Mythos moment is a wake-up call

WHEN Anthropic, the San Francisco-based artificial intelligence (AI) company, announced its new frontier model on April 7, the news startled governments and corporations around the world. In pre-release testing, Claude Mythos had autonomously identified thousands of previously unknown software flaws — so-called zero-day vulnerabilities — across every major operating system and major web browser.

More striking still, Anthropic chose not to release the model publicly. Mythos was instead made available to roughly 50 partners, including Amazon Web Services, Apple, Google, Microsoft, JPMorgan Chase and the Linux Foundation, under an initiative called Project Glasswing. A week later, OpenAI followed with a similarly restricted release of GPT-5.4-Cyber, a variant of its flagship model trained for defensive cybersecurity work and limited to vetted users.

The decision by two of the world’s leading AI companies to withhold their most powerful tools from the public marks an inflection point. For most of the past three years, AI laboratories have competed to put new models in the hands of as many users as possible, as fast as possible. Now, the same firms are acknowledging that some capabilities are too dangerous to release without controls.

It is not hard to see why. Large language models have advanced remarkably over the past 18 months. They can draft polished prose, complete in hours research that once took consultants weeks, identify candidates for drug discovery, write code and build production-grade websites and applications. They can operate autonomously for extended periods. On many benchmarks, they now approach the performance of trained professionals.

The benefits are real. AI has the potential to lift productivity in agriculture, broaden the reach of public health and education, and transform whole sectors. But the technology is dual-use by design. The same capabilities that help defenders find and patch software flaws can help attackers exploit them. According to Anthropic’s own published assessment, engineers with no formal security training were able to ask Mythos to find remote-code-execution vulnerabilities overnight, and wake up to a complete working exploit. The cost of one such chain was under $2,000.

This matters because cybercrime is no longer a fringe concern. Cybersecurity Ventures, an industry research firm, estimates that global cybercrime damages reached $10.5 trillion in 2025 — a figure that, were cybercrime a country, would make it the world’s third-largest economy after the United States and China. More conservative estimates from outlets such as Cyber Defense Magazine put direct losses in the $1.2-1.5 trillion range. Either way, AI-driven phishing campaigns, deepfake fraud and adaptive malware are already widespread. SoSafe’s 2025 Cybercrime Trends report found that 87 per cent of global organisations had experienced an AI-powered cyberattack in the previous 12 months.

The euphoria around ‘vibe coding’ — the recent explosion in amateur software development enabled by AI — was always going to be tempered by concerns over its mirror image: vibe hacking. If cyberattack tools that once required state-level resources become available at the price of an API (Application Programming Interface) call, the asymmetry between attackers and defenders could shift abruptly.

Whether models such as Mythos will ultimately help defenders more than attackers is unsettled. Anthropic argues that controlled access gives defenders a head start. Independent researchers at AISLE (an AI-native cybersecurity company) have shown that smaller, openly available models can already replicate much of Mythos’ analysis. A more difficult question is whether the world is comfortable with frontier AI capabilities being held by a handful of firms — fewer than half a dozen in the US, with a comparable group in China — and parcelled out to chosen partners. Open-source AI has helped diffuse the technology’s benefits globally. Restrictions, however well-intentioned, risk entrenching a tech oligopoly, dulling competition and tempting those in possession of the most powerful models to use them against perceived adversaries. The history of managing dual-use technologies is not reassuring on this front.

A second lesson is that AI readiness must become a top-tier priority for governments. That means three capacities at once: to deploy AI productively across the economy; to research and develop it domestically; and to govern against misuse. The mood in some capitals has turned against regulation, but the global picture is more nuanced. The European Union is implementing risk-based guardrails through its AI Act. China has moved quickly to address harms to children, including emotional dependence on chatbots. The instruments — legislation, executive guidance or co-regulation with industry — are a sovereign choice. Stepping away from the responsibility is not.

Finally, Mythos is a reminder that AI does not respect borders. Its impacts cross jurisdictions at the speed of light, and so must any credible response. The release of DeepSeek R1, a powerful open-source model, from China in January 2025, made it clear that breakthroughs can come from anywhere. Common standards for safety, interoperability and responsible use will not emerge from any country acting alone.

This is the backdrop for the first Global Dialogue on AI Governance, which convenes in Geneva on July 6-7. The Dialogue, established by a resolution of the United Nations General Assembly in August 2025, is paired with a new Independent International Scientific Panel on AI, tasked with regularly assessing the technology’s opportunities and risks. Governments, scientists, civil society and the private sector will, for the first time, meet at the United Nations to debate AI’s potential to accelerate development as well as the risks it poses to safety, security, inclusion, cultural and linguistic diversity, and human rights. Building AI capacity in less-developed economies will be on the agenda too.

The Mythos moment will not be the last of its kind. Surprise breakthroughs are arriving every few months. The work of patching vulnerable systems, training defenders and building shared rules of the road has barely begun. There is no time to waste — starting with the weakly protected websites and software that still hold up much of the digital economy.