Are we learning the wrong lessons about artificial intelligence (AI) risk from the saga following Anthropic’s Mythos release?
Since the gated release of Anthropic’s Mythos model in April, the AI debate has taken on an edge of panic. Mythos’s ability to actualize long-predicted AI risks—in this case, massive changes to cybersecurity practices and defense—has shifted AI risk from theory to reality for many. A serious reckoning with AI’s potential downsides is necessary, and many would argue it is long overdue. But post-Mythos, as AI governance heats up, we need to seriously consider the long-term implications of current narratives around managing AI risk.
The federal government and Anthropic have both recently taken a heavy-handed approach to restricting access to Mythos, whether via internal guardrails or export controls. As access is limited, control over AI becomes increasingly concentrated among a few powerful industry actors, reducing transparency, individual agency, and competition. Moreover, while Washington and industry leaders pour resources into restricting access, they underfund the policy solutions that would help our societies resist cyber risk long-term.
By centering our AI risk narratives on the need to reduce access for bad actors, we incur two unintended side effects: the further concentration of power over AI among a few Silicon Valley companies, and the failure to harden our cyber infrastructure against emerging AI threats. Focusing on keeping out malicious actors may yet be part of the solution, but the current approach to restriction is excessive and likely counterproductive to security goals in the long run.
Mythos, AI Risk, and Access Restrictions
In April 2026, Anthropic announced that its new model, Mythos, presented unprecedented capabilities for cyberattacks and malicious cyber activity. In particular, Mythos’s ability to locate and exploit undiscovered vulnerabilities means that existing cyber defenses, whether at the level of critical infrastructure or individual users, could rapidly be rendered insufficient. The cyber community has long been concerned about how increasingly widespread and powerful AI can empower both defenders and attackers, and Mythos rapidly accelerated this debate by demonstrating the reality of AI-driven autonomous exploitation.
To manage this risk, Anthropic initially released the model only to a fixed set of critical infrastructure companies, allowing them to address cyber risk in an effort called Project Glasswing. This gated release was intended to keep the model out of the hands of bad actors while allowing key companies to leverage Mythos to identify and patch their own vulnerabilities.
The concerns cited by Anthropic sparked a media frenzy in both mainstream media and specialized AI communities. The panic was further magnified by the Trump administration’s response; until Mythos, the administration had been adamantly laissez-faire regarding AI policy, instead favoring a light-touch approach that favored industry interests in the name of maintaining America’s leadership in AI. But on June 2, the administration published a new executive order mandating the creation of an “AI cybersecurity clearinghouse” to coordinate federal screening of selected frontier models for up to 30 days before a model’s release. In other words, Mythos sparked a significant shift in federal positioning on AI policy, sending a strong message about the novel riskiness of the model. However, this shift also came on the heels of a public clash over the military use of Claude, raising understandable concerns that AI risk tools such as model review and export controls can be used both for safety and to discipline industry actors deemed noncompliant.
On June 9, Anthropic released a public version of Mythos, called Fable 5. Fable’s base model is still Mythos, but it incorporates several layers of superimposed safeguards that restrict access to Mythos’ riskiest functions, which are deemed to be cybersecurity, biology, chemistry, and distillation (which refers to the practice of training smaller models on outputs of more powerful ones to mimic behavior and capabilities). If a user’s query flags any risky topics or keywords, the answer will be downgraded to Claude Opus 4.8, Mythos’ predecessor, and the user will be alerted to the model change. Interestingly, the initial Fable 5 release informed users that their requests had been downgraded in all cases except distillation—if a prompt flagged the distillation guardrails, it would be downgraded to Opus 4.8 without any alert to the user. AI researchers met this decision with shock and disappointment, describing it as an effort to hamstring open-source AI research, centralize power in the private sector, and willfully mislead users without their consent or awareness. In response, Anthropic apologized and made distillation safeguards visible on June 11.
However, on June 12, Amazon alerted senior White House officials to a jailbreak in Fable. In response, the White House mandated that Fable and Mythos be subject to export controls applying to all foreign nationals, forcing Anthropic to pull both products entirely due to the complexity of compliance with such a rule. This escalated restriction lends further weight to the debate around political motivation in the White House’s response to Mythos.
If AI risk measures can also function as tools of political leverage over industry, then access restrictions should be scrutinized not only on technical grounds but also for their implications for democratic accountability and concentration of power. This dynamic also applies to geopolitics; the US government’s banning of Fable and Mythos for foreign actors highlighted that dependence on American frontier AI exposes countries to the risk that the United States could withhold access at will. Faced with such a possibility, countries may choose not to adopt the American AI stack and instead turn elsewhere, likely to Chinese AI offerings.
Overall, this saga around Mythos and Fable evinces an increasing desire by policymakers and industry alike to control how AI is deployed in the name of reducing cyber risk. But adopting a policy of restricting access to advanced models harms more than it helps in the long run.
AI Model Diffusion, Open-Source AI, and Access
Firstly, restricting access is only an effective strategy in the immediate short term because it fails to reckon with the reality of how fast both open and closed models are developing. Pouring too much time, money, and effort into restricting access wastes the time we have right now to prepare our cyber infrastructure for the inevitable release of future risky models.
Mythos won’t be our most advanced model forever, or even for long. Mythos’ model system card provides much additional insight into how Anthropic measured the model’s risks—the company conducted extensive safety testing around chemical, biological, radiological, and nuclear (CBRN) risks, alignment, and cybersecurity. In one section, Anthropic discusses how risk probability and impact ratios drive overall risk assessment. In particular, the report states that as models become more capable and widely adopted, the potential for harm increases dramatically. While developers can certainly reduce the probability of such harm by improving safeguards and alignment, it will never be zero, since AI models are probabilistic at their core. And even with small risk probabilities, the overall likelihood of harm increases as adoption becomes broader. Moreover, as AI becomes more trusted and more embedded in our tech infrastructure, the stakes get higher. Impacts become not only more likely, but more consequential.
So, even Anthropic acknowledges that as AI development continues globally at a breakneck pace, it is inevitable that high-risk, powerful AI applications will reach the market. This dynamic becomes even more critical when open models, which are inherently widely available and accessible, enter the discussion. Open models aren’t too far behind closed ones, with prominent researcher Nathan Lambert estimating that they lag the frontier by only 6-9 months. By this logic, within the next year, there will be a widely available, open version of Mythos, with the same risky capabilities.
However, the solution here is absolutely not to restrict open model development in the name of security—cyber, national, or otherwise. Closed models will also likely catch up to Mythos very soon, including foreign closed models not subject to US federal oversight that may enhance cyber capabilities for bad actors worldwide. Moreover, open models are critical to equity, access, and innovation around the world, and restricting their development and deployment in the name of national security risks setting the US back in global influence, the sciences, and—counterproductively—even cybersecurity and risk management.
Global majority countries are embracing open models; closed models are often more expensive and less adaptable to the needs of non-Western countries, while open models can be cheaply tailored to function across specific geographies, cultures, and needs. China understands this well and is producing high-quality open models that are being widely adopted across the Global majority; if the United States fails to keep up, its global sway over AI development and deployment, as well as diplomatic and financial ties, will suffer.
Openness is also critical to research and innovation, both in the AI industry itself and in the sciences. Open models facilitate collaboration, reproducibility, and innovation, and they are already being adopted to accelerate scientific discovery.
Moreover, openness increases transparency and empowers developer communities, who can conduct oversight and work together to improve safety. Despite valid concerns about the potential for bad actors to insert malicious code into open projects, commercial software is not inherently safer; open development allows for more oversight, transparency, and dispersed community involvement that can spot bugs and identify creative solutions. Closed software development places the responsibility for finding problems solely within one company. Given staffing and institutional constraints, a single company may or may not be better at spotting bugs than a broad, dispersed, and diverse collective of open-source developers. In the case of open AI models in particular, it’s also important to recognize that using an open model does not equate to sharing one’s own data openly; these models can be run privately and locally.
The 2025 AI Action Plan recognized these benefits of open-weight and open-source models, and the White House should continue to support openness amid other AI policy changes. Given that openness remains a critical priority, open models will soon catch up to Mythos, and efforts to diminish or restrict access to advanced models do not represent a long-term solution to growing risks.
Cybersecurity Resilience as an Alternative to AI Restrictions
Rather than focusing on reducing access to powerful models as a long-term solution, advocates, policymakers, and developers need to work together to be ready to meet advanced AI capabilities with stronger defense mechanisms. In the case of Mythos, rather than fearmongering around advanced models, let’s instead ask: How can we build systems that are more resilient in the face of AI-driven risks?
There are plenty of existing and newly developed tools, proposals, and policies available to help us combat Mythos’ risks. For example, Mythos is very powerful at finding vulnerabilities, but it does not solve the problem of patching them once found. Current infrastructure for patching software vulnerabilities often can’t keep up with existing reports; as the volume of reports increases, we need to figure out how to streamline patching processes, allocate more resources where needed, or even consider leveraging behavioral analysis to identify hacks independent of known vulnerabilities.
The June 2 Executive Order included a few notes on improving cybersecurity practices, but they were vague, mandating only the prioritization of cybersecurity across government and the expansion of access to AI-powered cybersecurity tools. In practice, the Trump administration has taken significant steps to curb the Cybersecurity and Infrastructure Security Agency’s (CISA) work, including proposing budget cuts of $700 million for 2027.
Anthropic has been slightly more proactive. Upon the Glasswing announcement, it donated funding and model usage credits to support cyber resilience and promised to develop a set of cyber recommendations for the AI age. However, by limiting Mythos Preview access to Glasswing members and semi-transparently redirecting user searches in Fable, Anthropic has also contributed to a narrative that powerful AI capabilities must be confined to the hands of a few companies and governments.
This is not to say that Anthropic’s decision-making here has been malicious; the opposite is likely true from a company that publicly and adamantly prioritizes ethics. In fact, temporary restriction may have been the right choice for Mythos, a first-of-its-kind model, but it will not be an evergreen solution and sets dangerous precedents that less-friendly actors in Silicon Valley could exploit down the road to control access to AI and the types of answers users receive.
The Long-Term Risks of AI Access Restrictions
The idea that access to powerful general-purpose models like Mythos must be restricted to protect people from AI’s risks will only leave Americans disempowered and reliant on infrastructure that is unprepared to meet future risky models. As we focus on export controls, reviews, and limited releases, we waste time, attention, and resources that must urgently be devoted to building cyber resilience and infrastructure that is ready for future AI risks. We also abdicate decision-making power to powerful companies like Anthropic, OpenAI, and other closed-model developers who argue they should decide who gets to access AI and how user queries are answered.
As AI models become more capable and broadly embedded in our infrastructure, risk will increase. If we want to have more powerful, more useful models, this risk is inevitable. But if we focus on building defenses and systems that are resistant to AI risks, rather than pouring political and financial resources into limiting access to the few, we can meaningfully reckon with the problems AI threatens to magnify now and in the future. By investing in resilience rather than restriction, we can better prepare for the risks ahead without concentrating power in the process.
Header image: Anthropic Co-Founder & CEO Dario Amodei speaks onstage during TechCrunch Disrupt. By Kimberly White/Getty Images for TechCrunch

Current Geopolitics Shift Deep-Sea Mining Debates