Anthropic’s decision to keep its new Mythos model behind closed enterprise doors is being sold as an act of digital self‑defence: the model is, allegedly, too good at hacking the software the internet runs on. But when a handful of U.S. labs already dominate both AI and cloud, putting the most powerful “offensive security” tools into the same few hands looks less like altruism and more like the next phase of AI enclosure.
In this piece we’ll unpack what Anthropic is actually doing, why the move is strategically brilliant, and why Europe and smaller players should be paying close attention before “safety‑gated” AI becomes the default.
The news in brief
According to TechCrunch, Anthropic has introduced a new AI model called Mythos that it claims is significantly better than previous systems at discovering and exploiting software vulnerabilities in widely used infrastructure. Instead of making Mythos broadly available via API, Anthropic is restricting access to a curated set of large companies and operators of critical systems, such as major cloud providers and financial institutions.
The public justification is risk: a model that can autonomously find serious bugs could empower attackers as much as defenders. TechCrunch notes that OpenAI is reportedly weighing a similar limited‑access strategy for its next cybersecurity‑focused tool.
At the same time, smaller cybersecurity startup Aisle told TechCrunch it replicated much of the reported Mythos performance using smaller, open‑weight models, arguing that no single giant model is a magic bullet. TechCrunch also cites reporting that Anthropic, Google and OpenAI are increasingly working to identify and block attempts to “distill” their largest models into cheaper copies.
Why this matters
Anthropic’s move is important for two reasons that sit in tension with each other.
On one hand, there is a legitimate safety argument. Tools that can automatically chain together obscure vulnerabilities into real‑world exploits are clearly dual‑use. We already know that human red‑teaming is chronically under‑resourced; handing the same capabilities to every script‑kiddie with a credit card would be reckless. A staged rollout to trusted operators of critical infrastructure is, on its face, a responsible path.
On the other hand, the commercial incentives are impossible to ignore. The frontier‑model business is brutally expensive. If open‑weight or distilled models can approximate Mythos on many tasks, then Anthropic’s real advantage is not raw capability but exclusivity and integration. By declaring “the really powerful model is too dangerous for the public, but available under enterprise contract,” Anthropic:
- Creates a premium tier of security tooling that only big spenders can touch.
- Makes model distillation dramatically harder by keeping Mythos away from small labs and competitors.
- Strengthens its positioning with regulators as the “responsible” actor, which matters when future rules decide who may deploy high‑risk AI.
Winners in this setup are hyperscalers, big banks, and Anthropic itself. Losers are smaller security vendors, independent researchers, and the open‑source ecosystem, which are pushed further away from frontier‑level tools exactly in the domain – security – where diversity and scrutiny arguably matter most.
The bigger picture
Mythos is part of a broader shift in how AI power is being packaged and sold.
First, we’re watching the move from “general‑purpose API” to “tiered capabilities”. Early large language models were mostly one‑size‑fits‑all: same model, same guardrails, same latency. Now we’re seeing stratification: baseline models for everyone, enhanced versions for paying developers, and a top tier kept for a small inner circle under tight contracts. Mythos is that top tier.
Second, the battle over distillation is becoming existential. Distillation lets others copy the behaviour of a large model using far less compute. For frontier labs that raised billions on the promise that only they could operate such systems, widespread distillation is a direct attack on their moat. Restricting access to the sharpest models – or providing only heavily filtered outputs – is a logical defensive reaction.
There is also a historical rhyme here with cryptography and zero‑days. For decades, security culture has been pulled between hoarding exploits (for intelligence or commercial gain) and disclosing them (for collective defence). Mythos, and tools like it, scale up the exploit‑hunting side dramatically – but keep the knobs and dials in private hands.
Compared with rivals, Anthropic is leaning hardest into the “safety‑brand plus enterprise” story. OpenAI is experimenting with security‑focused agents; Google weaves security features into its cloud stack; smaller players like Aisle bet on orchestration of multiple, often open, models. The strategic question is whether the market will reward a few ultra‑capable, tightly controlled systems, or a broader ecosystem of “good enough” security AIs that are cheaper and more transparent.
My bet: the former wins at the very top of the market, but the latter quietly secures most of the internet.
The European / regional angle
For Europe, Mythos highlights an uncomfortable reality: the most advanced security‑relevant AI is being weaponised as a business differentiator by non‑European giants.
EU policymakers are busy finalising the AI Act, the NIS2 directive is reshaping cyber obligations, and the Cyber Resilience Act will force vendors to take software security seriously. All three implicitly assume that better tools will be available to help organisations meet tougher requirements. But if the cutting‑edge security AIs are only sold as premium add‑ons to U.S. cloud and AI platforms, European digital sovereignty takes another hit.
There is also a regulatory tension. European security culture traditionally favours transparency, coordinated vulnerability disclosure and multi‑stakeholder governance. A world where Anthropic or OpenAI quietly discover classes of bugs across European infrastructure using private tools, share them selectively with major customers, and report only part of the picture to EU authorities will be hard to square with that philosophy.
At the same time, there is an opportunity. Strong privacy and safety norms, combined with the AI Act’s risk‑based approach, create space for European‑built, auditable security models – whether from startups in Berlin and Paris, research consortia, or cloud providers like OVHcloud. These tools may never match Mythos on raw capability, but they can compete on trust, integration with EU regulation, and availability to SMEs who will never be on Anthropic’s shortlist.
Looking ahead
Expect three developments over the next 12–24 months.
1. The capability will leak anyway. Whether via independent research, open‑source efforts, or imperfect distillation, “AI that can chain vulnerabilities” will not remain an Anthropic exclusive. Limiting Mythos buys time, not permanent control. The question is how we use that time: to quietly sign more enterprise deals, or to build governance norms around AI‑driven offensive security.
2. Regulators will wake up to offensive AI. Thus far, most AI regulation debates focus on bias, transparency and general safety. As tools like Mythos mature, expect security regulators – from ENISA in Europe to national cyber agencies – to ask who may operate such systems, under what audit regimes, and with which reporting obligations. The EU AI Act leaves room for sector‑specific rules; offensive security AI is a prime candidate.
3. The market will fragment. Large institutions with deep pockets will happily sign up for Mythos‑class tools, integrated into cloud consoles and SIEM dashboards. Everyone else will gravitate toward cheaper, more open solutions that combine multiple models, classical scanning, and human expertise. That creates a two‑speed security world – which, ironically, increases systemic risk, because attackers will always pivot to the weakest links.
For European organisations, the practical question is whether to wait for access to Mythos‑style offerings from U.S. providers, or to invest now in home‑grown and open alternatives. The right answer is probably “both”: experiment with what the hyperscalers offer, but don’t relinquish all critical security capabilities to black‑box tools outside EU jurisdiction.
The bottom line
Anthropic’s cautious Mythos rollout is partly genuine risk management and partly a savvy move to entrench enterprise lock‑in and defend against model cloning. Concentrating offensive security AI in a few corporate hands may make regulators feel safer in the short term, but it also deepens dependency and narrows scrutiny. The real strategic question for governments, CISOs and startups alike is simple: who do you want holding the keys to the next generation of exploit‑hunting AI – and on whose terms?
