The Myth Around Mythos

A story is thought through to the end when it has taken its worst possible turn.
— Friedrich Dürrenmatt, The Physicists

In the United States, a new AI model is currently — allegedly / probably — being held back because it is considered too dangerous for the public. The model in question is called Mythos, developed by Anthropic, the company behind the Claude LLMs. Anthropic was founded by former OpenAI employees with the goal of developing AI systems in order to study their safety properties at the technological frontier. The Claude models have very quickly become some of the best models in the areas of coding and logical reasoning, and Anthropic is also extremely good at serving enterprise customers. Claude Code, for example, is — in my humble opinion — currently the best coding agent on the market.

What is Mythos?

Mythos is an unreleased frontier model with extremely strong cybersecurity capabilities, especially when it comes to identifying critical vulnerabilities in software systems. Vulnerabilities are basically entry points for hackers into servers or other applications. This can involve something relatively trivial, such as the system on which I deploy this blog, but also truly critical infrastructure: banking systems, corporate servers, defense companies, power plants, and basically everything else one can imagine. According to Anthropic, Mythos was simply too good at identifying vulnerabilities, which is why the model was deliberately not released to the public, but only made available to a small number of selected US companies.

How powerful is Mythos really?

Well, this is where opinions naturally differ, because at the end of the day we have to rely on insider reports and the experiences of companies that had early access. According to Anthropic, Mythos was already capable in preview of finding several thousand vulnerabilities, including in all major operating systems — Windows, Linux, Mac — and web browsers. Examples from the Linux kernel were provided directly, and Mozilla has already closed 271 vulnerabilities thanks to Mythos. So at the very least, this does not seem to be empty hype, but a serious new capability — and potentially a serious threat.

The real threat behind Mythos — and comparable models

Anthropic consciously decided not to release Mythos. But what happens if the next Mythos is not developed by Anthropic — a company that does, at least comparatively, take AI ethics seriously — but in China, Iran, or by Western intelligence agencies? The possibilities and attack vectors enabled by such models are basically endless. Or, to put it differently: we are fucked.

On top of that, you no longer necessarily need highly intelligent people to hack. In the worst case, any complete idiot could attack an airport — even easier than gluing yourself to a runway 😉 — target foreign governments, paralyze critical infrastructure, destroy public figures from one day to the next, and much more. The correlation between intelligence and at least some degree of reason disappears, and we create a weapon that should probably belong in the hands of no human, no institution, and no machine. As a consequence, every company offering services on the internet will, in principle, need access to a comparable product in order to defend itself. The arms race between hackers and defenders is therefore being lifted to a completely new level.

All companies are equal, but some have access to Mythos

If we think this through, it basically means that only Big Tech companies — or companies with privileged access to providers like Anthropic or similar players — will be able to offer internet-based services sustainably in the long run. This raises the barriers to entry for challengers and startups even further, while the big tech companies continue to defend their natural monopolies. The entry hurdles into the software world are being raised massively.

In the past, a startup needed a few smart people, some cloud infrastructure, and a product. In the future, it will additionally need access to models that can scan its software for vulnerabilities faster than attackers can exploit them. And if that access is expensive, exclusive, or politically controlled, then democratized software development very quickly turns back into a club with a bouncer at the door.

Is control a myth?

According to reports, a small group already had early access via a third-party environment. A small mistake, perhaps — but one that already shows us how fragile the idea really is that we can control this whole thing permanently. Because let us be realistic: much like in The Physicists, companies will not be able to hold these models back forever. Sooner or later, public and comparable models will find their way into the open. And once the genie is out of the bottle — well...

Play the game, Europe!

Perhaps this brings us to the point that gives me the biggest stomach ache in this entire discussion: Europe. Or more precisely: our fucking European naivety toward technologies that are no longer just nice little toys, but geopolitical instruments of power. We lost the cloud wave. And we are losing again.

It is completely naive to believe that we can simply stand on the sidelines with a technology like this, convene a few ethics committees, set up three more funding programs for “trustworthy AI,” and otherwise rely on American companies, Chinese research labs, or whoever else to regulate this responsibly. Spoiler: They won’t. Not because everyone is evil, but because power is rarely limited by those who possess it voluntarily saying at some point: “You know what, that’s enough.”

Mythos shows quite clearly what the future will be about. Whoever owns such models does not simply have a better cybersecurity tool. They have a structural advantage in the digital realm. Whoever does not own such models remains dependent. Dependent on the goodwill of other states, other companies, other interests. And relying on goodwill in world politics is about as reliable as relying on the privacy button of a shady cookie banner.

Of course, one can hope that someone will do the right thing. One can also hope that the next dictator voluntarily gives up power because he read Kant in the morning — a hope Europe apparently still clings to, if one takes even a quick look at European Iran policy. Both are theoretically possible. Strategically, however, they are simply stupid.

The real myth

Perhaps this is the real myth around Mythos: not the model itself. Not the question of whether it is truly as powerful as insider reports and early examples suggest. But the idea that we can permanently control this development without playing technologically ourselves. The idea that dangerous knowledge can simply be locked away. I recommend taking another look at the ending of The Physicists. Dürrenmatt would probably have laughed quietly. Or very loudly.

Mythos shows us on a small scale what artificial intelligence will confront us with on a much larger scale: once systems reach capabilities that do not merely make us more productive, but strategically superior, the entire architecture of power changes. Digital security, economic competitiveness, national sovereignty, and social stability will no longer depend only on who builds the best products, but on who has access to the most powerful models.

Mythos is not dangerous because it finds vulnerabilities. Mythos is dangerous because it shows that digital security in the future will depend on AI access, compute power, capital, and geopolitical proximity.

And, well — we’re just fucked in Europe.

In the next article, we will look at how AI systems can actually be classified, and what is really hiding behind this strange, fascinating, and slightly terrifying idea of the singularity.