Anthropic says its new AI is too dangerous to release, but the smartest people in the room aren't buying it.
The Summary
- Anthropic announced it's withholding its Mythos AI model from public release, claiming it could let non-experts exploit major operating system vulnerabilities
- Instead of going wide, they're giving "Claude Mythos Preview" to 11 organizations (Google, Microsoft, AWS, JPMorgan, Nvidia) via "Project Glasswing"
- AI researcher Gary Marcus called it "overblown" and said "we were played," suggesting this is marketing dressed as precaution
- The announcement triggered meetings between Fed Chair Powell, Treasury Secretary Bessent, and major bank CEOs
The Signal
Anthropic just gave us a masterclass in security theater. They rolled out Mythos with the kind of warning label usually reserved for bioweapons, complete with a restricted release to 11 "select organizations" and immediate attention from federal banking regulators. The pitch: this model is so powerful that regular people could use it to crack Windows, Linux, whatever.
The skeptics see something else entirely. Gary Marcus, who's made a career out of puncturing AI hype, says the demo was "proof of concept that we need to get our regulatory and technical house in order, but not the" existential threat Anthropic implied. Translation: yes, AI can help find vulnerabilities. No, this isn't the singularity.
"To a certain degree, I feel that we were played."
Here's what matters: the gap between what AI labs claim their models can do and what those models actually deliver in production keeps widening. Anthropic positioned Mythos as categorically different from existing models. But if you look at who got access, it's the usual suspects who already have advanced AI capabilities and dedicated security teams. Google has its own frontier models. So does Microsoft. AWS hosts half the AI infrastructure on the planet.
The "Project Glasswing" framing is doing heavy lifting here. Give the model to megacorps and federal regulators under a dramatic code name, generate headlines about Jerome Powell召开emergency meetings with bank CEOs, and suddenly you're not just another AI lab shipping incremental improvements. You're the company building tools so powerful they require Fed intervention.
The tell is in what's missing: technical details. What specific vulnerabilities can Mythos find that GPT-4, Claude 3.5, or even open-source security tools can't? How much faster? With what success rate? Anthropic's announcement skips those details and jumps straight to implications. That's the move of a company that wants attention more than scrutiny.
Key questions this raises:
- If Mythos is genuinely dangerous, why give it to 11 organizations at all instead of zero?
- If it's not that much better than existing models, why the theatrical rollout?
- What does "non-expert" mean when the barrier to AI-assisted hacking drops every quarter anyway?
The Implication
Watch how other AI labs respond. If they rush out their own "we're being responsible by restricting access" announcements, you'll know this was a playbook, not a principle. If they stay quiet and keep shipping, that's your signal that Mythos isn't the watershed moment Anthropic wants you to believe.
For security teams: assume AI-assisted vulnerability discovery is already here, regardless of what any one lab holds back. The real work isn't tracking which model got released to whom. It's patching faster than the exploit cycle runs. That race started years ago. Mythos just put a marketing campaign around it.