It's official: you can no longer afford to be lazy with your online security.
Anthropic's historic Mythos announcement yesterday was the point of no return.
It's not public yet, but once bad actors get access to these god-like models (and they inevitably will)...
You'll be faced with cybersecurity attacks so advanced that most people won't even realize they've been compromised until it's too late.
It's like COVID for software.
This is why your online security needs to be airtight starting now.
Karpathy's Digital Hygiene Guide
Last year, @karpathy (OpenAI cofounder) put together a digital hygiene guide that covers the fundamentals of securing yourself in the AI era.
It's one of the best starting points I've seen.
Here's every step you should take to stay secure in these uncharted times:
1. Use a password manager (ex: 1Password)
Generate a unique, random password for every account you have.
If one service gets breached, attackers try those same credentials everywhere else.
A password manager kills that risk completely and autofills everything, so it's actually faster than reusing passwords.
2. Set up hardware security keys (ex: YubiKey)
These are physical devices that act as your second factor. Something an attacker would need to physically hold to log in.
Phone-based verification codes are dangerously easy to steal through SIM swapping (where someone calls your carrier, pretends to be you, and redirects your number to their phone).
Buy 2 or 3 YubiKeys and store them in different locations so you don't get locked out if you lose one.
3. Enable biometrics everywhere
Face ID, fingerprint, whatever your device supports. Set it up on your password manager, banking apps, anything sensitive.
It's the third authentication layer: something you are.
No one can steal your face from a database.
4. Treat security questions like passwords
"What's your mother's maiden name?" is Googleable in about 10 seconds.
Generate random answers to security questions and store them in your password manager alongside your passwords.
Never answer these truthfully.
5. Turn on disk encryption
On Mac it's called FileVault. On Windows it's BitLocker.
If your laptop gets stolen, disk encryption means the thief gets a useless brick instead of every file you've ever created.
Takes 2 minutes to enable and runs silently in the background.
6. Minimize smart home devices
Every "smart" device is an internet-connected computer with a microphone sitting in your house.
They collect data, phone home constantly, and get hacked regularly.
That Wi-Fi-connected air quality monitor from Amazon doesn't need to know your precise GPS coordinates.
Fewer connected devices means fewer entry points into your network.
7. Switch to Signal for messaging
Signal encrypts your messages end-to-end so nobody (not Signal, not your carrier, not anyone intercepting the data) can read them.
Regular text messages and even iMessage store metadata (data about your messages like who you talked to, when, and how often) that anyone with access can analyze.
Turn on disappearing messages (90 days is a good default) so old conversations can't become a liability.
8. Use a privacy-focused browser (ex: Brave)
It's built on Chromium, so all your Chrome extensions work and it feels identical.
9. Switch your default search engine to Brave Search.
Why? Because it has its own independent index (unlike DuckDuckGo, which is basically a skin on Bing).
If a search result isn't great, just add "!g" to redirect that specific query to Google.
$3/month for premium. Worth it to be the customer instead of the product.
10. Use virtual credit cards (ex: Privacy .com)
Mint a new card number for every merchant.
Set spending limits per card. Enter completely random billing info for your name and address.
If a merchant gets breached, attackers get one disposable card number instead of your real financial identity. Also means no merchant has your actual home address.
11. Get a virtual mailing address
Services like Virtual Post Mail receive your physical mail, scan it, and let you view it digitally.
You decide what to shred and what to forward.
So you stop giving your real home address to every random internet merchant that asks for it during checkout.
12. Stop clicking links in emails
Email addresses are trivially easy to spoof. With AI, phishing emails now look indistinguishable from real ones.
Instead of clicking, manually navigate to the website yourself and log in from there.
Also disable automatic image loading in your email settings, because embedded images are used to track whether you opened the message.
13. Use a VPN selectively (ex: Mullvad)
A VPN (Virtual Private Network) hides your IP address (the unique number that identifies your device and location on the internet) from the services you connect to.
You don't need it on 24/7, but turn it on when you're on public Wi-Fi or dealing with services you trust less.
14. Set up DNS-level ad blocking (ex: NextDNS)
DNS is basically the phonebook your device uses to find websites, and blocking at this level means ads and trackers get killed before they even load.
Works across every app and browser on your device.
15. Install a network monitor (ex: Little Snitch on Mac)
This shows you which apps on your computer are communicating, how much data they're sending, and where it's going.
Any app that's calling home more than you'd expect is suspicious and probably worth uninstalling.
Right now, Mythos is only in the hands of the Project Glasswing defenders (Anthropic, Apple, Google, etc.).
But bad actors will get Mythos-like models very soon (<6 months, probably sooner). This is why it's urgent you shore up your security now.
15 minutes of setup now saves you from a disaster of problems later.
Stay safe and good luck.
*P.S. I'm hosting a Claude Cowork workshop on April 22, where I'll teach you how to leverage it to get the output of a $500k/year marketing team.*
*180 people joined last time.*
*You can pre-register to reserve a spot here (no payment needed): https://tally.so/r/LZbxKl*
