5 Takes on Mythos
Anthropic's Mythos is probably not hype. Instead, middle powers are losing access to strategically important capabilities.
According to Anthropic, its new frontier model Claude Mythos Preview is a “step-change” in offensive cyber capabilities. It has reportedly discovered thousands of software vulnerabilities “in every major operating system and web browser.” These ‘zero-day’ vulnerabilities were previously unknown, some of which “survived decades of human review and millions of automated security tests.”
Anthropic decided against public release, as the model could be misused by cyber attackers. Instead, it grants exclusive access to ca. 50 trusted organizations via its “Project Glasswing” initiative. Members can use Mythos to patch vulnerabilities before they become widely known – which could happen soon, as freely available ‘open-weight’ models usually catch up to the frontier after a few months. (In this specific case, 1-2 years sounds more realistic, but even that’s not a lot of time.) No company or government in Europe, or any other middle power, is a known member.
This post offers five takes on Mythos and its policy implications.
1. Mythos should finally put to rest the idea that AI is just “glorified autocomplete.”
It’s still a surprisingly common view that current AI models aren’t really that impressive, because they are just memorizing their training data, or just predicting the next token, or some variant thereof. I never found this view very convincing – it’s theoretically unsound and defies the lived experience of engaging with these models since at least 2022.
Now that AI can identify previously unknown vulnerabilities, the view that it’s just fancy autocomplete has become even less convincing. To be clear, Mythos is not the first model to identify zero-day exploits: the first known case is from 2024. But Mythos is the first model to make this capability publicly salient.
When a model discovers vulnerabilities that no human has ever documented – including a 27-year-old bug in OpenBSD, an operating system known for its security – it’s clearly adding to our stock of knowledge, rather than just regurgitating things it has seen before.1
2. Mythos probably isn’t hype – instead, it shows a dangerous threshold effect.
In 2025, the International AI Safety Report discussed AI cyber risk in largely hypothetical terms. The 2026 edition has moved from hypothetical scenarios to real-world incidents, such as state-level actors using AI for semi-autonomous cyber attacks. Mythos seems to reach another level, reportedly being able to find and exploit thousands of vulnerabilities in major software systems.
There has been a lot of debate over how significant Mythos’ capabilities are. Views range from ‘such a model could potentially cause 100s of billions of damage’ to ‘this is overhyped and small, open models can do similar things with the right setup.’ Jan Kulveit offers a nuanced breakdown.
I’m not a cybersecurity expert, but based on everything I’ve read, I take Anthropic’s warnings seriously:
Credible actors like the UK AI Security Institute (AISI) or Federal Reserve Chair Jerome Powell – not known for hype – are voicing concerns.2
A substantial uplift in cyber capabilities fits the broader trend of rapid AI progress, especially in coding. Recent work on time horizons suggests that frontier models can now perform tasks that would take human experts weeks or, in some cases, even months to years.
If a company spends more than $1B to train a model, not releasing it means that it can’t cash in on an enormous investment. How likely is Anthropic, caught up in fierce competition with other AI companies, to make such a move just to fuel the hype cycle?
Even if it were true that predecessor models had achieved similar capabilities around December, notice the shifting goalposts: If a capability counts as old just because some model already had it four months ago, that by itself tells you something about the speed of progress.
Rather than being hype, Mythos illustrates a dangerous threshold effect. Cyber risk from frontier models has been building up over a few years now. During that time, people either ignored it entirely or pointed out that “it’s just benchmarks” or “there’s no evidence of real-world impact.” This all sounds defensible, right until the point when it doesn’t.
Since Anthropic acted responsibly, no harm has been done so far. But what if it handles the next decision less responsibly? Or the next dangerous capability gets built by a less responsible actor, in a domain where harms are less recoverable than in the cyber domain? For example, there are good arguments for thinking that AI has a limited impact on bio risk in the short term. What if this sounds defensible, right until the point when it doesn’t?
3. Middle powers are losing access to strategically important frontier capabilities.
To my knowledge, no company or government in Europe or any other middle power has access to Mythos. Delayed access isn’t always critical, for example when OpenAI’s video generator Sora reaches the European market a few months later. But it’s one thing if Europeans are unable to create viral social media videos with AI, and quite another if they lack a capability with immediate significance for national and economic security.
If you believe, as most people now do, that it will be very hard for middle powers to develop their own frontier capabilities, the only alternative is to secure frontier model access through strategic partnerships with the US (or, for some middle powers, perhaps China).
Therefore, Mythos also presents an opportunity: It exposes current middle power strategy for what it is – a combination of unclear sovereignty ambitions and hoping for the best – and shows how important it is to negotiate favorable deals with AI superpowers, underwritten by hard leverage. Warnings from Germany’s Federal Office for Information Security (BSI) about Mythos’ impact on European security and sovereignty are a promising early sign.
4. Mythos is not primarily about cybersecurity.
When Anthropic released Mythos, its significance for general AI progress – beyond the narrow domain of cybersecurity – got lost in the noise. We don’t know enough yet to assess its full capabilities profile. But we know that Mythos is a general-purpose model, able to perform a wide variety of cognitive tasks, with performance boosts over previous models at least in line with the historical trend.

Coding is one task that such models are good at, and it’s a particularly important one. First, coding is itself a perfectly general capability: Many problems can be solved by writing a computer program, as anyone who has seen the paycheck of a software engineer can attest. Second, and more importantly, AI models with excellent coding ability are an ingredient to ‘recursive self-improvement’. This refers to AI companies’ stated plan to have AI models improve their own architecture, creating a feedback loop that would accelerate AI progress even further (though by how much exactly is subject to debate).
However, mainstream newspapers largely treated Mythos as cybersecurity news, not connecting it to the overall rapid trend of AI progress. One year after a confused public reaction to DeepSeek’s R1 (assessed here and here), it’s still a serious challenge to convey to the public an accurate picture of where the world is headed with AI.

5. The call for public oversight is the least common denominator.
Whether or not you believe that Anthropic’s announcement is faithful: the mere fact that there’s so much controversy around it shows how opaque frontier AI companies are to the outside world. Here I agree with Gary Marcus: “Whether Mythos is as scary as it sounds or not, [...] without any government oversight [...] we are entirely at the mercy of individual CEOs.”
Bottom line
Mythos is another piece of evidence that AI is progressing more rapidly than society’s ability to understand and prepare for what’s coming. Even if this advance is “on trend” rather than a step change, this just shows how steep the trendline is. Middle powers – let alone the Global South – are already being cut off critical capabilities, which will only get worse without a decisive and coordinated response.
This is consistent with a sense in which LLMs are, deep down, just pattern-matching. My hunch is that, in that sense, the same is true for most of human cognition.
UK AISI states that Mythos is the first model to complete their 32-step simulation of a corporate network attack end-to-end, which would take a human expert around 20 hours. They conclude that Mythos can compromise at least weakly defended IT systems, while success against more secure ones is still an open question.


