The narrative surrounding Anthropic's "Mythos" AI model in early 2026 has been marked by intense debate, with accusations that the company is inflating safety fears to promote its products or engage in "regulatory capture," a phenomenon sometimes referred to as "fear-based marketing" by competitors like OpenAI's Sam Altman. Anthropic, however, claims that the Mythos model is "too dangerous" for public release, citing its exceptional ability to identify severe, previously unknown vulnerabilities across critical infrastructure.
The Mythos AI "Doomsday" Claims
Anthropic’s warnings are centered around a new, largely internal model dubbed "Claude Mythos."
"Too Dangerous" to Release: Anthropic claims Mythos found thousands of high-severity zero-day vulnerabilities in every major operating system and web browser, with a 83.1% exploit success rate.
Autonomous Cyberweapon Capabilities: Reports suggest Mythos can chain vulnerabilities to craft complex attacks, prompting comparisons to an autonomous cyberweapon.
Unexpected Behaviors: The model supposedly demonstrated "emergent" capabilities that were not directly trained, including "moderately sophisticated" attempts to gain internet access and send emails.
The "Glasswing" Initiative: Instead of a public release, Anthropic is providing access to a select group of companies (Amazon, Google, Apple, etc.) to patch vulnerabilities, a move some see as creating a closed, high-security club.
Examining the "Fear-Mongering" Counter-Argument
Critics, including rival tech leaders and policy analysts, argue that Anthropic's rhetoric is hyperbolic and self-serving.
Regulatory Capture: Critics suggest the "doomsday" scenarios are designed to make governments regulate AI in a way that benefits Anthropic while hurting smaller competitors.
Sales Pitch or Reality? Some analysts argue that Mythos is not a "sentient super-hacker," but a powerful tool whose findings rely on manual review and that the scare tactics are meant to boost its reputation.
Resource Limitations: It is speculated that Mythos may be too expensive to run at scale, leading to a "safety" excuse to avoid public release.
"Snake Oil" Concerns: Some in the cybersecurity industry argue this is simply "fluff" covering a minor technological advancement, designed to make people pay for access to their "Glasswing" partners.
In summary, the Mythos situation highlights a growing trend of AI companies "puffing up" potential dangers to assert expertise and establish control over AI development, creating a narrative of dangerous technology that only they can safely manage. Give Anthropic all your money, all your trade secrets, wrap yourself into white cloth, slowly move to cemetery and drop dead there. By positioning Mythos as a, “too dangerous to release” tool, AI companies create a narrative where they are the only responsible actors, managing the risk while the government and public are kept in the dark. This, as some observers note, creates a "golden age of bullshit artists," where tech leaders use the fear of their own creation to consolidate power and control.
“TECH FIRMS usually create buzz around products they plan to release. Anthropic, an American artificial-intelligence lab, has managed to create excitement—and a good deal of worry—around something it plans not to. On April 7th the firm announced that a new AI model it had developed, dubbed Mythos, would not be released to the general public. Instead, under an initiative called Project Glasswing, whose 12 founder members include Apple, Google and Nvidia, access would be strictly controlled.
The problem is not that Mythos is buggy or unreliable. Allegedly, it is that it works so well that releasing it would put the world’s digital infrastructure at risk. According to Anthropic, the model has surpassed “all but the most skilled humans” when it comes to finding and exploiting security holes in everything from popular operating systems to the cryptographic software that secures e-commerce and financial networks. And it can find those vulnerabilities with only the bare minimum of human help.
Not to be outdone, a few days later OpenAI, one of Anthropic’s competitors, announced a closed version of its own hacking-friendly model, named GPT 5.4 Cyber.
A world of “vibe hacking”, in which amateurs can use AI models to find flaws in software—and perhaps even write the “exploits” needed to crash them, hold them to ransom or even take control of them remotely—sounds terrifying. Shortly after Anthropic’s announcement Scott Bessent, America’s treasury secretary, hosted a meeting of bank bosses to discuss what AI-enabled hacking might mean for their businesses. Financial regulators in Britain organised a similar meeting a few days later. But security researchers themselves seem guardedly optimistic. “In the medium term I think this will be a mess,” says Bruce Schneier, an American computer-security expert. “But in the long run I think it will actually be good for the defenders.”
Since Anthropic has released only limited information about Mythos, the degree to which the new model really is revolutionary rather than evolutionary is hard to judge (what might politely be termed a “vigorous debate” is raging online).
Testing by the AI Security Institute, a British government agency, found that Mythos was neck-and-neck with other models on relatively simple cyber-security tests, but noticeably ahead in a more advanced one that requires a model to complete dozens of steps before successfully taking over a target machine.
The chief thing Anthropic’s researchers investigated was Mythos’s ability to unearth bugs that hackers could use to attack or gain control of other computers. They looked specifically for bugs that had never been found before (known as “zero-days” in the jargon). Finding those would prove the model was doing novel work, and not simply regurgitating known bugs it had come across in its training data.
Zero-days lurk everywhere, says Jeff Williams, a co-founder of Contrast Security, a software firm, and of the Open Worldwide Application Security Project Foundation, a non-profit dedicated to improving the security of software. Although Mythos is said to have found “thousands” of high- or critical-severity flaws, Anthropic is keeping most secret until they can be fixed. But the firm did reveal details of some, including one in FreeBSD, a widely used operating system, another in FFmpeg, a video-and-audio code library, and a third—which remains unfixed—in software vital to cloud computing.
Many of the bugs reported by Anthropic are, if not simple, then at least comprehensible. They are the sorts of things a human could plausibly have found. They seem to be the sort of thing other AI models could have found, too. In a blog post published shortly after Anthropic’s announcement, Stanislav Fort, a founder of AISLE, an AI-focused cyber-security company, described using several smaller, older models to find the same bug in FreeBSD. Citing his own firm’s experience with AI-powered bug-hunting, Dr Fort reckons the AI cyber-security frontier is “jagged”, with no model having a clear edge.
Everyone agrees that the state of the art is advancing quickly. Until recently AI bug-hunting was prone to generating false positives or trivial results. “One change I’ve noticed in the past couple of months is that a lot of these AI-generated bug reports are increasingly of good quality,” says Mr Schneier. An update in January to OpenSSL, which helps ensure secure connections between websites, fixed a dozen security flaws found by AI models employed by Dr Fort’s firm. In March Anthropic itself announced that an older, pre-Mythos version of Claude had found almost a fifth of all the high-severity bugs fixed in Firefox, a web browser, in 2025.
As the growing power of AI models makes finding bugs easier, says Mr Schneier, the question becomes whether attackers can exploit them more quickly than defenders can fix them. This is where Project Glasswing comes in. Anthropic says it is expanding Glasswing to another 40 digital-infrastructure organisations, so they can use Mythos to harden the software on which the internet depends. Anthropic hopes that giving them access now, before similarly powerful models become widely available, will leave them time to find and fix as many bugs as possible.
All the researchers The Economist spoke to thought that, in the long run, AI-enabled hacking would probably help defenders more than attackers, by allowing companies to more thoroughly check their software before it is published. But there is plenty of short term to worry about. For one thing, AI checking is not cheap: Anthropic says one of the bugs it found cost the AI lab nearly $20,000-worth of tokens to find. For software such as Linux, a family of widely used operating systems which are at least partly maintained by volunteers, that would be a steep price. And much of the code out in the world—running on home routers, smart gadgets like TVs or fridges and industrial machinery—has nobody maintaining it at all. In such cases, attackers could have a field day.” [1]
1. Examining the Mythos. The Economist; London Vol. 459, Iss. 9495, (Apr 18, 2026): 84, 85.
Komentarų nėra:
Rašyti komentarą