An AI found 271 security flaws in Firefox overnight. The model was too dangerous to release, but users got access anyway through Discord.
An AI model discovered 271 security vulnerabilities in Firefox in a single night. Every one of them was previously unknown. The company behind it, Anthropic, considered the capability so dangerous that it refused to release the model publicly. And yet, a small group of users found their way in anyway, not through any hack, but simply because they knew where to look on Discord.
That detail sits at the center of a broader anxiety about where AI is taking us. Two Dutch tech and policy enthusiasts, co-hosting their very first podcast episode from a room in a church building in Breukelen, use it as the opening thread to pull on. Frank, a self-described "tech nerd" working at a startup building podcast tools while moonlighting with a techno DJ on weekends, and Jakko, who works on socially responsible digitalization for Dutch municipalities, find that they had independently chosen almost the same topic to discuss. That overlap is not a coincidence. It reflects a genuine unease spreading through anyone paying close attention to the pace of AI development.
The Firefox case is striking not just for the number of vulnerabilities found, but for what it implies about scalability. The question is not whether an AI can spot one or two bugs in a codebase. The question is whether the patterns it identifies in one system can be extrapolated to others. If they can, then the ability to scan entire digital infrastructures for exploitable weaknesses becomes trivially cheap for anyone with access.
Jakko draws the comparison plainly: handing this kind of capability to the wrong actor is like giving someone an atomic bomb and hoping they have the wisdom to use it responsibly. His assessment of humanity's collective readiness is not optimistic. "Are we as humanity wise enough to handle this kind of intelligence? I fear the answer is that we certainly are not all of us."
I fear the answer is that we certainly are not all of us.
The model at the center of this, referred to as "Mitels" and connected to what Anthropic called Project Glasswing, was made available only to a select group of large partners, primarily major American companies. That selective access creates its own power dynamic. The firms that already dominate the cybersecurity market now have a significant head start on everyone else, including European governments and smaller Dutch security vendors who cannot offer the same level of capability. Digital autonomy, already a fragile concept, becomes harder to defend when the most powerful tools are concentrated in a handful of hands.
Jesse Dijkstra, a member of parliament for Nieuw Sociaal Contract and a former intelligence service officer, joins the conversation by phone to offer a more granular analysis. He is careful not to overstate what is publicly known about the model's actual capabilities, but he does point to a structural shift in how cyberattacks and defenses will be conducted.
"There will be a very different game emerging from this, whereby it could well be that a few companies, for example those with access to Mitels and its successors, get an enormous head start in the IT security market." — Jesse Dijkstra
The concept he introduces is "purple teaming," a combination of red team (attackers) and blue team (defenders) exercises, where AI is used simultaneously to find vulnerabilities and to develop fixes. The promise is that defenders who deploy this well can patch their systems faster than attackers can exploit them. The problem is that not every organization has that capability. Attackers, by contrast, can scan thousands of systems in parallel without needing to patch anything. The asymmetry may actually favor offense in the short term.
For the Netherlands specifically, Dijkstra flags a practical problem that predates any AI development: patching known vulnerabilities and responding to cyber incidents already takes far too long. The same day of the recording, news broke that the municipality of Epen had lost a significant quantity of personal data to a breach. That kind of incident has become routine, and the pace at which AI tooling is being deployed against public infrastructure means the window for response is shrinking, not growing.
On the political side, a motion put forward by Katman passed the Dutch parliament with 141 votes in favor, calling on the government not to extend the contract with the company set to take over the relevant service if that acquisition proceeds. Dijkstra reads this as a meaningful signal of a broader shift: Dutch politics is increasingly willing to scrutinize which critical services get outsourced and to whom.
Digital autonomy crosses left and right. It may be the only policy area where nearly every party in parliament consistently votes together.
Whether the government actually follows through is a separate question. Motions are political instruments, not binding orders. The cabinet can decline to act, though Dijkstra suggests they would need a compelling justification given the overwhelming parliamentary majority. A concurrent court case, brought by a senior figure at Logius, adds further legal pressure, though the jurisprudence in this area is still too thin to predict which way a judge would rule.
The deeper issue Dijkstra raises is one of strategic dependency. Using an Anthropic model to find vulnerabilities in Dutch government systems is not inherently wrong. Having no independent capability to evaluate what that model finds, however, is a problem. The Dutch state needs its own sovereign view of its digital infrastructure, not one mediated entirely through a private American company's tooling, however well-intentioned that company might be.
The second major theme of the episode comes from the robotics fair held in Shenzhen, China, where footage circulated of humanoid robots performing tasks that, until recently, were considered safely in the domain of human labor.
Frank's personal entry point is his son, who recently chose a vocational path in woodworking and furniture after being told, at a career fair, that his original media-oriented direction probably would not exist as a profession in ten years. The advice is blunt: learn something with your hands. There will be work.
But even that reassurance is now uncertain. Frank had already seen, at close range, a bricklaying robot developed by the startup Terraform, which shared office space with his own company. Every day, he watched the robot get faster and more precise. The business model is not to sell the robots but to lease the service: construction firms sign contracts and get access to the capability without owning the hardware. Upload a house design, and the robot builds it. One operator, standing by.
A van pulls up with humanoids inside, and they assemble your house.
The AI injection happening now, combined with hardware that is already functional in real construction environments, makes it plausible, in the view of both hosts, that this scenario plays out within ten to fifteen years. Dijkstra does not push back. The question of which professions survive and which do not is one that neither optimism nor pessimism resolves cleanly. Ninety percent of jobs being at risk over the next few years, as Frank puts it, sounds dramatic. He acknowledges that. But the trend lines are what they are, and the robotics fair footage does not suggest the curve is flattening.
Jakko and Frank are explicit about what they are building, and equally explicit about what they are not. This is not a show for experts talking to experts in jargon. It is closer to a conversation between two curious people who happen to have good access to interesting thinkers, including former intelligence officers, parliamentarians, and engineers working on quantum computing or solar-powered vehicles built by TU Delft students.
The format involves current events, a guest on the phone offering a specific perspective, and longer studio conversations with people who have deep knowledge of a particular subject. The intersection they keep returning to is technology and science as they meet society and human behavior. That framing is deliberately wide, because neither host wants to be confined to a niche. The agenda, as they put it, is entirely open.
For a first episode recorded in a church building with borrowed equipment and a guest reached over a slightly unreliable phone connection, the conversation covers more consequential ground than most polished productions manage. The central worry threading through all of it is simple: the tools are arriving faster than the wisdom to use them well. Whether that gap closes before something breaks is the question worth watching.
