trajectory points in one direction.
What concerns him most is the power concentration that results from selective access. A handful of large American companies now hold the keys to the most capable security AI models. Organizations with access to those models will gain an outsized advantage in the cybersecurity market. For Dutch companies, and for the Dutch state, that creates a dependency problem.
"It could become harder for Dutch players to offer the same level of security that the big players can."
Defenders using AI can proactively scan their own systems for vulnerabilities and patch them before attackers find them — a significant advantage when the source code isn't publicly available. But attackers can simultaneously scan vast numbers of targets for the same vulnerabilities, and not every organization has the capability to patch quickly. The game changes shape entirely.
"Purple teaming," Dijkstra explains, is what you get when you combine red teaming (offense) and blue teaming (defense). The term comes from cybersecurity exercises where both attack and defense happen simultaneously. As AI models become capable of running both sides of that equation at once, the question shifts from "who has the best people" to "who has access to the best models."
The people who are already strong will get stronger still.
The biggest cyber threats facing the Netherlands, Dijkstra notes, come from Russian, Chinese, and Iranian state actors, plus criminal groups, many of whom also operate out of Russia. The Netherlands cannot fill its land with data centers to compete on raw compute. China and Russia simply have more space and energy to dedicate to that kind of infrastructure. That is a strategic reality that no policy paper changes.
What the Dutch government can do is build its own strategic capabilities, maintain relationships with vendors who use these models and can report vulnerabilities before hostile actors exploit them, and exercise real caution about the depth of dependency on any single foreign provider. Adopting a model from Anthropic for critical security functions means your sovereign view of your own infrastructure comes, in part, from a company that is not incorporated in the Netherlands and answers to its own priorities.
The conversation moves to Dutch parliamentary politics. The day before recording, the Tweede Kamer passed the Katman motion with 141 votes in favor — an overwhelming majority — calling for existing government contracts not to be renewed if a particular acquisition goes through. The specific company at issue is Solinity, and the backdrop is a larger debate about which critical services the Dutch government outsources to foreign-owned entities.
"Digitalization is one of the rare topics where left and right consistently agree."
Dijkstra sees the motion as a genuine signal. Parliamentary motions are not legally binding, but when a chamber passes something with an overwhelming majority, a cabinet that ignores it needs a very good reason. His expectation is that the contract will not be renewed, unless something substantial changes. The broader trend is real: Dutch politics is tightening its grip on which services get outsourced abroad, particularly in critical infrastructure. That is, in his view, a positive development.
The harder question is a court challenge filed by the CISO of Logius. Dijkstra declines to predict the outcome. Case law on this is limited, and courts don't always follow the direction Parliament points. But the parliamentary signal and the broader societal shift are visible to him. Whether judges read the same landscape the same way is genuinely uncertain.
The episode opens with a different kind of anxiety. Frank attended a robotics trade fair in Shenzhen, where the footage was, as he puts it, genuinely bizarre. Humanoid robots performing tasks that a year ago seemed like science fiction. What struck him wasn't the spectacle but a conversation happening in his own family.
His son, navigating a career choice, had been doing an internship at a design firm. The designers told him plainly: don't do this, your job won't exist in ten years. So the family chose a completely different path. His son is now training in wood and furniture construction. Something with his hands. A real trade.
"I said: good choice. You've learned a craft. And I think you'll have plenty of work — for now."
The "for now" is doing a lot of work in that sentence. Frank watched the metselrobots (bricklaying robots) being developed by Terraform, a startup that shared his office space in Amsterdam. Every morning he'd walk past them. Every morning they were a bit faster, a bit more precise. The business model isn't robot sales; it's robot-as-a-service. Large construction companies sign contracts. The van pulls up, the humanoids go to work, 24 hours a day, seven days a week, one operator standing by.
Jakko isn't optimistic either. His estimate: 90 percent of jobs, gone within a few years. He says it sounds dramatic, and it does, but the curve of the technology is what it is.
The episode closes with Dijkstra reflecting on the move from parliamentary work to the Digitale Doetank. In the Tweede Kamer, you have real leverage — motions, legislation, the power to compel. The frustration was that a lot gets said about digital autonomy and very little gets done. The gap between "we should do something about this" and "we are doing this" remained stubbornly wide.
The Doetank's purpose is to close that gap. To get past the talking-shop stage and actually implement things. For someone who spent years building the political case, being able to move to execution is, in his words, genuinely refreshing.
The podcast's working title is still in flux — they've been debating it, and Frank's face makes clear he hasn't fully committed to any option yet. What they have committed to is the format: current events, guests called in or seated at the table, and a deliberate openness about subject matter. Quantum computing, hydrogen, solar engineering students at TU Delft building Formula 1-grade vehicles. Technology and science where they touch society and people.
They'll keep doing it as long as they find it interesting. If they stop finding it interesting, they'll stop. That seems like a reasonable bar.
