Technology

Controversy

SMALL MODELS FIND THE SAME ZERO-DAYS AS MYTHOS: THE NARRATIVE OF THE "DANGEROUS AI" HAS A TRAP

One detail that was buried under the media impact of the Mythos announcement: small, accessible open source models found exactly the same vulnerabilities. Not some. The same ones. What that reveals about the narrative of AI control deserves more attention than it received.

By Daniel Reyes···5 min read·
Small open-source models find the same zero-days as Mythos

Small open-source models find the same zero-days as Mythos

When Anthropic presented Claude Mythos in April and announced that it would not be released to the public due to its cybersecurity capabilities, the dominant narrative was clear and powerful: we are facing a frontier model so advanced that it can only be in the hands of the greatest. A technological weapon so sophisticated that its access must be controlled like uranium enrichment. A tool that, if it fell into the wrong hands, could collapse the security of global computer systems.

That story is partially true. But there is one piece of information that was overshadowed by the media noise and that significantly changes the analysis: small open source models—accessible to any researcher with a modern laptop, without the need for special contracts or enterprise-level infrastructure—found exactly the same vulnerabilities as Mythos. Not similar vulnerabilities. Not vulnerabilities of the same type. The same ones, in the same systems.

What does that say about the real problem

If the vulnerabilities found by Mythos can also be found by significantly smaller and more accessible models, then the decision not to publish Mythos does not solve the underlying problem. It only postpones it slightly, and probably with negative side effects that are not being discussed.

The real problem is not that Mythos exists. The real problem is that the ability to find vulnerabilities in code automatically has reached a level where even relatively modest models can do what previously required teams of human experts spending months on it. That capability does not disappear because Anthropic decides not to publish its most powerful model. It is distributed. Is available. And it will continue to improve regardless of Anthropic's decisions.

Controlling Anthropic does not control the problem. The problem is that the ability to find vulnerabilities in code in an automated way is already distributed in the open source ecosystem. Mythos is the visible tip of an iceberg that no one is looking at in its entirety.

The perverse incentive of selective control

There is a structural incentive to the controlled access model that Anthropic has adopted with Mythos that deserves to be noted. By restricting access to the twelve largest partners—Google, Microsoft, Apple, Amazon, Nvidia, JPMorgan...—Anthropic is creating an oligopoly of advanced cybersecurity capacity. Organizations that have access to Mythos can use it to find and patch vulnerabilities in their own systems. Those that do not have access—which are the majority of the world's companies, the majority of critical infrastructure in developing countries, the vast majority of open source projects—are left in a position of structural disadvantage.

If malicious actors have access to equivalent models—either because they develop them independently, because they leak them, or because they build on the open source capabilities that are available—then Anthropic's controlled access model has not improved overall security. It has created a world where well-funded attackers and big American tech have the best tools, and everyone else falls in the middle.

The small models argument — what we know

  • Medium-sized open source models found the same specific vulnerabilities as Mythos
  • Static code analysis tools with AI have been identifying similar classes of vulnerabilities for years
  • The increase in Mythos capacity is real but not exclusive: the open-source ecosystem converges towards the same capabilities
  • Restricting access to Mythos does not eliminate risk; moves it towards less controlled models
  • A week after Mythos, OpenAI launched its own limited access cyber defense program — the race is on

The "dangerous AI" narrative as a competitive strategy

There is a deep tension in how AI companies manage communication about the risks of their own models. On the one hand, they have a genuine incentive to be transparent about the dangerous capabilities they discover, because hiding them would be ethically problematic and potentially harmful. On the other hand, the "our model is so powerful it's dangerous" narrative is one of the most effective ways to communicate technological leadership in a hypercompetitive market.

Mythos was presented as the most capable model in Anthropic's history—outperforming in all benchmarks, including extraordinary leaps in advanced mathematics—and simultaneously as too dangerous for the general public. That positioning serves multiple purposes: it establishes Anthropic as the industry's technical leader, it justifies controlled access that benefits its most important partners, it generates massive media coverage that amounts to free publicity, and it creates a framework in which Anthropic appears as a responsible actor that prioritizes security over commercial benefits.

All of this can be simultaneously true and also serve as a competitive positioning strategy. The sophistication of Anthropic's communication around Mythos is notable precisely because it makes it very difficult to distinguish where genuine alarm ends and sophisticated marketing begins.

What is indisputable

Beyond the debates about narrative and incentives, there is one element of the Mythos case that is beyond doubt: the vulnerabilities it found are real and have been patched. A 27-year-old bug in OpenBSD, a 16-year-old bug in FFmpeg that survived five million automated tests: those are concrete vulnerabilities, in real code, that could have been exploited and can no longer be exploited, thanks, at least in part, to the work of Mythos.

The legitimate debate is not whether Mythos has contributed to improving global security—it clearly has in those specific cases. The debate is whether the chosen management model—controlled access to the big guys, exclusion of the rest—is the best possible response to the problem, or whether there are alternatives that would distribute defensive benefits more widely while maintaining the same level of control over offensive uses. That question does not have an easy answer. But just because it's not easy doesn't mean it shouldn't be done.

The bigger picture: The race between offensive and defensive capabilities in cybersecurity is as old as cybersecurity itself. What changes with AI is speed and scale. A model like Mythos is not only faster than a human researcher searching for vulnerabilities: it can simultaneously explore search spaces that no human team could cover in years. That asymmetry of scale is the new challenge. And so far, no actor—not Anthropic, not governments, not affected companies—has a completely convincing answer on how to manage it.

Share this article

Related Articles

Trump declares Anthropic a risk to the supply chainControversy

Technology

TRUMP DECLARED ANTHROPIC "A RISK TO THE SUPPLY CHAIN" FOR HAVING ETHICS

Defense Secretary Pete Hegseth in February applied to Anthropic the same classification typically used for companies with ties to foreign adversaries. Anthropic's crime: refusing to remove safeguards that prevented its AI from being used in mass surveillance and autonomous weapons without human supervision.

·5 min read