Lazarus Doesn't Need AGI

The unauthorized access to Anthropic's Claude Mythos model is framed not just as an AI security incident but as a structural supply chain problem with serious geopolitical implications. North Korea's Lazarus Group and TraderTraitor don't need AGI — they need modest productivity gains from AI tools to amplify their already-documented $2B+ annual cryptocurrency theft pipeline, which directly funds WMD programs. Three distinct attack vectors are outlined: contractor misuse, fraudulent hiring via fake identities, and supply chain compromise. The piece argues that 'controlled release' of AI models is largely illusory when third-party contractors expand the attack surface, and calls on AI labs, crypto exchanges, CISOs, and policymakers to treat DPRK as a first-class threat actor in AI access governance — including extending dual-use export controls to AI capabilities.