Anthropic built an AI so dangerous they locked it away—until the Trump administration handed out keys to over 100 organizations, including their foreign employees.
The Summary
- Anthropic's Mythos model excels at finding software vulnerabilities, powerful enough that Anthropic initially restricted access to just 200 partner organizations
- The Trump administration authorized over 100 US companies and agencies to use Mythos 5, including non-American employees
- The risk calculation just shifted: AI offensive capabilities are now distributed at scale, with foreign nationals in the access chain
- This marks a new category of AI risk where the model itself becomes dual-use infrastructure
The Signal
We're watching the first real test of whether AI companies or governments control the deployment of dangerous capabilities. Anthropic built Mythos to be exceptional at discovering security holes, the kind of tool that could help attackers steal data or take down critical infrastructure. Their risk assessment concluded that keeping it locked down was worth limiting the defensive upside.
The Trump administration saw it differently. By authorizing over 100 organizations to deploy Mythos 5, they're betting that widespread defensive use outweighs the offensive risk. The move expands Anthropic's original 200-partner limit by at least 50 percent in one policy decision.
"If a tool this powerful fell into the wrong hands, it could help attackers more easily steal data or disrupt critical infrastructure."
Here's where it gets messy: the authorization extends to non-American employees at these companies and agencies. That means foreign nationals working for authorized US entities now have access to capability Anthropic deemed too dangerous for general release. The security perimeter just became porous by design.
Key implications of distributed access:
- Every authorized organization becomes a potential leak point for the model or its techniques
- Non-US employees operating under foreign legal jurisdictions create sovereignty gaps in enforcement
- The offensive-defensive balance tips when hundreds of security teams can probe systems at AI speed
This isn't about whether Mythos should exist. It already does. This is about who decides deployment policy for tools that can break things at scale. Anthropic made one call. The US government made another. Neither had complete information about what happens when you multiply access points by 50 while adding international employees to the mix.
The deeper signal: we're in a new regime where AI capability becomes infrastructure before we have infrastructure-grade controls. Mythos 5 is basically a vulnerability-discovery power plant. The Trump administration just connected it to the grid without upgrading the transmission lines. Every endpoint is a risk. Every authorized user is a trust assumption. Every foreign national in the access chain is a jurisdiction problem.
The Implication
Watch which companies get added to the authorized list. That's your map of critical infrastructure and high-value targets. If you're in cybersecurity, assume attackers now have capability-equivalent tools, whether through leaks, parallel development, or state-sponsored models. The defender's advantage from Mythos access might last six months before offensive parity.
For anyone building in the agent economy: this is what regulatory capture looks like in Web4. Private companies build the dangerous thing, governments decide who gets it, and the rest of us find out what happens when theory meets scale. Anthropic was cautious. The government was permissive. Reality will split the difference, probably expensively.