By Christian Martin
Let us dispense with the polite fictions immediately. Anthropic wants you to believe it is deeply, existentially concerned about the fate of humanity. The company speaks in reverent tones about frontier AI and the profound responsibilities that accompany models capable of reshaping our digital infrastructure. Yet their actions tell a rather different story, one that increasingly resembles performance art rather than principle.
Consider what we now know about Mythos. Working with Mozilla’s security team, the model identified 271 previously unknown vulnerabilities in Firefox, some of which had sat undetected for fifteen to twenty years. Mozilla shipped 423 bug fixes in a single month following that engagement: thirteen times its output from the same month the previous year. Researchers at Calif, a Palo Alto-based security firm, used Mythos to produce the first public macOS kernel memory corruption exploit on M5 silicon in five days. Five days. Apple had spent five years and an estimated multi-billion-dollar budget engineering the exact defenses that were bypassed, by chaining two bugs and a handful of memory corruption techniques that the AI identified with minimal human direction.
Britain’s AI Safety Institute independently evaluated the model. Mythos achieves a 73% success rate on expert-level capture-the-flag tasks, a threshold no previous model had crossed. It is the first model to complete a simulated 32-step corporate network attack from start to finish. Human experts were estimated to need 20 hours for the same exercise. Mythos averaged 22 of 32 steps across all attempts, and completed the full chain in three of ten tries.
These are not benchmark abstractions. They are operational capabilities. This is a tool that can autonomously discover, chain, and exploit vulnerabilities in production software at a speed and scale that no human security team can match.
The selective stewardship
Now here is where the narrative curdles into something resembling farce. Anthropic has restricted Mythos access to a hand-picked group of organisations, overwhelmingly American, through a programme called Project Glasswing. JPMorgan Chase. Goldman Sachs. Bank of America. Citi. Morgan Stanley. CrowdStrike. Apple. Palo Alto Networks. Roughly 40 companies in total. The rest of the world, including the organisations running nuclear reactors, power grids, water treatment facilities, and hospital networks across Europe, Asia, Africa, and South America, can apparently wait.
Anthropic’s position, to the extent one can extract coherence from it, seems to be that these foreign critical infrastructure operators have no genuine need for Mythos. At least not yet. The company has positioned itself as the arbiter of who deserves frontier AI security capabilities and who does not. This is not stewardship. It is gatekeeping dressed in philosophical garb.
The hypocrisy crystallises around a single uncomfortable question. If Mythos is truly so powerful that its mishandling could threaten human civilisation, why is Anthropic comfortable deploying it within a handful of American financial institutions while denying it to the engineers responsible for preventing nuclear meltdowns in France or grid collapses in Japan? Either the model represents an existential risk that demands the broadest possible defensive deployment, or the company’s rhetoric about existential risk is largely performative.
There is no coherent third position.
The White House discovers it cannot un-ring the bell
The government’s response has been revealing in its own right. Vice President JD Vance convened an emergency call with the most powerful figures in American technology: Elon Musk, OpenAI’s Sam Altman, Anthropic’s own Dario Amodei, Google’s Sundar Pichai, and Microsoft’s Satya Nadella. Vance’s message, as reported, was blunt: models like Mythos threatened to disrupt small-town banks, hospitals, and water treatment plants by enabling cyberattacks that local governments were not equipped to handle.
The administration that campaigned on reducing barriers to AI deployment is now constructing bespoke barriers for a single company’s product. Sean Cairncross, the National Cyber Director, is personally managing Mythos access decisions. A bipartisan group of 32 House lawmakers has written to Cairncross demanding immediate action on AI-generated vulnerability disclosures. German banks are consulting national authorities. The Bank of England has intensified its AI risk testing programme.
The White House has asked Anthropic to pause any expansion of Glasswing access. The company that claimed to be managing a carefully controlled, responsible rollout is now being managed by the executive branch of the United States government. That is a rather different kind of responsibility.
The security industry’s inconvenient adaptation
Consider the bug bounty industry’s response to all of this. Ethical hackers are not cowering in fear. They are integrating AI into their workflows, using it to identify higher-severity vulnerabilities rather than drowning in low-value noise. Bugcrowd’s chief executive acknowledges that AI will become increasingly capable and self-sufficient at this work. HackerOne reports a 76% year-over-year increase in vulnerability submissions.
The market is adapting because it has no choice. But those adaptations are happening unevenly, and that unevenness is a policy choice, not an inevitability.
A security researcher with legitimate defensive needs in Germany, or India, or Brazil has no sanctioned route to access these tools. They are not on the list. They did not receive an invitation to Glasswing. Meanwhile, the organisations managing the world’s most sensitive infrastructure, outside the narrow geography Anthropic has deemed acceptable, are attempting to defend against capabilities that a select group of American institutions already wield offensively, in controlled environments.
The containment strategy, such as it is, consists of hoping the knowledge does not spread to adversaries while denying it to allies.
Naming what is actually happening
Let us be direct about what Anthropic has constructed with Mythos. A scarcity narrative that serves multiple purposes simultaneously. It generates regulatory attention and political relevance. It positions the company as a responsible steward rather than a commercial entity seeking competitive advantage. It allows Anthropic to control which security researchers and organisations gain a generational leap in capability while its competitors scramble to catch up.
The company claims to be protecting humanity from premature or dangerous deployment. The more plausible interpretation is that Anthropic is protecting its market position while enjoying the psychic benefits of appearing to wrestle with godlike responsibilities.
Project Glasswing comes with $100 million in usage credits, $2.5 million for open-source security foundations, and a well-crafted press release. What it does not come with is any coherent argument for why the power grid operators in South Korea or Brazil are less deserving of defensive AI capabilities than the trading desks of American banks.
No serious person disputes that frontier AI models require careful handling. But careful handling does not mean exclusive handling. The organisations running the world’s most sensitive infrastructure need these defensive capabilities as urgently as any American financial institution. Anthropic knows this. The White House knows this. The only remaining question is whether the company will abandon its convenient paternalism and acknowledge that security, unlike the virtue-signalling that surrounds it, does not respect national borders.
Until then, treat the existential concern rhetoric with the scepticism it deserves. Anthropic is not saving humanity. It is curating a customer list.
Sources: Wall Street Journal, "Anthropic Lets Mythos Users Share Cyber Threats With Others"; Wall Street Journal, "Trump, AI, Anthropic, Mythos Regulation"; UK AI Safety Institute, evaluation of Claude Mythos Preview’s cyber capabilities.