Remember when OpenAI released GPT-4 and we all spent weeks trying to jailbreak it? Those felt like simpler times. Now Anthropic has built an AI model called Mythos that they’re flat-out refusing to release to the public because it’s too good at hacking. Not “concerning” or “needs more testing”—too dangerous, period.
As someone who builds bots for a living, this hits different. I’ve spent years working with AI models, pushing them to their limits, finding creative ways to make them do things they weren’t explicitly designed for. That’s half the fun of this work. But Anthropic’s decision to keep Mythos locked down tells me something I wasn’t quite ready to hear: we’ve crossed a threshold.
What We Know About Mythos
The facts are sparse but telling. Anthropic describes Mythos as a “step change” in performance—not an incremental improvement, but a genuine leap forward. The company has decided to keep it under strict control specifically because of its advanced hacking capabilities. They’re not just being cautious. They’ve looked at what this thing can do and concluded that releasing it would be irresponsible.
This isn’t theoretical hand-wringing. Anthropic has apparently warned the US government that Mythos could fuel large-scale cyberattacks by 2026. That’s a specific timeline with specific consequences, not vague “what if” scenarios.
The Bot Builder’s Perspective
Here’s what bothers me about this situation: I can’t test it. I can’t poke at it. I can’t see what makes it tick. For those of us building production systems with AI, this creates a weird knowledge gap. We’re being told that models with these capabilities exist, but we can’t prepare for them, can’t understand their failure modes, can’t build defenses against them.
Think about the practical implications. If you’re building authentication systems, API security, or any kind of bot detection right now, you’re working with yesterday’s threat model. Mythos represents tomorrow’s threats, and you won’t get to see them coming.
The irony isn’t lost on me. We’ve spent years democratizing AI access, arguing that open development makes systems safer through transparency and collective scrutiny. Now we’re facing a model where that logic apparently breaks down. The hacking capabilities are so advanced that keeping it secret is the safer bet.
What This Means for the Rest of Us
I’ve been building bots long enough to know that capabilities don’t stay locked up forever. If Anthropic can build Mythos, others will build similar systems. Maybe they already have. The question isn’t whether these capabilities will exist in the wild—it’s when, and who will have them first.
For developers working in this space, the message is clear: the security assumptions you’re making today might not hold tomorrow. That API you’re calling? The authentication flow you implemented? The rate limiting you think is sufficient? All of it needs to be reconsidered in light of AI systems that can probe, adapt, and exploit at speeds and scales we haven’t seen before.
This also raises uncomfortable questions about the AI development race. If Anthropic felt compelled to build something this powerful, what are their competitors building? And if the answer is “similar things,” are we just delaying the inevitable while creating an even bigger knowledge gap between those with access and those without?
The Uncomfortable Truth
Part of me respects Anthropic’s restraint. They built something powerful and chose not to release it. That takes guts in an industry that usually moves fast and breaks things. But another part of me—the part that builds systems and needs to understand threats—wishes we had more information about what we’re up against.
We’re entering an era where the most capable AI systems might never be publicly available. That changes everything about how we approach bot development, security, and AI safety. We can’t test against threats we can’t see. We can’t build defenses for attacks we can’t study.
Anthropic has drawn a line. Now we wait to see if everyone else respects it, or if we’re about to find out what happens when they don’t.
đź•’ Published: