Anthropic joins OpenAI in hiding risky AI models

Anthropic’s decision to withhold its latest model, Claude Mythos Preview, echoes OpenAI’s 2017 move with GPT-2—except this time the stakes involve thousands of vulnerabilities in operating systems and browsers. The company framed the model as too dangerous to release not because it could autonomously hack systems, but because it uncovered flaws too numerous for human teams to verify in any reasonable timeframe. Early signals suggest these aren’t isolated coding errors, but systemic issues that challenge traditional security practices.

This isn’t just about more data or better accuracy—it’s a recognition that AI’s scanning capabilities now dwarf manual review processes. For a security team, auditing 5,000 potential vulnerabilities across kernel modules and rendering engines would require years of work. An AI model with minimal oversight can surface them in hours, leaving a gap where neither human nor automated defenses can keep pace.

The real signal here is that AI’s role in cybersecurity is shifting from tool to threat amplifier. Consider that Anthropic’s model wasn’t trained on specific exploits; it was designed to reason about system interactions, and in doing so revealed weaknesses that no human security researcher had cataloged—at least not in this volume. This aligns with early benchmarks showing similar models catching subtle logic flaws in smart contracts and firmware that eluded static analysis tools.

Industry response has been a mix of caution and opportunism. Players note that while the vulnerabilities aren’t necessarily new, the speed of discovery changes the calculus for patching strategies. Some enterprises are already trialing similar systems internally, betting that proactive exposure beats reactive crisis management. If confirmed, this could redefine how we approach vulnerability management—from periodic audits to continuous AI-assisted scanning, where the models that find flaws may also become targets.