Anthropic Expands Mythos to 200 Orgs as It Warns of 100M Risk

On June 3, Anthropic published two sentences in the same blog post. The first says it is expanding access to its Mythos model to roughly 150 new partners across more than 15 countries. The second says that for most of those partners, "a successful attack could affect more than 100 million people, with significant ramifications for both global and national security." Both sentences sit in the same paragraph. Anthropic signed off on it anyway.

What Mythos Does, and for Whom

Mythos is Anthropic's most capable cyberdefense model. Announced on April 7, it was kept inside a closed cohort called Project Glasswing from day one: Apple, Microsoft, AWS, Cisco, CrowdStrike, Google, JPMorgan Chase, Nvidia, Palo Alto Networks, plus around thirty others. Stated mission: scan partners' codebases to find vulnerabilities before an attacker does.

Two-month tally reported by Anthropic: more than 10,000 vulnerabilities flagged as "high" or "critical" by participants. Mozilla confirmed the number in April on Firefox, with a caveat nobody forgot: "no category of vulnerability beyond the reach of a skilled human researcher." Mythos accelerates defensive work, it does not reinvent it.

The June 3 expansion quadruples the perimeter. The cohort jumps from around fifty organizations to roughly 200, in at least fifteen countries. India, Canada, Australia, France, Germany, Japan, and South Korea are the first real deployments outside the US. On the Korean side, Samsung, SK Hynix, SK Telecom, and the public KISA agency join. NATO and Okta also come in. ENISA, the EU cyber agency, is the first non-US institutional body inside Glasswing.

The new sectors are precisely the ones Anthropic describes as touching 100 million people per partner: energy, water, healthcare, telecoms, hardware.

The Sentence, Word for Word

The passage in the official post deserves to be read slowly.

"For most of these partners, a major attack could affect more than 100 million people, with important ramifications for both global and national security."

A bit later:

"Cheap, fast AI models with powerful cyber capabilities are around the corner. Within 6 to 12 months, we expect many other AI companies will have Mythos-class models."

And the sentence that justifies the whole plan:

"We (and, to our knowledge, all other AI developers) have yet to develop" guardrails strong enough for a public release.

The logic is straightforward. Anthropic says: we don't have the guardrails, our competitors don't either, but they'll have the model in six months. So we hand our version to 200 chosen organizations so they can patch ahead.

The accepted risk is that one of those partners, or one of their subcontractors, gets compromised and the offensive capability leaks. Worst-case cost: 100 million people per partner hit. Expected benefit: a few months of defensive lead time over open-weight models that will have the same capabilities by year's end.

That math can hold. It just won't be called "safety": it's an industrial decision that internalizes a catastrophic risk in exchange for a temporary operational lead.

The April Incident Nobody Forgets

The precedent exists. On April 21, the very day Anthropic publicly presented Mythos, an unidentified group accessed the model through a third-party vendor's environment. Method: URL guessing based on Anthropic naming conventions, plus passive help from an employee at that subcontractor. The model "too dangerous to release" became partially accessible twenty-four hours after its announcement. Anthropic "investigated," with no public figure on the actual scope of the leak.

Six weeks later, the perimeter quadruples. Every new partner adds an attack surface, subcontractors, dependencies. The calculus that held at 50 organizations now has to hold at 200. The post doesn't say how.

The Political Safety Net: an Optional Audit

On June 2, the day before the Anthropic announcement, the White House signed the executive order "Promoting Advanced Artificial Intelligence Innovation and Security." The mechanism: AI developers can voluntarily submit their most powerful models for a federal review for up to thirty days before public release. One clause cuts any ambiguity: nothing in the text creates an obligation, license, preclearance, or permitting requirement. Participation is offered, not required.

The official trigger, per outlets close to the file, is precisely the April Mythos episode. A private company announces a model it deems too powerful to publish, partly loses control within twenty-four hours, and the political answer is to politely ask companies to accept a voluntary audit.

Anthropic praised the order as "an important step in strengthening America's leadership in AI." OpenAI called for a framework built "through democratic institutions, informed by technical expertise." The two statements are not saying the same thing, and the gap between them is exactly the zone the order leaves open.

The Word That Stopped Describing Anything

Anthropic is the company founded in 2021 by ex-OpenAI staff worried about AI risks. The word "safety" has been its trademark from day one. It's the argument behind its valuation, its government contracts, its positioning against OpenAI.

On June 3, that same company is handing its most sensitive model to 200 organizations while writing in plain text that a successful attack on one of them would hit 100 million people. Daniel Stenberg, maintainer of the cURL open-source project, calls Mythos Preview "an amazingly successful marketing stunt." Kevin Beaumont, a security analyst widely known in the field, puts it shorter: "marketing, essentially."

At European level, the signal is read without ambiguity. ENISA joins Glasswing, while simultaneously publishing a position paper pushing for a "European Glasswing" coordinated by CERT-EU with ANSSI, BSI, ACN, and CCN-CERT.

France, Germany, and Italy back a mirror consortium powered by Mistral, Aleph Alpha, Pasqal, Thales, and OVHcloud, with 500 million euros from the Digital Europe Programme on the line. Bruce Schneier put it in one sentence: if Anthropic refuses to share with ANSSI, BSI, or ENISA, the state-level asymmetry that follows will eventually blow up.

British banks already learned this the hard way. HSBC, Lloyds, Nationwide, Bank of England: excluded from Mythos. Bank of England Governor Andrew Bailey made it publicly known he didn't like it. Nine UK banks were redirected to OpenAI's GPT-5.5 Cyber as a consolation prize. Liam Salsi, an analyst quoted by The Register, has the most direct read: the US government wants to control who has access to the platform, because it limits the odds of it falling into the wrong hands.

This is foreign policy, run by a private company valued near 1 trillion dollars, signed off by a voluntary federal audit. The word "safety" describes this setup. There's not much left inside it.

If you're a customer of a bank, a telecom, an energy provider, or a hospital among the 100 million per affected partner (and statistically, you are several times over), your operational security now depends on 200 organizations whose full list is not public. The referee of the perimeter is filing its IPO paperwork the same day as the announcement. The political safety net is voluntary for thirty days.

Anthropic published both sentences at the same time. That's probably the only thing worth keeping from that day.