🧭 Career Digest Sunday, 24 May 2026

Career Compass: May 24, 2026

Mythos finds bugs faster than humans can patch — security jobs pivot. Karpathy joins Anthropic, signalling pre-training expertise is the hottest AI skill. Alibaba's AI codes for its own chips without humans. Duolingo's AI metric experiment fails.

1. Mythos Finds 10,000+ Vulns — Security Careers Just Pivoted

May 23, 2026 | Engadget, The Decoder

Anthropic’s Claude Mythos Preview found more than 10,000 security vulnerabilities across 50 organisations in a month. The bottleneck has shifted: the AI finds bugs faster than humans can fix them.

Old bottleneck: Finding vulnerabilities (rare skill, expensive, slow)
New bottleneck: Fixing vulnerabilities at AI speed (requires automation, triage, prioritisation)
Who wins: Security professionals who can remediate at speed — not those who hunt manually
Who loses: Manual pentesters who rely on discovery being the hard part

Why it matters: If you’re in AppSec, your job is changing whether you like it or not. The value isn’t in finding the vuln anymore — it’s in fixing it before the next one appears. That means your skillset needs to shift from “how to find bugs” to “how to build automated remediation pipelines.” The people who make that pivot will be in demand. The ones who don’t will find the market passing them by.

2. Karpathy Joins Anthropic — The Talent Signal

May 23, 2026 | RawPickAI

OpenAI co-founder Andrej Karpathy joining Anthropic’s pre-training team isn’t just a talent move — it’s a signal about where the next AI leap comes from. Pre-training, not post-training, is where he’s betting the next breakthrough lives.

What Karpathy is working on: Pre-training, not safety or alignment
Who he’s working with: Ilya Sutskever — the other high-profile pre-training hire
What this means for the field: Foundation-level innovation is back in fashion
What this means for your career: Pre-training expertise just became the most valuable AI skill on the market

Why it matters: When two of the most respected researchers in AI both join the same company to work on pre-training, the market should pay attention. Post-training has had its moment — RLHF, Constitutional AI, synthetic data fine-tuning. Karpathy and Sutskever are betting the next big gains come from how we train models at the base level. If you’re in AI research, pre-training experience on your CV just went up in value.

3. Alibaba’s AI Coded for Its Own Chip for 35 Hours — No Humans Involved

May 23, 2026 | The Decoder

Qwen3.7-Max ran autonomously for 35 hours writing, compiling, testing, and iterating kernel-level code for Alibaba’s custom silicon. The code wasn’t designed for human readability — it was targeting hardware directly.

Duration: 35 hours of unsupervised iteration
Domain: Kernel-level systems code for custom chip architecture
Human role: None — the AI wrote, tested, and optimised autonomously
Career implication: “Software engineer” is being redefined from writer to director

Why it matters: This is the kind of story that doesn’t get the attention it deserves because it sounds technical and niche. But it’s actually devastating for anyone who thinks “systems programming is safe.” If AI can write code for hardware humans can’t easily target, the question isn’t “can AI code?” — it’s “can you direct and verify AI-generated systems code?” That’s a different job description entirely.

4. Duolingo’s AI Metric Experiment Fails — What It Teaches Us

May 23, 2026 | Business Insider

Duolingo shelved plans to evaluate employees on AI tool usage after staff pushback. The lesson for anyone building an AI-augmented career: don’t optimise for the tool, optimise for the outcome.

What they tried: Measure prompt quality, AI output volume, tool adoption rates
Why it failed: Perverse incentives — employees optimised for AI metrics, not teaching outcomes
The lesson: The people who survive the AI transition won’t be the ones who use AI most. They’ll be the ones who use it best — and know when not to use it at all.

Why it matters: Duolingo is a useful parable for individual careers too. If you’re measuring your own AI “productivity” by how many prompts you write or how much AI-generated output you produce, you’re measuring the wrong thing. The metric that matters is the quality of the final outcome. AI is a multiplier. If you’re multiplying junk, you get more junk faster.

For NZ: The security talent pivot hits hard — NZ already struggles with AppSec capacity. The shift from discovery to remediation favours organisations that can move fast. And NZ’s AI skills pipeline isn’t producing pre-training experts. The gap is real.