#156 Mythos: To release or restrict?
In this edition of Technopolitik, Sridhar Krishna analyses Claude Mythos and how access to it should be controlled.
This newsletter is curated by Anwesha Sen.
The irony of a top-secret project on cybersecurity not remaining a secret because of a trivial human error is not lost on the AI community. In March 2026, Fortune magazine in an exclusive report pointed out a data leak at Anthropic. Claude Mythos, according to Anthropic, has been trained on over 10 trillion parameters and heralds a step change in AI performance. Apparently, it is the most capable model they have built to date. While it is being trialled by a few early access customers, Mythos is apparently so powerful that releasing it to the world at large is seen as extremely dangerous by Anthropic. Yet, the documentation on the product was available to the world at large through a data leak.
This product is said to be incredible and has found a zero-day vulnerability in OpenBSD 27 years after it had been released, and a 16-year-old flaw in FFmpeg a memory-corrupting vulnerability in a memory safe virtual machine monitor. Suddenly all software products and platforms appear vulnerable and traditional checks done over decades may seem inadequate.
The company says it has no plans to make Mythos available to public because a bad actor with Mythos can wreak havoc on the world by spotting new vulnerabilities faster than companies are able to fix them. Anthropic has made this product available to a few select customers and those customers have been asked to run vulnerability tests on their systems using Mythos. These early customers are the likes of Microsoft, Google, and Meta.
To demonstrate how powerful Mythos is, Anthropic mentioned a case where “Mythos autonomously came up with a web browser exploit that chained together four vulnerabilities to escape the renderer and operating system sandboxes, gained broad band access and sent an email to the researcher.”
Anthropic therefore launched Project Glasswing providing access to a carefully selected group of large companies to employ Mythos for defensive purposes before hostile actors use it to attack vulnerabilities.
While the intentions to restrict are commendable, there are four arguments that favour releasing the software.
Avoiding security inequality – By making Mythos available only to the likes of Apple, Microsoft, Google, etc., one is making security the right of only the largest and wealthiest companies and forcing the small businesses and developing nations to remain vulnerable.
With much of the world’s infrastructure running on open source, Mythos could help resource scarce developers auto patch their legacy code.
Security through obscurity is dumb – It is a matter of time before others like Meta, or state funded labs in other countries develop something similar. It will be difficult to counter a similar model developed in secret by bad actors.
Releasing the model will help the global white hat community to build defensive tools to match the speed with which threats emerge.
Arresting progress is wrong – Mythos is a 10 trillion parameter reasoning engine and has capabilities beyond spotting security vulnerabilities. Holding this back also means curtailing speed of medical research, and green energy research.
Restricting access to Mythos risks standing by mutely when it can solve many global crises.
Hype or reality – Unless Mythos is released, how does the scientific community assess whether the capabilities claimed are real?
It is also important to understand what it is capable of while establishing benchmarks or creating effective AI regulation.
Instead of completely restricting the release of Mythos, Anthropic could offer tiered access with identity verified, it could hard-code red lines for specific outputs and add other similar guardrails. Release with restrictions is the right answer.
Technology is no longer just a tool; it’s at the centre of national power, economic growth, and societal change. This raises important questions for all of us:
What will it take to strengthen India’s own research and development ecosystem?
How can we build technology responsibly and anticipate its unintended consequences?
Why are technology and national power increasingly part of the same conversation?
The Graduate Certificate in Public Policy (Tech and Policy) programme is designed to enable participants to answer such questions. It equips technologists, lawyers, civil society, and policymakers with the knowledge and skills to understand the economics of tech platforms, navigate the political economy, find an ethical orientation, and lead the public discourse. Participants will gain the skills and frameworks to create technology responsibly, advancing the public interest alongside business interests.
And before you go-
Check out Grammar of War, a newsletter by Adya Madhavan, that looks at advanced military technologies!