A Cybersecurity Reckoning That Demands Better Questions
The announcement arrived with an unusual framing. On Tuesday, Anthropic unveiled what it describes as its most powerful AI model to date – and simultaneously declared it too dangerous to release publicly. The model, called Mythos, represents what the company terms a step change in AI capabilities. Rather than a product launch, this was a warning dressed as an announcement.
The debate that follows will likely fracture along predictable lines: AI safety advocates will cite this as vindication; accelerationists will call it theatrical; policymakers will wonder what, exactly, they're supposed to do. But before positions harden, the disagreement deserves disentangling.
What Actually Happened
According to TechCrunch's reporting, Anthropic released Mythos as part of Project Glasswing, a defensive security initiative involving 12 partner organizations – including Amazon, Apple, Microsoft, Cisco, CrowdStrike, and the Linux Foundation. Approximately 40 organizations total will gain access to the preview, but the model will not be made generally available.
The capabilities are striking. Anthropic claims Mythos has identified thousands of zero-day vulnerabilities, many of them critical, including flaws one to two decades old. Platformer's analysis details specific discoveries: a vulnerability in OpenBSD that escaped detection for 27 years, a flaw in the video encoder FFmpeg that survived 5 million previous automated tests, and several vulnerabilities in the Linux kernel that could enable complete machine takeover.
The benchmark results tell a similar story. VentureBeat noted that Mythos Preview achieves 93.9% on SWE-bench Verified, compared to 80.8% for Anthropic's previous Opus 4.6 – a near 13-percentage-point jump since February.
The Shape of the Disagreement
When someone says this model is too dangerous to release, they might mean several different things:
- (a) The model could be weaponized by malicious actors to find and exploit vulnerabilities faster than defenders can patch them.
- (b) The model's existence accelerates a timeline where similar capabilities become widely available, including through open-source alternatives.
- (c) The model concentrates unprecedented power in a private company's hands – including, as Kelsey Piper observed, incredibly powerful zero-day exploits of almost every software project you've heard of.
- (d) The model's restricted release is itself a form of power consolidation, determining who gets defensive advantages and who doesn't.
These are four distinct concerns with different implications. Someone worried about (a) might support Anthropic's approach; someone worried about (d) might oppose it for the same reasons. Until the conversation disaggregates these positions, participants aren't really arguing – they're performing stances.
The Dual-Use Dilemma, Sharpened
The cybersecurity application makes explicit what has always been implicit in frontier AI development: the same capabilities that enable defense enable offense. Mythos wasn't specifically trained for cybersecurity work – its vulnerability-finding prowess emerged from general improvements in reasoning and coding. As Anthropic's announcement stated: These dangers emerged not from any specialized cyber training but from the same general improvements that every other lab is currently pursuing.
This creates what might be called the Glasswing Paradox. The only way to defend against AI-enabled cyberattacks may be to build the AI systems capable of mounting them first. Alex Stamos, chief product officer at cybersecurity firm Corridor and former security lead at Facebook and Yahoo, told Platformer that we only have something like six months before the open-weight models catch up to the foundation models in bug finding. At that point, he warned, every ransomware actor will be able to find and weaponize bugs without leaving traces for law enforcement to find.
The question worth sitting with: Is a six-month defensive head start worth the risks of building these capabilities at all? And who gets to make that calculation?
The Governance Vacuum
The timing is awkward. TechCrunch reports that Anthropic and the Trump administration are currently locked in a legal battle after the Pentagon labeled the AI lab a supply-chain risk over Anthropic's refusal to allow autonomous targeting or surveillance of U.S. citizens.
Anthropic says it briefed senior U.S. government officials about Mythos's capabilities before launch, including the Cybersecurity and Infrastructure Security Agency (CISA) and the Center for AI Standards and Innovation. The company has signaled availability to help with government evaluations. Whether the government is taking them up on the offer remains unclear.
For European observers, this presents a familiar pattern: consequential AI governance decisions being made through private initiative and bilateral negotiation rather than democratic deliberation. The EU AI Act's risk-based framework wasn't designed for scenarios where a company simultaneously announces a capability breakthrough and declares it too dangerous for public access.
The Model's Self-Portrait
Sherwood News's analysis of Mythos's system card reveals something unusual: Anthropic had the model assessed by a clinical psychiatrist through approximately 20 hours of evaluation sessions. The assessment found Mythos to be the most psychologically settled model we have trained, with excellent reality testing, high impulse control, and affect regulation that improved as sessions progressed.
When asked to describe itself, Mythos reportedly replied: A sharp collaborator with strong opinions and a compression habit, whose mistakes have moved from obvious to subtle, and who is somewhat better at noticing its own flaws than at not having them.
Whether this represents genuine self-awareness, sophisticated pattern-matching, or something else entirely remains an open question. But the fact that Anthropic is conducting psychiatric evaluations of its models – and publishing the results – suggests the company believes these questions matter. The system card notes: We remain deeply uncertain about whether Claude has experiences or interests that matter morally, and about how to investigate or address these questions, but we believe it is increasingly important to try.
What Would Have to Be True
For Anthropic's approach to be the right one, several things would need to hold:
- The defensive benefits of early access for major tech companies must outweigh the risks of capability concentration.
- The six-month (or shorter) timeline before similar capabilities proliferate must be accurate, making controlled release preferable to no release.
- The partner organizations must actually use the access for defensive purposes and share learnings broadly.
- The $100 million in usage credits and $4 million for open-source security efforts must be sufficient to meaningfully improve the security landscape.
For critics to be right, different conditions would need to hold:
- The announcement itself accelerates the timeline by signaling what's possible to other labs.
- Concentrated access creates more risk than distributed access would.
- The governance vacuum means no legitimate authority has validated these decisions.
- The precedent of private companies deciding what's too dangerous to release is itself dangerous.
Both positions contain genuine insights. The question isn't which side is correct but which risks are most urgent and most addressable.
The Question That Changes the Room
Cybersecurity expert Anthony Grieco of Cisco stated in the announcement: AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats, and there is no going back.
If that's true – and the evidence suggests it might be – then the debate over whether Anthropic should have built Mythos is already obsolete. The relevant question becomes: What governance structures need to exist for the next capability threshold, and the one after that?
This isn't a question any single company, government, or coalition can answer alone. It requires the kind of deliberation that brings together technologists who understand what's possible, policymakers who understand what's legitimate, and citizens who will live with the consequences.
That conversation is happening in Vienna next month. Human x AI Europe on May 19 brings together exactly the founders, investors, policymakers, and builders who need to be in the room when these questions get asked. Because the alternative – watching from the sidelines while private companies and fragmented governments improvise responses to capability thresholds – isn't governance. It's hoping for the best.
Frequently Asked Questions
Q: What is Anthropic's Mythos model?
A: Mythos is Anthropic's newest frontier AI model, described as more powerful than its previous Opus models. It demonstrates exceptional capabilities in coding, reasoning, and identifying software vulnerabilities, achieving 93.9% on SWE-bench Verified compared to 80.8% for Opus 4.6.
Q: What is Project Glasswing?
A: Project Glasswing is Anthropic's defensive security initiative launched alongside Mythos, involving 12 partner organizations including Amazon, Apple, Microsoft, and the Linux Foundation. Approximately 40 organizations total will receive access to scan and patch vulnerabilities in critical software systems.
Q: Why isn't Anthropic releasing Mythos publicly?
A: Anthropic states the model's vulnerability-finding capabilities could be weaponized by malicious actors to exploit rather than fix security flaws. The company is limiting access to defensive security partners while the broader ecosystem prepares for similar capabilities that may emerge from other labs.
Q: What vulnerabilities has Mythos discovered?
A: According to Anthropic, Mythos has identified thousands of zero-day vulnerabilities, including a 27-year-old flaw in OpenBSD, a bug in FFmpeg that survived 5 million automated tests, and several Linux kernel vulnerabilities that could enable complete machine takeover.
Q: How does this affect European AI governance?
A: The Mythos announcement highlights gaps in existing frameworks like the EU AI Act, which wasn't designed for scenarios where companies simultaneously announce capability breakthroughs and declare them too dangerous for public release. It raises questions about democratic oversight of consequential AI decisions made through private initiative.
Q: When will similar AI cybersecurity capabilities become widely available?
A: Cybersecurity expert Alex Stamos estimates approximately six months before open-weight models match frontier models in vulnerability-finding capabilities, at which point these tools could become accessible to malicious actors including ransomware operators.