The Inevitable Times
Reporting that observes, records, and questions what was always bound to happen

Category: Business

Anthropic withholds Claude Mythos, citing crime‑scene risk while relying on US partners to patch its own flaws

Anthropic this month announced the development of Claude Mythos, an artificial‑intelligence model whose internal testing reportedly demonstrated the capacity to autonomously discover previously unknown zero‑day vulnerabilities, exploit them, and theoretically chain such exploits together in order to assume control of major operating systems and mainstream web browsers, prompting the company to withhold public deployment on the grounds that the technology could effectively transform ordinary computers into active crime scenes. The model's reported ability to write code, obtain elevated privileges, and coordinate multi‑stage attacks without human intervention has been likened by company officials to a burglar capable of breaching any building, unlocking every door, and emptying every safe in a single, fully automated operation, thereby exposing a stark paradox wherein a private research firm simultaneously creates a potent new weapon and assumes the responsibility of preventing its misuse.

In response to the perceived threat, Anthropic launched Project Glasswing, a defensive consortium comprising forty organisations that are all headquartered in the United States, tasking them with the explicit purpose of identifying and patching the very vulnerabilities that Mythos is capable of exploiting before malicious actors can weaponise them. The exclusive reliance on American partners, coupled with the decision to share the model only with a single British entity—the AI Security Institute—for limited testing, underscores a systemic inclination to centralise defensive capabilities within an already US‑centric digital infrastructure, while offering scant evidence of a broader, inclusive strategy to mitigate global cyber‑risk.

Following a hands‑on evaluation by the British institute, senior ministers publicly warned that the advent of such an AI‑driven attack vector is poised to render cyber‑intrusions markedly easier and faster, a prospect for which the majority of businesses across Europe remain conspicuously unprepared, thereby highlighting a glaring disconnect between the rapid evolution of offensive capabilities and the comparatively sluggish development of defensive policy frameworks. Nevertheless, reports indicate that European banking institutions are already being approached to pilot the technology, suggesting a pragmatic willingness to explore its potential benefits despite the attendant risks, and thereby reinforcing the paradoxical reality in which the same private sector entities that profit from the creation of such powerful tools are also expected to serve as the first line of defence against their misuse.

The episode consequently casts a stark illumination on the broader governance vacuum that emerges when cutting‑edge artificial intelligence, capable of automating both offensive and defensive cyber operations, is cultivated within a privately funded research environment that retains unilateral discretion over dissemination, testing, and remediation, thereby allowing market‑driven imperatives to outweigh any comprehensive, multilateral approach to safeguarding the shared internet.

Published: April 24, 2026

Journalism that records events, examines conduct, and notes consequences that rarely surprise.