Anthropic's Mythos AI Reveals Security Gap: Model Finds Bugs but Company Won't Release It

Anthropic's decision to withhold its Claude Mythos Preview model from public release has exposed a revealing contradiction at the heart of the AI security landscape. The company announced last month that its new model possesses such advanced capabilities for identifying software vulnerabilities that it would only be accessible to a select group of partner companies—not the broader market. The framing positioned this as a responsible containment strategy. The reality may be more complicated.

Independent assessments suggest the capability gap Anthropic highlighted may be narrower than the company suggests. The UK's AI Security Institute evaluated comparable models and found that OpenAI's GPT-5.5, already available to the general public, demonstrates substantially similar performance in vulnerability detection tasks. Additionally, researchers at the firm Aisle successfully replicated Anthropic's published benchmarks using smaller, less resource-intensive models. The implication: the security edge Anthropic claims for Mythos may not be as exclusive as the company's controlled-release strategy implies.

The financial calculus behind the announcement warrants scrutiny. Running Mythos at scale carries substantial computational costs, and internal signals suggest Anthropic lacks the infrastructure or capital to deploy it broadly. By restricting access while publicly emphasizing the model's formidable capabilities, the company may be engineering a scarcity narrative designed to support its valuation. For enterprise security teams, the practical takeaway is less dramatic than the announcement suggested: comparable vulnerability-scanning tools already exist in the market, and the barrier to entry may be economic rather than technical.