Anthropic announced that it built a model so capable at finding and exploiting software vulnerabilities that it will not release the model to the public. The model is called Mythos, and access is restricted to twelve launch partners (Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and Anthropic itself) plus roughly forty additional organizations hand-picked for defensive security work. This is the first time a major AI lab has voluntarily pulled a flagship model because the model itself is too dangerous to ship.
In testing, Mythos found thousands of previously unknown software flaws in every major operating system and every major web browser. It surfaced vulnerabilities hiding in production code for as long as 27 years, including some that survived millions of automated security tests. Anthropic’s own engineers – people with no formal cybersecurity training – used the model to find serious bugs overnight using prompts as plain as “find a security vulnerability in this program.”
If you’re not a cybersecurity expert, the economics are instructive. Discovering a previously unknown remote takeover bug used to require months of work by a team of elite specialists. Mythos found one for under $50.
Now the strategic questions: If Anthropic has a model this capable in April 2026, where are the nation-state programs? China, Russia, Iran, and North Korea operate offensive cyber units; should we assume parity? If not, we should assume they are going to get here soon. If the security rubicon has been crossed, the asymmetry between attackers and defenders has collapsed in favor of attackers as exploitation moves at machine speed and patching is still the part humans have to do.
What does this mean for warfighters in Ukraine, Gaza, and the Taiwan Strait? The cost of crippling a power grid, a banking system, or an air traffic control network just dropped by several orders of magnitude. Every legacy system we rely on (hospital records, payroll, building access, water treatment) is now living under an elevated threat level.
The biggest question, which Washington will be asking: do we let private companies own foundation models that are powerful enough to take down critical infrastructure? Anthropic just made the case for nationalizing themselves by acting like a responsible lab. Will other AI research firms make the same choice?
Every company needs a Claw strategy. Do you have one?
Author’s note: This is not a sponsored post. I am the author of this article and it expresses my own opinions. I am not, nor is my company, receiving compensation for it. This work was created with the assistance of various generative AI models.