Anthropic just built an AI so good at breaking code that it won't let most people use it, and central banks are now watching.
The Summary
- Anthropic announced Mythos, an AI model it claims is too dangerous for public release because it's exceptionally good at finding software vulnerabilities that could enable cyberattacks
- Australia's Reserve Bank and New Zealand's central bank are both monitoring the situation, concerned about threats to critical infrastructure
- Anthropic will only release Mythos to a limited number of vetted parties, marking a shift from the "move fast" era to something more like controlled nuclear material
- AI bug-finding tools are already discovering serious software flaws at scale, with one program finding 200 critical issues in roughly a week
The Signal
Anthropic calls Mythos too powerful for general release because of its ability to identify vulnerabilities in software and computer systems. The company's positioning is deliberate: this isn't a product launch, it's a containment strategy. If Mythos reaches the wrong hands, Anthropic warns, attackers gain a sophisticated weapon for data theft and infrastructure disruption.
The concern is real enough that both the Reserve Bank of Australia and Reserve Bank of New Zealand issued statements saying they're monitoring developments. Central banks don't typically comment on AI model releases. When they do, it signals they see systemic risk to financial infrastructure and payment systems.
"AI giant has described the model as so good at finding vulnerabilities in software and computer systems that it will only be released to a limited number of carefully chosen parties."
This isn't theoretical. AI tools are already finding thousands of software flaws. One bug-tracking program identified 200 serious issues in about a week. That's before Mythos. The implication: today's security tools are already outmatched, and the gap is about to widen.
What makes Mythos different from existing AI security tools:
- Scale: finds vulnerabilities across entire codebases faster than human review
- Sophistication: identifies logic flaws and attack chains, not just known patterns
- Accessibility risk: if democratized, gives script kiddies nation-state capabilities
Anthropic's controlled release approach creates a new dynamic. The most powerful security AI won't defend everyone equally. Organizations that get access to Mythos can harden their systems. Everyone else is exposed to attackers who might gain access through leaks, theft, or independent development of similar tools.
The timing matters. This announcement comes as AI capabilities in code generation and analysis are compounding rapidly. GitHub Copilot writes code. Cursor refactors entire projects. Now Mythos breaks them systematically. The offense-defense balance in cybersecurity just tilted hard toward offense, and the company that built the tilt is trying to control who gets to use it.
The Implication
If you run infrastructure that matters, assume someone is already using AI to probe it. The cat is out of the bag on AI-powered vulnerability scanning, even if Mythos stays locked down. Security teams need to adopt AI defenses now, not when their board asks why they got breached by an automated attack they never saw coming.
Watch for other AI labs to make similar announcements. Anthropic just set the template for "too dangerous to release" as a marketing and safety position. That framing gives them control over a powerful tool while signaling responsibility. Expect competitors to follow with their own restricted-access models, creating a two-tier internet: hardened systems defended by frontier AI, and everything else.