“The consequences for public safety can be severe.” Why Anthropic is choosing not to publicly release its new AI model and how European law can protect us

Anthropic has announced the development of a new artificial intelligence model, called Claude Mythos Preview, which it does not intend to release publicly, however. Unlike other recent AI systems, aggressively promoted and quickly rolled out to users, Mythos will only be accessible to a small group of organizations, mainly large technology companies and cyber security players.

The model will be used in an initiative called Project Glasswing, a coalition that brings together more than 40 organizations, including giants such as Apple, Amazon and Microsoft, but also direct competitors of Anthropic, such as Google, alongside companies critical to digital infrastructure.

The decision to limit access comes amid serious concerns about the model's capabilities. Anthropic says the model could outperform almost all human experts in discovering and even exploiting software vulnerabilities. Some of these vulnerabilities are extremely subtle and would normally go undetected, even in programs tested millions of times.

Remarkably, Anthropic speaks directly to a paradigm shift: we are entering a stage where AI is becoming a significant threat to digital infrastructure.

“Artificial intelligence models have reached a level of programming ability where they can outperform all but the most skilled humans in identifying and exploiting software vulnerabilities,” Anthropic says in the announcement posted on the company's website. “The consequences — for the economy, public safety and national security — could be severe.”

Claude Mythos Preview can scan applications, identify zero-day vulnerabilities (i.e. problems unknown even to developers) and, in some cases, exploit them.

The company says the model has already discovered thousands of bugs in popular software, including operating systems and major browsers. Some of these vulnerabilities were extremely old or well hidden. For example, Mythos allegedly identified a problem in an open-source operating system considered highly secure, nearly three decades old, but also a flaw in video software that had been automatically tested millions of times without being detected.

A realistic solution

What we can conclude is that AI is quickly becoming the most powerful tool for hackers, and the only realistic solution is to use it for defense at the same time.

“A single individual can launch attacks that used to require entire teams. In addition, AI does not tire, does not take breaks, and can scale almost instantly. And in security there is a simple rule: the attacker must succeed only once, while the defender must be perfect every time,” says Nikesh Arora, CEO of Palo Alto Networks, one of the world's leading cyber security companies.

Even though access to the Claude Mythos Preview is limited, the direction the technology is headed is already evident. Similar models will emerge, either developed by other companies, or replicated, adapted or out of control. We live in an extremely competitive global ecosystem, where the stake is technological dominance, and it is hard to believe that all actors will choose the same caution.

The European Union welcomed the decision by Anthropic, a company considered a developer of “general purpose” AI models, which means it falls directly under the EU AI Act, the new European legislation on artificial intelligence.

Targeted companies must implement risk management measures. This means that they must identify early on the ways in which a model could be misused (including for cyber-attacks) and try to limit these scenarios, either through technical restrictions or access control.

There are also requirements explicitly related to cyber security itself. Models must be developed and tested to be resistant to tampering or unauthorized use.

Companies are required to constantly analyze the behavior of models, including in extreme scenarios, to understand whether they can generate systemic risks. In the case of very advanced models such as the one described by Anthropic, these assessments should include exactly the kind of capabilities discussed here: vulnerability discovery and exploitation.

In addition to the law, the code of practice that Anthropic has adhered to goes a step further and explicitly requires companies to consider scenarios such as “facilitating large-scale sophisticated cyber attacks” and implement measures to prevent them.

A fundamental limit

On the other hand, however, even an advanced regulatory framework like the EU AI Act has a fundamental limit: it cannot stop technological progress by itself. It's true, the law can condition how models are developed and distributed in the EU, it can impose risk assessments, audits, security standards or reporting obligations. But it cannot prevent the emergence of the same capabilities in other jurisdictions (USA, China, etc.).

That creates a structural asymmetry. Even if Europe would impose very strict standards, models with advanced capabilities may continue to be developed in other parts of the world.

In the case of a Claude Mythos type model (ie a system capable of discovering and exploiting software vulnerabilities on a large scale) it seems hard to believe that risk can no longer be contained within a geographic space. Digital infrastructure is generally globally interconnected. This means that a vulnerability identified at one point can have chain effects anywhere in the world.