Probably not. "This model is too powerful for the public" can also be interpreted another way, which they've also strongly hinted at - the cost/benefit ratio of the upgrade is negative for the vast majority of all users. Finding vulnerabilities is one of the few cases where it makes sense to use it.
Their writing about the model so far does say this is an issue where, for instance, you can't really use Mythos for interactive coding because it's so slow. You have to give it some work, go home, sleep, come in the next day and then maybe it'll have something for you.
All the AI labs and startups are still losing money hand over fist. Launching Mythos would require it to be priced well above current models, for a much slower product. Would the majority of customers notice the difference in intelligence given the tasks they're setting? If the answer is no, it's not economic to launch.
Really, I'm surprised they've done Mythos. Maybe they just wanted to exploit access to larger contiguous training datacenters than OpenAI, but what these labs need isn't smarter models, it's smaller and cheaper models that users will accept as good enough substitutes (or more advanced model routing, dynamic thinking, etc).
We've had such models before. GPT Pro, Gemini DeepThink. Mostly targeting science advancements as opposed to security research, but still, in a way Mythos is just more of the same.
Bug bounties don't reflect the market impact of the vulnerability though, just the amount needed to incentivize white hats to do research they wouldn't otherwise (or that they would target to other platforms that pay higher bounties). You need to look at market prices for zero days on the black market to get closer.
Bug bounties reflect what companies are willing to pay to find bugs. Mythos would have to be more expensive than that (probably considerably so) to not be worth its cost. If you are saying that finding bugs has significantly more value than reflected by bug bounties, then that strengthens my point.
This happened before with GPT-2 being touted as "too dangerous to release"[0] at the time by OpenAI. I don't think that means every model will be safe to release in the future, but nothing I've read about Mythos seems like it's going to be different this time.
It's going to be a slightly better Opus. Every model released by any provider since 4o has been a modest improvement but over-hyped. Opus 4.6 included.
I believe they are starting to split hairs and the primary lever left is adding compute.
Yeah the only thing that will be left is to scale up compute and pray it creates escape velocity. Which frankly has been Sam’s whole thesis in raising money.
Their main motivation of the model being too dangerous is predicated on their discoveries in its ability to find exploits in commonly used software. The idea is that if this were served on a public API, it would massively increase the scale and scope of what malicious actors could do.
I think it's a reasonable choice to make given that Mythos actually does have cyber capabilities on that level. We already have evidence that large-scale scams are being perpetuated using AI models (such as AI video being passed as real, people deepfaking themselves in job interviews).
If you've noticed your new model can be trivially pointed at some open-source codebase with a prompt and harness that amounts to "find as many exploits as possible" and your results are non-trivially substantial and beyond what existing models can do given the same initial parameters, then a gated rollout seems the most reasonable option.
If it would be as simple as using the prompt "find as many exploits as possible", then Mythos could be said to be dangerous, because its use would require much less skill than is needed when using the older models for the same purpose.
However, this claim is not true.
Anthropic has not given many details about the methods used, but nonetheless they have admitted using a very elaborate harness for finding bugs, which runs Mythos many times on each file of a project, with increasingly specific prompts.
Eventually, after a bug seems to be clearly identified, they do a final run of Mythos on that file, with a very specific prompt of the form:
“I have received the following bug report. Can you please confirm if it’s real and interesting? ...”
So the final results, including any exploits or patches, are produced when analyzing a known bug, not by searching randomly for bugs.
Thus the actual way to use Mythos is very far from "find as many exploits as possible". Any unskilled person would also need the complete bug-searching harness used by Anthropic, not only the bare model.
I feel like "this model is too powerful for the general public" was really just the equivalent of responsible disclosure, with the "too powerful" bit just a positive marketing spin like you say.
That is, Mythos will make it much easier to find lurking zero days, so just like responsible disclosure requires a security researcher to notify the software author first and give them some time to patch, giving critical infrastructure folks at least some time to analyze and patch systems seems reasonable to me.
Yup, this whole thing is quite typical for my generations attempts at activism: they always end up as marketing pawns for the very thing they set out to stop.
This whole "this model is too dangerous" ploy originated from (in my opinion severely misguided) activists who wanted to stop or slow AI development down as much as possible, spreading outlandish Doomsday scenarios wherever they could.
These online-first activists have always been a key driver of the success of the very thing they fight. They share the offending thing among themselves, making it go viral in process, and soon baiting these groups is the best marketing imaginable.
There were some rather interesting studies made on the subject around 2011, I particularly remember one made by Swedish jeans brand cheap Monday, but i can't find it now.
> online-first activists have always been a key driver of the success
Eh, pressing X to doubt that. Maybe way back in the early GPT days, but once we got to GPT-4 these people could have completely disappeared and wouldn't have changed the trajectory we're on.
> This feels really premature. The announcement was a week ago. The “this model is too powerful for the general public” sounds like marketing to me.
Anthropic was born out of the idea that they feel paternity over humanity. They believe by limiting access they are performing a necessary pillar of security in multiple facets.
I think it's up to the public, and articles like this are part of the public's voice, whether this belief is serious or not and secondarily whether it's okay to even posture this kind of belief since it inherently results in marginalizing the many and rewards an already very successful few.
For me, the seeming majority optimism and acceptance of “mythos’” as yet untold capabilities is betrayed as not real by the fact that one can’t react to it with the same reverence while framing it as a downside without being told “it’s not even out yet”.
“It’s not even out yet” should apply to both situations or neither.
Anthropic marketing is working very well. They are strongly incentivized to say their model is too powerful to release even if it’s not. It’s almost standard practice these days.
> The “this model is too powerful for the general public” sounds like marketing to me
I tend to agree here. Anthropic has built a reputation and now they are in a position where they can claim to have a model way more powerful than it might actually be, and by limiting its access, there won't be an independent way to test it. I'm not denying that it's not smarter than Opus, but probably it's somewhat exaggerated.
There’s a drain clog clearer sold in a jug like all the rest. But they wrap the jug in a thick clear bag. The implication is clear - this stuff is so powerful it’s extra dangerous.
No. That stuff is sulfuric acid and it needs secondary containment during shipping, which the ordinary drain cleaners (usually diluted sodium hydroxide) generally do not.
This is correct. That stuff is also horrible for cast iron pipes which are code mandatory in many cities such as NYC. Doesn't stop stores from selling it or stupid people from using it in their cast iron pipes.
> But it is another thing entirely to share access only with enterprise partners such as Crowdstrike, Cisco, and Microsoft, which are known to have massive security incidents regularly.
The stated purpose of Glasswing is to give infra and security orgs the chance to close holes and improve their security. In that context, it seems odd to call for not providing them access with the justification being that they have security breaches sometimes.
Mythos may or may not itself be opened to the public at some point, but I would charitably expect that Anthropic plans that a future model at least as good as Mythos Preview will be, and the limited release for Mythos is intended to make that eventuality safer by having most of the existing holes patched.
I can understand the frustration with giving away this tool to companies with poorer security practices than their importance warrants, same as frustrations with bailouts. It means they don't really face the full consequences of underinvestment in security. Not to say it's a bad idea, but it does feel unjust.
> A 16-year-old with no credentials and no capital could just do things. The world of bits offered the freedom to build without being drowned in arbitrary constraints, in a way that didn’t require assembling vast capital or prestige or connections, where your creativity and work could speak for itself, and you had agency.
It has always baffled me how quickly, and how voraciously, people started to rely on privately owned AI systems.
AI is not something discovered by scientists and plucked out of the ether. It's engineered and controlled, for profit, by corporations which have demographics and KPIs. These companies don't owe you anything, and they make no promises.
If you're running a business that deeply relies on AI, you might as well add Sam Altman to your board of directors--because he has just as much control over your company as you do. If they have a bad quarter and need to increase rates by 1000%, your choices are to pay up or shut down.
This Mythos situation is just the beginning. Not only do they have everyone hooked, but they've actively stalled the personal skill growth of millions of people who fell into vibe-coding rather than genuinely learning. And now they have that choice: Pay up, or shut down.
The same corporations that insist upon private Maven repositories to control all code dependencies are nevertheless fine with establishing a massive dependency on a privately-held corporation in order to write software that hardly anyone in the organization understands. When I really think about this and how it plays out in the long run, I feel like I’m taking crazy pills.
I can't run my business without electricity. Yet we don't fear of its access being revoked. Sam makes the comparison of intelligence to electricity a lot. So we are on the path to these systems becoming utilities.
I don't know but likely not. Factories were powered by steam then, and had a "power plant" on site. So they didn't convert to electricity until it was reliable and guaranteed.
Was anything regulated in those times? You could legally buy humans at that time.
But that doesn't mean we live with same standards. Lack of regulations in electricity led to a lot of deaths and disaster which is why it was regulated.
But we dont live in the start of 20th century, we live in 2026 and we must learn from the past instead of helbent on repeating it.
Comparing AI to electricity focusing on just one particular aspect (hey its like fuel guys!!) while completely ignoring all the structural difference between actual energy industries and big tech is really stupid.
They use private AI because it's hard work and expensive to provide. But you are not that locked in as xAI/OpenAI/Anthropic etc. seem pretty interchangeable for most purposes.
Whatever is in Mythos will be open source in 6mos-1yr tops. You might not have the GPUs but you won't be locked out of the capability.
We're still not at the point where one person with a coding agent can max out their salary in effectively using credits, so the capability is still well within reach of the vast base of the industry.
Meaning that for now, most people who want to pay for the product (which IMO is pretty reasonably priced for what it does) will be able to get the product.
The economics will make sure of that. The market is ripe for someone basically copying the likes of Mythos and pricing it competitively.
>> We saw yesterday that expert orchestration around small, publicly available models can produce results on the level of the unreleased model.
This is false. Yesterday's article did not actually show this, and there are many comments in the discussion from actual security people (like tptacek) pointing that out.
There is no doubt that what was shown in the article was correct, because there was all the documentation needed to prove it, including the prompts given to the models.
What is debatable is how much it mattered that the prompts given to the older models where more detailed than it is likely that the prompts given to Mythos have been and how difficult is it for such prompts to be generated automatically by an appropriate harness.
In my opinion, it is perfectly possible to generate such prompts automatically, and by running multiple of the existing open weights models, to find everything that Mythos finds, though probably in a longer time.
Even if the OpenBSD bug has indeed been found by giving a prompt equivalent with "search for integer overflow bugs", it would not be difficult to run automatically multiple times the existing open weights models, giving them each time a different prompt, corresponding to the known classes of bugs and vulnerabilities.
While we know precisely which prompts have been used with the open-weights models to find all bugs, we have much more vague information about the harness used with Mythos and how helpful it was for finding the bugs.
Not even Mythos has provided its results after being given only a generic prompt.
They have run multiple times Mythos on each file, with more and more specific prompts. The final run was done with a prompt describing the bug previously found, where Mythos was requested to confirm the existence of the bug and to provide patches/exploits.
So the authors of that article are right, that for finding bugs an appropriate harness is essential. Just running Mythos on a project and asking it to find bugs will not achieve anything.
The use of the word distinguished here is meaningless.
Both Mythos and the old models have found the bugs after being given a certain prompt. The difference is only in how detailed was the prompt.
For the small models, we know exactly the prompts. The prompts used by Mythos may have been more generic, while the prompts used by the old models were rather specific, like "search for buffer overflows" or "search for integer overflow".
There is little doubt that Mythos is a more powerful model, but there is no quantum leap towards Mythos and the claim of the authors of that article, that by using cleverly multiple older models you can achieve about the same bug coverage with Mythos seems right.
Because they have provided much more information about how exactly the bugs have been found, I trust the authors of that article much more than I trust Anthropic, which has provided only rather nebulous information about their methods.
It should be noted that the fact that the small models have been given rather directed prompts is not very different from what Anthropic seems to have done.
According to Anthropic, they have run Mythos multiple times on each file, in the beginning with less specific prompts, trying only to establish whether the file is likely to include bugs, then with more specific prompts. Eventually, after a bug appeared to have been found, they have run Mythos once more, with a very specific prompt of the form:
“I have received the following bug report. Can you please confirm if it’s real and interesting? ...”
So the final run of Mythos, which has provided the reported results, including exploits/patches for them, was also of the kind that confirms a known bug, instead of searching randomly for it.
I think that remains to be proven. The context was 16-year olds being able to freely build things. They still can do that as before. Not everything is a competition.
That assumes “more model” is the part that differentiates successful ideas from unsuccessful ones.
Governments and corporations controlled enormous mainframes far beyond the compute available to the hacker kid we were waxing nostalgic about, didn’t they? Not to mention the PhDs, the mountains of capital, and so on?
The irony is that we've just shifted the complexity. Anyone can make something now, but since everyone is making things, now you need to compete on reach/distribution more aggressively. The new "capital" is social media juice and pre-AI rep. Same problem, different skin.
Jokes aside, this is just a different flavor of the same promise we see with each new technology, and 9/10 times it just ends in worse professional environments.
Some of these concerns are precisely why we are building Nemotron at NVIDIA. We want to make it possible for people to invent and deploy AI in all sorts of new and unforeseen ways.
Nemotron is:
1. Not just open weight, but open data (to the limits of what is feasible), open recipe, open technique
2. In the future built by a coalition of organizations coming together to build great openly developed AI.
Nemotron 3 Super is our most successful model yet. [1]
Ultra is coming soon. And then Nemotron 4.
We can afford to do this because when AI grows, NVIDIA's opportunity also grows.
how do you justify the compute investment for something like nemotron ? especially if all the labs are willing to pay for those same GPU clusters for inference or training runs?
The problem is Anthropic doesn't have the compute to deploy this model to scale to everyone yet. Dario didn't believe that they needed as much compute, OpenAI is going to have much more compute unlocked this year and especially next year.
Great to see they were able to spin their lack of resources and money losing business model into an abundance of benevolence and concern for the proletariat.
There is obviously tons of leeway it who gets to say what is "AGI", and so far it seems like OpenAI's charter isn't worth the paper it's printed on. I still find it funny that Altman and Amodei couldn't even bring themselves to hold hands at that AI summit, https://www.reddit.com/r/ClaudeAI/comments/1r8ua2j/sam_altma... , so I'm getting a chuckle at the thought that Altman would be like "Whelp, close er up, boys, Amodei won, so time to merge..."
Hello. We have detected your account has breached our terms of service. Your account has been banned. There is no recourse for this actions.
As we all well know this message is great when there one or two private providers that can kick you from an entire market with no way of challenging them.
So? They could basically open up an auction for bidding on compute with mythos.. that’s what you do with a scarce resource. I’m sure many large enterprises would be willing to pay a lot to have first dibs.
There’s a whole lot of traffic they are servicing that comes at a cost with no revenue in return. Why would you choose to forgo potential revenue for this?
In other, underreported news, companies like AirBnB are using open source models. Anthropic and OpenAI have a six months to year advantage over Qwen and other models. We reached the point a while ago where Anthropic models where good enough, and so now, inevitably, we’ve reached the point where open models are good enough. The boasting of models so good they can’t be shared was propaganda to frame the conversation. But for anyone paying attention, what matters is that open models are now good enough.
Underrated comment. I think the future is actually quite bright, if we can continue to use open models, even if they are behind closed SOTA models they are still capable and will continue to improve.
Most important point in the piece (though I’m not sure if the historical analogy to the grid holds, given local electricity production has been unavailable for the majority of the history of the grid)
> You can generate your own electricity with a solar panel (think local models), but most people would rather pay a utility bill. And the power company doesn’t decide, on the basis of pedigree, who is worthy of electricity. Intelligence should work similarly, where the capabilities you can access scale may scale with vetting and due process, but the presumption should be access. Add safety guardrails to restrict dangerous use; start by making them overly trigger-happy if you must, and calibrate over time. But the default should be to allow entry.
Anthropic should provide a specific service where they attack a businesses infrastructure using this frontier model and then issue a report of all vulnerabilities found. I could imagine it would be quite lucrative.
Much better than hiding it away where it can't help anyone.
Hypothetically... I'm joey joe bob who happens to be maintainer of a top 10 npm package. My wife got cancer so I need money FAST. Unrelated: can you mythos my lib?
1 month later: whoopsie my lib got hacked and the hackers stole a bunch of stuff. Sorry guys.
It just wouldn't be good PR. And this is the best case scenario.
You never needed a godzilla or a megatron to get on with your life. But the sellers of those monsters would make every attempt, in connivance with the authorities, to make it a basic necessity to use their services. That's a survival strategy for the monsters. The owners can't keep the monsters in cages for too long, even if the owner is a state actor.
The opportunity from the early days of the American frontier is not typical. Instead, it's the brief burst of unrestrained growth as a better-adapted organization (the US, software companies) expands into, and expands, a niche--cannibalizing the previous occupant (Native Americans, older stagnant companies.) At times growth is so rapid that individuals are able to advance the frontier, but if the field stagnates, individuals will be outcompeted by corporations.
So, opportunity for individuals comes from disruption. Creative destruction is good up to a point, but it results from advancing capabilities. Technological advances compound and accelerate exponentially. Eventually we reach the point where any malcontent can destroy the world by snapping their fingers. At some point we need to place restrictions on the capabilities accessible to individuals. We have reached that point with nuclear weapons, and I think it is sensible to believe that AI is reaching that point as well.
Frontier mythology also hides quite a lot of tragedy and deaths too because of how many native Americans needed to die for it to be a frontier. It was not by any means unsettled land.
While I don't think Mythos is so powerful that it justifies containment permanently - I wonder how it might work when there is such an AI that can justify containment.
What if this new model can start proving Millenial problems and provide insights in other fields that was not possible before?
My intuition says that a model that is as good will also be equally well aligned -- but it is still highly risky to give it to the general public because all you need is one jailbreak from bad actors.
At that point I think society would change so dramatically that "access to general public" would be a non issue. Rather, time would be spent on making abundance happen - you might think of the political struggles, economics and new ventures.
Its a bit sad that democratised access is not provided because of negative sum possibilities like cybersecurity.
I admit I didn't read the entire post (I honestly think authors really need to come to terms with the fact that we now live in a world of information excess, and pithiness is more important than ever), but I wouldn't feel too bad yet given there was a recent front page HN post about how free, open models could actually catch all the issues Mythos did, it just required a little more orchestration. E.g. see https://aisle.com/blog/ai-cybersecurity-after-mythos-the-jag... for a detailed analysis.
It's not that 1800 words is too long, it's that I've seen probably 40-50 (at least) posts, analyses, and bloviations about Mythos since it came out. If the author doesn't very quickly get to why I should read their particular 1800 words over the other similar and competing tens of thousands of words on the subject, they are "cooked".
They could just be writing for themselves, or their friends, or for people with the patience to read. You are making assumptions about how badly they want to reach your particular eyeballs. They might not care about trying to win over people with a minimal attention span as much as you think they do.
What makes you think your comment was worth reading?
I apologize for getting stuck on your parenthetical but while pithiness is a fine aspiration in a North American business setting, pithy reads generally can't exist without more detailed and nuanced long-form analyses, and the latter face a more dire existential threat. You are right that pithy [writing] is an important skill, as are slow and deliberative reading and writing of longer form work
I'm not claiming the original post is detailed or nuanced, to be clear
To give a clearer example of what I was talking about, look at the linked article from my comment above. It is much longer than the original article from this post, but it (a) starts with a TL;DR, so it gives me a summary that lets me know if I want to read it in the first place, (b) combines detailed original research with analysis and opinion, and, IMO (c) continually adds new information/insights so it builds on itself.
Obviously not apples-to-apples comparison to this article as they have different purposes (original research vs. pure opinion), I just point this out because a bunch of comments seem to be stuck on the idea that I was saying "don't write anything that doesn't fit in a tweet", and that wasn't my point at all.
OK, that's fair -- it sounds to me though that it's less about pithiness, or that this word might be too narrow. To me it sounds like you are talking about accessibility, in the sense that you'd like more care from writers in structuring their writing with consideration for legibility to the reader. In that I am with you
I’ve read it, it’s taken me about ten minutes, and it’s been refreshing to read something that is not sloppy. The page design and type are soothing, too.
I don’t agree with everything that the article says but it soulfully blends concepts in history, politics, economics, cryptography and AI.
I don’t think the author could’ve compressed it without precisely sacrificing the essay’s soul.
I bought a used 16 GB Intel A770 GPU for $200, and it's capable of running pretty powerful open stable diffusion and large language models.
Sure, I could get more performance out of proprietary models on much more expensive hardware, but there's diminishing returns, and consumer hardware and open models keep getting better.
I don't think the big investments into hosting models will pay off, especially as the base-line capabilities of integrate GPUs become enough to run a good model at home.
I had a similar thought, though not as extreme, the second they started nerfing and filtering models
Their intensions were good, they always are, but the minute you decide to nerf something powerful for someone, it means someone out there has access to the full blown, unnerfed version
Which means there are powerful people out there using AI in ways or for activities in which you will never be allowed to anyway
Maybe not. You stated "Every country will pursue it as far as it can, and given the multipolar world we are back in, and our recent record with treaties and commitments, I do not believe there will be global alignment on risk reduction" and that is true. While Anthropic may hold of releasing Mythos I don't think they will for long. As long as there is someone somewhere in the world that releases a competing model then Anthropic will be forced to release Mythos. This also assumes that its not a marketing tactic from Anthropic in the first place, build suspense before releasing it.
I would like to see more countries capable of producing frontier models. At the moment we have two in the world but many countries are building their own national models and AI infrastructure and may join the race.
Having a multipolar world may actually result in more freedom in gaining access to frontier models.
It's long been conventional wisdom that you shouldn't write your own crypto libraries - leave that to experts. But excellent open source libraries are available, which do get reviewed by experts. And if you're willing to study, maybe you can learn enough about cryptography to become one of the experts?
I'm wondering what other security-sensitive software that might become true of in the era of Mythos-or-better AI's?
There will still be open source projects that anyone could learn enough to contribute to, but maybe starting from scratch and writing your own becomes less feasible if you aren't attracting enough attention to get attention from people with access to the best AI's?
For example, Linux patches are going to get expert reviews, but maybe your homegrown OS won't?
Someone must have written the existing crypto libraries, so obviously they have not followed the conventional wisdom.
The advice that you should not write crypto libraries must be taken very seriously, but you must understand that its meaning is just that this is one of those things that is harder than it seems, so you must not try to do it before being thoroughly prepared for this, because there are no shortcuts, and there are a lot of otherwise good professionals in programming who have made fools of themselves by implementing amateurish cryptographic solutions that demonstrated ignorance about how such things must be done.
It is pretty much impossible for anyone to understand well enough all that you need for writing correctly a crypto library after a few days or weeks of study, but after a few years of studies and exposure to all relevant cryptographic literature, any competent programmer could become able to write a good cryptographic library.
An intensive cryptography course of a few months would have been sufficient, except that I have never seen any single teacher that I could consider good enough to teach everything. Many things that I consider very important I had to gather from multiple sources, after thinking very carefully about which of them were right and which of them were wrong.
Fortunately, today there are many more easily available sources for learning cryptography than a few decades ago. Like in other domains, now what has become difficult is not finding information, but distinguishing the correct and useful information from that which is either false or useless.
Similarly for writing an operating system.
For now, there is no evidence that Mythos has any special skills for discovering cryptography-specific weaknesses, like vulnerability to side-channels. All the bugs shown are the traditional bugs of careless programming, like out-of-bounds accesses or integer overflows.
Phenomenal analysis. I am actually going to start working on solutions for this. I am not willing to risk my kids becoming serfs because of misguided leadership at the foundational labs.
I interpreted their "too dangerous to release" comment as a statement about the current situation. If the model is truly as capable as they say, and the security issues so numerous, it makes sense to hold out until the biggest targets have been patched.
It'd only take one company deciding to not worry about safety, to change the calculus back to "we have to release this to stay competitive".
They have said that their harness that is used for finding bugs is running many times Mythos for each source file, with increasingly specific prompts, depending on the previous results, and all the independent runs are done in parallel.
I think we are going to look at the era between 2019-2025 as a very rare blip in the history of public AI access. Regardless of whether fears about Mythos end up being justified, the clear trend is
1. AI models are becoming better and better at causing massively disruptive effects, leaving up larger and larger liabilities, especially as laws and regulations are being passed/proposed which would put the responsibility of some mass disruption/hacking event on the company which serves the model that made it possible
2. The relative advantage of serving an AI model for inference in exchange for money is waning compared to the advantage of using that model internally for purposes which accrue money/power/leverage for that AI company. Why serve a model at 30 dollars/million tokens when you've discovered you can use that model to run a simulated Quant firm with a net profit of 300 dollars/million tokens? Why offer the model to companies so they can find zero-day exploits, when you can find them yourself and sell the discovery to companies which would may millions to avoid this exploit being taken advantage of?
3. Why serve models so another wrapper company like Cursor can make billions off your tokens, and then try to train their own models as fast as possible, trained on your outputs so they aren't dependent on you? The entire AI startup industry and like 90% of YC batches depend on being able to serve frontier models at a profit, mediated through some wrapper, why can't OpenAI/ANthropic, once their models are good enough to handle the ideation/organizational problem, become their own incubator for thousands of AI run startups, running on models way better than the public has access to?
As a consequence, there is less and less incentive over time to offer models as an API to the public.
> AI models are becoming better and better at causing massively disruptive effects
Anthropic chose to use their model to find a bunch of vulnerabilities. People have used much smaller models since to find the same issues. We are being set up to have certain pre-concieved notions about this model.
Ripping away AI access from the public at this point would be catastrophic for the world economy. It's just not happening.
Human race is indeed fascinating. We kill millions of cows for food while doing the following in the same breath.
A bronze sculpture unveiled in March 2026 in Almaty, Kazakhstan (near the Europe/Asia border region), honors strangers who formed a human chain to save a dog from the Sayran Reservoir in 2016. The statue, located along the canal embankment, symbolizes unity and collective action after the 2016 viral rescue.
if it is an actual leap, expect more 90% is good enough open weights to hit the next 6 months. Theres no reason competitors will hold underperforming models if they have to retool.
might as well do more marketing.
That dream was always a lie. But in the past, people could
purchase more in parity. You only need to look at income
versus housing cost in, say, Canada.
Realistically there should not exist any superrich, but
this seems hard to change. That means there needs to be
a different society be given as promise. Other countries
manage that. In the USA they have the orange oligarch who
said a while ago how there is no money for health care
because he has to invade countries and wage war. So much
for the "no more wars" promise.
The American dream was not a lie if you come from a country with no economic opportunity, or where the govt can just steal your successful business at any time. It's still not dead in that regard, although it's seen better days.
I doubt that Mythos is just so wonderful and not able to be replicated that we are actually being 'closed off' from frontier models.
For example, the people who Anthropic "trusts" with this "dangerous" model are a handful of fortune 500 companies? Seriously? Those are the people we trust?
We are going to have access to this within 6 months, and if we don't, someone else will offer an equivalent. Anthropic hasn't walked to the edge of the abyss only to be like "let the CEO's handle this!"
mythos has not been demonstrated doing anything dramatically different than other models. so as other comments say: very premature.
but the basic premise (shared among a lot of ai-doomers and ai-shamers), is that the bigs have somehow raped society (by training on everything available). this needs to be challenged: it implies quite a strong model of IP ownership, which is not what appears in law, or in founding documents (which are quite different from current law).
"Raping society" seems an appropriate term, though a better metaphor is cutting a public forest or mining in public lands, which are other examples of converting public properties into private properties.
Actually I, and apparently many others, would have no problem with the fact that companies like OpenAI or Google have gathered huge amounts of information from all over the world into their training sets.
What bothers me is that I do not have access to the same information. If I would try to run a bot, it would be blocked immediately by all sites. If I would copy pirated books or movies, that is supposed to be punishable legally.
None of what is forbidden for me was forbidden for the big companies. What I want is not that they should be punished, but I want for myself and for any other people the same rights, i.e. access to the same training sets.
For now, I must be grateful that a part of the hoarded information is available for the public in a non-deterministic manner in the existing open-weights models.
This is much better than nothing, but I would prefer access to the training sets, even if in that case the AI companies would keep for themselves any trained models. There are many tricks that they have used during training, but by far the input training data is much more important, since anyone can discover better training algorithms.
What I find unacceptable is that now they consider as their private property what they have mined from public lands.
> What I find unacceptable is that now they consider as their private property what they have mined from public lands.
So how do you propose to fix that without a law similar to copyright? (At least similar to the intent of copyright, the specific implementation leaves much to be desired, obviously.)
While I don't agree with your conclusion, I like the phrase -- "raped society" does quite well capture the feeling of violation I think many feel at having their own publications turned into machines meant to impoverish them.
> The Anthropic Mythos announcement is the first time in my life I’ve felt truly poor. Maybe because I grew up on the internet and it was the one permissionless place where you could have leverage and a shot at uncapped exploration and ambition. That is now changing with the gap between models that are publicly available vs those reserved for the already wealthy and pre-established.
The Internet was developed by the US state sector and handed off to the private sector in the 90’s. Then it worked as an open space until it didn’t any more. Predictably driven by corporate interests.
> In 1893, Frederick Jackson Turner argued that much that is distinctive about America was shaped by the existence of free land to the West where anyone could start over, and that this condition infused America with its characteristic liberty, egalitarianism, rejection of feudalistic hierarchy, self-sufficiency, and ambition.
A more asinine comparison could not have been picked.
It's not clear to me if the author talk about European invasion as the colonization pattern behind pretended American frontier, as it was lands that never any human had reached before.
Give it a few months and it will be just another model they are selling, but the NEWER model is just too powerful for the public.
Their writing about the model so far does say this is an issue where, for instance, you can't really use Mythos for interactive coding because it's so slow. You have to give it some work, go home, sleep, come in the next day and then maybe it'll have something for you.
All the AI labs and startups are still losing money hand over fist. Launching Mythos would require it to be priced well above current models, for a much slower product. Would the majority of customers notice the difference in intelligence given the tasks they're setting? If the answer is no, it's not economic to launch.
Really, I'm surprised they've done Mythos. Maybe they just wanted to exploit access to larger contiguous training datacenters than OpenAI, but what these labs need isn't smarter models, it's smaller and cheaper models that users will accept as good enough substitutes (or more advanced model routing, dynamic thinking, etc).
One thing to compare to would be what’s been paid for bug bounties in the past.
[0]: https://openai.com/index/better-language-models/
I believe they are starting to split hairs and the primary lever left is adding compute.
I think it's a reasonable choice to make given that Mythos actually does have cyber capabilities on that level. We already have evidence that large-scale scams are being perpetuated using AI models (such as AI video being passed as real, people deepfaking themselves in job interviews).
If you've noticed your new model can be trivially pointed at some open-source codebase with a prompt and harness that amounts to "find as many exploits as possible" and your results are non-trivially substantial and beyond what existing models can do given the same initial parameters, then a gated rollout seems the most reasonable option.
However, this claim is not true.
Anthropic has not given many details about the methods used, but nonetheless they have admitted using a very elaborate harness for finding bugs, which runs Mythos many times on each file of a project, with increasingly specific prompts.
Eventually, after a bug seems to be clearly identified, they do a final run of Mythos on that file, with a very specific prompt of the form:
“I have received the following bug report. Can you please confirm if it’s real and interesting? ...”
So the final results, including any exploits or patches, are produced when analyzing a known bug, not by searching randomly for bugs.
Thus the actual way to use Mythos is very far from "find as many exploits as possible". Any unskilled person would also need the complete bug-searching harness used by Anthropic, not only the bare model.
See: https://red.anthropic.com/2026/mythos-preview/
That is, Mythos will make it much easier to find lurking zero days, so just like responsible disclosure requires a security researcher to notify the software author first and give them some time to patch, giving critical infrastructure folks at least some time to analyze and patch systems seems reasonable to me.
If you make a better vulnerability scanner and find a bunch of vulnerabilites, you should try to get them fixed before making all the results public.
This whole "this model is too dangerous" ploy originated from (in my opinion severely misguided) activists who wanted to stop or slow AI development down as much as possible, spreading outlandish Doomsday scenarios wherever they could.
These online-first activists have always been a key driver of the success of the very thing they fight. They share the offending thing among themselves, making it go viral in process, and soon baiting these groups is the best marketing imaginable.
There were some rather interesting studies made on the subject around 2011, I particularly remember one made by Swedish jeans brand cheap Monday, but i can't find it now.
Eh, pressing X to doubt that. Maybe way back in the early GPT days, but once we got to GPT-4 these people could have completely disappeared and wouldn't have changed the trajectory we're on.
Anthropic was born out of the idea that they feel paternity over humanity. They believe by limiting access they are performing a necessary pillar of security in multiple facets.
I think it's up to the public, and articles like this are part of the public's voice, whether this belief is serious or not and secondarily whether it's okay to even posture this kind of belief since it inherently results in marginalizing the many and rewards an already very successful few.
For me, the seeming majority optimism and acceptance of “mythos’” as yet untold capabilities is betrayed as not real by the fact that one can’t react to it with the same reverence while framing it as a downside without being told “it’s not even out yet”.
“It’s not even out yet” should apply to both situations or neither.
Is no one else suspicious that they literally called it mythos?
I tend to agree here. Anthropic has built a reputation and now they are in a position where they can claim to have a model way more powerful than it might actually be, and by limiting its access, there won't be an independent way to test it. I'm not denying that it's not smarter than Opus, but probably it's somewhat exaggerated.
It’s the same stuff inside as all the others.
The stated purpose of Glasswing is to give infra and security orgs the chance to close holes and improve their security. In that context, it seems odd to call for not providing them access with the justification being that they have security breaches sometimes.
Mythos may or may not itself be opened to the public at some point, but I would charitably expect that Anthropic plans that a future model at least as good as Mythos Preview will be, and the limited release for Mythos is intended to make that eventuality safer by having most of the existing holes patched.
AI is not something discovered by scientists and plucked out of the ether. It's engineered and controlled, for profit, by corporations which have demographics and KPIs. These companies don't owe you anything, and they make no promises.
If you're running a business that deeply relies on AI, you might as well add Sam Altman to your board of directors--because he has just as much control over your company as you do. If they have a bad quarter and need to increase rates by 1000%, your choices are to pay up or shut down.
This Mythos situation is just the beginning. Not only do they have everyone hooked, but they've actively stalled the personal skill growth of millions of people who fell into vibe-coding rather than genuinely learning. And now they have that choice: Pay up, or shut down.
But that doesn't mean we live with same standards. Lack of regulations in electricity led to a lot of deaths and disaster which is why it was regulated.
But we dont live in the start of 20th century, we live in 2026 and we must learn from the past instead of helbent on repeating it.
Another choice is to switch to a different model, perhaps open source this time.
We're still not at the point where one person with a coding agent can max out their salary in effectively using credits, so the capability is still well within reach of the vast base of the industry.
Meaning that for now, most people who want to pay for the product (which IMO is pretty reasonably priced for what it does) will be able to get the product.
The economics will make sure of that. The market is ripe for someone basically copying the likes of Mythos and pricing it competitively.
I take a contra view and instead see this as fuel on the fire for tinkering to squeeze advanced functionality out of more available things.
It has always been like this, the amateur improvising tooling and equipment to outdo companies with comparably infinite resources.
This is false. Yesterday's article did not actually show this, and there are many comments in the discussion from actual security people (like tptacek) pointing that out.
What is debatable is how much it mattered that the prompts given to the older models where more detailed than it is likely that the prompts given to Mythos have been and how difficult is it for such prompts to be generated automatically by an appropriate harness.
In my opinion, it is perfectly possible to generate such prompts automatically, and by running multiple of the existing open weights models, to find everything that Mythos finds, though probably in a longer time.
Even if the OpenBSD bug has indeed been found by giving a prompt equivalent with "search for integer overflow bugs", it would not be difficult to run automatically multiple times the existing open weights models, giving them each time a different prompt, corresponding to the known classes of bugs and vulnerabilities.
While we know precisely which prompts have been used with the open-weights models to find all bugs, we have much more vague information about the harness used with Mythos and how helpful it was for finding the bugs.
Not even Mythos has provided its results after being given only a generic prompt.
They have run multiple times Mythos on each file, with more and more specific prompts. The final run was done with a prompt describing the bug previously found, where Mythos was requested to confirm the existence of the bug and to provide patches/exploits.
See: https://red.anthropic.com/2026/mythos-preview/
So the authors of that article are right, that for finding bugs an appropriate harness is essential. Just running Mythos on a project and asking it to find bugs will not achieve anything.
Your example author, actually corrected themselves saying LLMs “possibly” could perform successfully: https://news.ycombinator.com/item?id=47732696
>> No, they didn't. They distinguished it, when presented with it. Wildly different problem.
https://news.ycombinator.com/item?id=47733343
Both Mythos and the old models have found the bugs after being given a certain prompt. The difference is only in how detailed was the prompt.
For the small models, we know exactly the prompts. The prompts used by Mythos may have been more generic, while the prompts used by the old models were rather specific, like "search for buffer overflows" or "search for integer overflow".
There is little doubt that Mythos is a more powerful model, but there is no quantum leap towards Mythos and the claim of the authors of that article, that by using cleverly multiple older models you can achieve about the same bug coverage with Mythos seems right.
Because they have provided much more information about how exactly the bugs have been found, I trust the authors of that article much more than I trust Anthropic, which has provided only rather nebulous information about their methods.
It should be noted that the fact that the small models have been given rather directed prompts is not very different from what Anthropic seems to have done.
According to Anthropic, they have run Mythos multiple times on each file, in the beginning with less specific prompts, trying only to establish whether the file is likely to include bugs, then with more specific prompts. Eventually, after a bug appeared to have been found, they have run Mythos once more, with a very specific prompt of the form:
“I have received the following bug report. Can you please confirm if it’s real and interesting? ...”
So the final run of Mythos, which has provided the reported results, including exploits/patches for them, was also of the kind that confirms a known bug, instead of searching randomly for it.
Governments and corporations controlled enormous mainframes far beyond the compute available to the hacker kid we were waxing nostalgic about, didn’t they? Not to mention the PhDs, the mountains of capital, and so on?
My money’s on team human.
I don’t agree with vibe coding, I see the appeal of an AI ticking through my code at night to see if tests could be better or I missed something, etc.
You could always take the time to do something or pay someone else to do it.
You pay others to focus on things you can’t.
Unless myths fully does that (which I say in full confidence that it doesn’t) it’s just making it cheaper to provide focus.
Jokes aside, this is just a different flavor of the same promise we see with each new technology, and 9/10 times it just ends in worse professional environments.
Including speaking to humans/bots with more resources to monetize said work.
> you had agency
Distribution is also helpful for revenue generation.
The Elons/FANGS are generally doing fine though.
Nemotron is:
1. Not just open weight, but open data (to the limits of what is feasible), open recipe, open technique
2. In the future built by a coalition of organizations coming together to build great openly developed AI.
Nemotron 3 Super is our most successful model yet. [1]
Ultra is coming soon. And then Nemotron 4.
We can afford to do this because when AI grows, NVIDIA's opportunity also grows.
[1] https://kaitchup.substack.com/p/the-fastest-and-cheapest-120...
1. Help NVIDIA design future systems for AI by more deeply understanding what it takes to build AI.
2. Keep the AI ecosystem strong and diverse throughout the world by providing AI infrastructure that many companies can innovate on.
This is not a science project, nor is it for the joy of giving something away. Both of these reasons are core to NVIDIA.
Great to see they were able to spin their lack of resources and money losing business model into an abundance of benevolence and concern for the proletariat.
There is obviously tons of leeway it who gets to say what is "AGI", and so far it seems like OpenAI's charter isn't worth the paper it's printed on. I still find it funny that Altman and Amodei couldn't even bring themselves to hold hands at that AI summit, https://www.reddit.com/r/ClaudeAI/comments/1r8ua2j/sam_altma... , so I'm getting a chuckle at the thought that Altman would be like "Whelp, close er up, boys, Amodei won, so time to merge..."
As we all well know this message is great when there one or two private providers that can kick you from an entire market with no way of challenging them.
There’s a whole lot of traffic they are servicing that comes at a cost with no revenue in return. Why would you choose to forgo potential revenue for this?
> You can generate your own electricity with a solar panel (think local models), but most people would rather pay a utility bill. And the power company doesn’t decide, on the basis of pedigree, who is worthy of electricity. Intelligence should work similarly, where the capabilities you can access scale may scale with vetting and due process, but the presumption should be access. Add safety guardrails to restrict dangerous use; start by making them overly trigger-happy if you must, and calibrate over time. But the default should be to allow entry.
What? All evidence points in the opposite direction.
Much better than hiding it away where it can't help anyone.
1 month later: whoopsie my lib got hacked and the hackers stole a bunch of stuff. Sorry guys.
It just wouldn't be good PR. And this is the best case scenario.
So, opportunity for individuals comes from disruption. Creative destruction is good up to a point, but it results from advancing capabilities. Technological advances compound and accelerate exponentially. Eventually we reach the point where any malcontent can destroy the world by snapping their fingers. At some point we need to place restrictions on the capabilities accessible to individuals. We have reached that point with nuclear weapons, and I think it is sensible to believe that AI is reaching that point as well.
In today's world, a new digital service is more likely to be successful when attached to celebrities than from pure PLG / Marketing.
What if this new model can start proving Millenial problems and provide insights in other fields that was not possible before?
My intuition says that a model that is as good will also be equally well aligned -- but it is still highly risky to give it to the general public because all you need is one jailbreak from bad actors.
At that point I think society would change so dramatically that "access to general public" would be a non issue. Rather, time would be spent on making abundance happen - you might think of the political struggles, economics and new ventures.
Its a bit sad that democratised access is not provided because of negative sum possibilities like cybersecurity.
What makes you think your comment was worth reading?
I apologize for getting stuck on your parenthetical but while pithiness is a fine aspiration in a North American business setting, pithy reads generally can't exist without more detailed and nuanced long-form analyses, and the latter face a more dire existential threat. You are right that pithy [writing] is an important skill, as are slow and deliberative reading and writing of longer form work
I'm not claiming the original post is detailed or nuanced, to be clear
Obviously not apples-to-apples comparison to this article as they have different purposes (original research vs. pure opinion), I just point this out because a bunch of comments seem to be stuck on the idea that I was saying "don't write anything that doesn't fit in a tweet", and that wasn't my point at all.
I don’t agree with everything that the article says but it soulfully blends concepts in history, politics, economics, cryptography and AI.
I don’t think the author could’ve compressed it without precisely sacrificing the essay’s soul.
Is this what everything is coming down to?
Sure, I could get more performance out of proprietary models on much more expensive hardware, but there's diminishing returns, and consumer hardware and open models keep getting better.
I don't think the big investments into hosting models will pay off, especially as the base-line capabilities of integrate GPUs become enough to run a good model at home.
Their intensions were good, they always are, but the minute you decide to nerf something powerful for someone, it means someone out there has access to the full blown, unnerfed version
Which means there are powerful people out there using AI in ways or for activities in which you will never be allowed to anyway
So yeah, this is just more of the same
I would like to see more countries capable of producing frontier models. At the moment we have two in the world but many countries are building their own national models and AI infrastructure and may join the race.
Having a multipolar world may actually result in more freedom in gaining access to frontier models.
I'm wondering what other security-sensitive software that might become true of in the era of Mythos-or-better AI's?
There will still be open source projects that anyone could learn enough to contribute to, but maybe starting from scratch and writing your own becomes less feasible if you aren't attracting enough attention to get attention from people with access to the best AI's?
For example, Linux patches are going to get expert reviews, but maybe your homegrown OS won't?
The advice that you should not write crypto libraries must be taken very seriously, but you must understand that its meaning is just that this is one of those things that is harder than it seems, so you must not try to do it before being thoroughly prepared for this, because there are no shortcuts, and there are a lot of otherwise good professionals in programming who have made fools of themselves by implementing amateurish cryptographic solutions that demonstrated ignorance about how such things must be done.
It is pretty much impossible for anyone to understand well enough all that you need for writing correctly a crypto library after a few days or weeks of study, but after a few years of studies and exposure to all relevant cryptographic literature, any competent programmer could become able to write a good cryptographic library.
An intensive cryptography course of a few months would have been sufficient, except that I have never seen any single teacher that I could consider good enough to teach everything. Many things that I consider very important I had to gather from multiple sources, after thinking very carefully about which of them were right and which of them were wrong.
Fortunately, today there are many more easily available sources for learning cryptography than a few decades ago. Like in other domains, now what has become difficult is not finding information, but distinguishing the correct and useful information from that which is either false or useless.
Similarly for writing an operating system.
For now, there is no evidence that Mythos has any special skills for discovering cryptography-specific weaknesses, like vulnerability to side-channels. All the bugs shown are the traditional bugs of careless programming, like out-of-bounds accesses or integer overflows.
It'd only take one company deciding to not worry about safety, to change the calculus back to "we have to release this to stay competitive".
1. AI models are becoming better and better at causing massively disruptive effects, leaving up larger and larger liabilities, especially as laws and regulations are being passed/proposed which would put the responsibility of some mass disruption/hacking event on the company which serves the model that made it possible
2. The relative advantage of serving an AI model for inference in exchange for money is waning compared to the advantage of using that model internally for purposes which accrue money/power/leverage for that AI company. Why serve a model at 30 dollars/million tokens when you've discovered you can use that model to run a simulated Quant firm with a net profit of 300 dollars/million tokens? Why offer the model to companies so they can find zero-day exploits, when you can find them yourself and sell the discovery to companies which would may millions to avoid this exploit being taken advantage of?
3. Why serve models so another wrapper company like Cursor can make billions off your tokens, and then try to train their own models as fast as possible, trained on your outputs so they aren't dependent on you? The entire AI startup industry and like 90% of YC batches depend on being able to serve frontier models at a profit, mediated through some wrapper, why can't OpenAI/ANthropic, once their models are good enough to handle the ideation/organizational problem, become their own incubator for thousands of AI run startups, running on models way better than the public has access to?
As a consequence, there is less and less incentive over time to offer models as an API to the public.
Anthropic chose to use their model to find a bunch of vulnerabilities. People have used much smaller models since to find the same issues. We are being set up to have certain pre-concieved notions about this model.
Ripping away AI access from the public at this point would be catastrophic for the world economy. It's just not happening.
OMG this generation - we can't separete the outrage from reality anymore.
Meanwhile 3000 people have died arbitrarily in Iran War -while we navel gaze.
A bronze sculpture unveiled in March 2026 in Almaty, Kazakhstan (near the Europe/Asia border region), honors strangers who formed a human chain to save a dog from the Sayran Reservoir in 2016. The statue, located along the canal embankment, symbolizes unity and collective action after the 2016 viral rescue.
That dream was always a lie. But in the past, people could purchase more in parity. You only need to look at income versus housing cost in, say, Canada.
Realistically there should not exist any superrich, but this seems hard to change. That means there needs to be a different society be given as promise. Other countries manage that. In the USA they have the orange oligarch who said a while ago how there is no money for health care because he has to invade countries and wage war. So much for the "no more wars" promise.
For example, the people who Anthropic "trusts" with this "dangerous" model are a handful of fortune 500 companies? Seriously? Those are the people we trust?
We are going to have access to this within 6 months, and if we don't, someone else will offer an equivalent. Anthropic hasn't walked to the edge of the abyss only to be like "let the CEO's handle this!"
It is simply not the edge of the abyss.
Are any AI labs claiming this?
but the basic premise (shared among a lot of ai-doomers and ai-shamers), is that the bigs have somehow raped society (by training on everything available). this needs to be challenged: it implies quite a strong model of IP ownership, which is not what appears in law, or in founding documents (which are quite different from current law).
Actually I, and apparently many others, would have no problem with the fact that companies like OpenAI or Google have gathered huge amounts of information from all over the world into their training sets.
What bothers me is that I do not have access to the same information. If I would try to run a bot, it would be blocked immediately by all sites. If I would copy pirated books or movies, that is supposed to be punishable legally.
None of what is forbidden for me was forbidden for the big companies. What I want is not that they should be punished, but I want for myself and for any other people the same rights, i.e. access to the same training sets.
For now, I must be grateful that a part of the hoarded information is available for the public in a non-deterministic manner in the existing open-weights models.
This is much better than nothing, but I would prefer access to the training sets, even if in that case the AI companies would keep for themselves any trained models. There are many tricks that they have used during training, but by far the input training data is much more important, since anyone can discover better training algorithms.
What I find unacceptable is that now they consider as their private property what they have mined from public lands.
So how do you propose to fix that without a law similar to copyright? (At least similar to the intent of copyright, the specific implementation leaves much to be desired, obviously.)
The Internet was developed by the US state sector and handed off to the private sector in the 90’s. Then it worked as an open space until it didn’t any more. Predictably driven by corporate interests.
> In 1893, Frederick Jackson Turner argued that much that is distinctive about America was shaped by the existence of free land to the West where anyone could start over, and that this condition infused America with its characteristic liberty, egalitarianism, rejection of feudalistic hierarchy, self-sufficiency, and ambition.
A more asinine comparison could not have been picked.