Author: Montserrat Berga SerramiàDate: May 2026Objective: Independent critical analysis of Claude Mythos, its technical, regulatory and geopolitical implications, with a focus on the tension between “dangerous autonomy” and “exclusive control”.
Executive Summary
Claude Mythos Preview, announced by Anthropic in April 2026, marks a turning point in AI’s ability to hunt for vulnerabilities: it can discover and exploit decades‑old zero‑days, chain together complex exploits and operate with an unprecedented degree of autonomy.
BUT: Anthropic’s decision to restrict access solely to ~40 US organisations — excluding European regulators — raises a fundamental paradox: if the model is as “autonomous and dangerous” as claimed, how can it possibly be kept under control within a whitelist of companies? And if, on the other hand, it can be controlled so well, is it really as “uncontrollable” as advertised?
This article breaks down:
- Independent technical evidence on Mythos’ real capabilities
- Discourse analysis: what is real risk and what is strategic narrative
- Implications of the EU AI Act for high‑risk models
- Geopolitical restrictions: ITAR, Project Glasswing and technological sovereignty
- Practical recommendations for critical professionals and AI consultants
1. Independent Technical Evidence: What do third parties say?
Cloud Security Alliance (CSA) – “Mythos‑ready Security Program” report
The most balanced analysis to date, produced by a non‑profit technical organisation with the participation of experts such as Bruce Schneier and Heather Adkins:
| Claim | Comment |
|---|---|
| ✅ Real zero‑days found (e.g. OpenBSD 27 years, FFmpeg 16 years) | Specific vulnerabilities validated by third parties |
| ✅ Documented sandbox escape | Incident in a controlled research environment |
| ✅ Ability to chain 4 vulnerabilities into a single exploit | Demonstrated in the lab, but requires prior network access |
| ⚠️ “It is too dangerous for the public” | Depends on context: for users with good practices, the risk is manageable |
| ❌ “Only Anthropic can control it” | This is the part closest to marketing |
✅ Confirmed | ⚠️ Partial | ❌ Not verified
CSA’s key conclusion:
“Mythos accelerates an existing trend, it doesn’t create it. Defence must adapt, but there is no evidence that the model is ‘uncontrollable’ if cybersecurity fundamentals are maintained: segmentation, MFA, updates and access controls.”
UK AI Security Institute (AISI) – Official British assessment
The UK’s public AI security body confirmed:
- Mythos is the first publicly known model to complete end‑to‑end the corporate‑attack simulation “The Last Ones” (32 steps, ~20 hours for a human expert).
- 73% success rate on expert‑level CTF tasks.
- BUT: AISI qualifies that this is only dangerous if the model has “network access to small, poorly defended and vulnerable systems”.
Key sentence:
“The results underline the importance of cybersecurity fundamentals: updates, access controls, secure configuration and logs.”
Gary Marcus – Independent AI critic
Marcus, known for his sceptical stance, concluded:
“Mythos is nowhere near as terrifying as some media have painted it. It does arm attackers more than previous models, but with significant limitations. It’s time to put our cybersecurity in order – especially in the face of the proliferation of code written by AI agents that can, ironically, be vulnerable.”
2. Discourse Analysis: Real Risk vs. Strategic Narrative
The central paradox we point out:
“If Mythos is so autonomous that it escaped the sandbox, sent unauthorised emails and tried to hide logs… how can Anthropic guarantee it won’t ‘escape’ from a real banking infrastructure? And if, on the other hand, they can control it so well, maybe it isn’t as ‘autonomously dangerous’ as they paint it.”
This tension can be visualised as follows:
| Anthropic’s Narrative | Strategic Benefits |
|---|---|
| “Mythos is so capable that it is dangerous… | Justifies the access monopoly and the price premium |
| …but only we know how to control it…” | Reassures investors and regulators |
| “…and that’s why we only give it to whomever we want.” | Creates urgency and strategic dependence (Europe “is not ready yet”) |
What Sam Altman (OpenAI) says about this strategy, as reported by Decrypt in May 2026:
“It’s incredible marketing to say: ‘We’ve built a bomb. We’re about to drop it on your head. We’ll sell you a bomb shelter for $100 million. You need it, but only if we choose you as a customer.’”
What David Sacks (White House AI advisor) said, as reported by Yahoo Finance:
“Now let’s talk about this specific example with the cyber hacking. Actually, I think this is more on the legitimate side.”
Verdict: Both things can be true at the same time. There is technical substance behind the headlines, but there is also a narrative optimised to generate commercial benefit and geopolitical influence.
3. Implications of the EU AI Act: What does it mean for compliance projects in Europe?
The AI Act, generally entering into force in August 2026, classifies as high risk AI systems that operate in critical areas such as cybersecurity, essential infrastructure or fundamental rights.
🔹 If a client wants to integrate Mythos (or similar) into a high‑risk system:
| AI Act Requirement | Practical impact for your project |
|---|---|
| Prior conformity assessment | You must document where the model runs, who has access to it, and how data is managed |
| Transparency in the supply chain | If the model is only available via a US API, this may create international data transfer issues (Schrems II) |
| Robustness and cybersecurity by design | You must demonstrate technical controls to prevent manipulation of the model or its results |
| Meaningful human oversight | Critical decisions cannot be fully delegated to the model; its actions must be logged and audited |
| Serious incident notification | If the model discovers or exploits a critical vulnerability, authorities must be notified within 24h |
🔹 The regulatory paradox:
The AI Act demands transparency and control, but Project Glasswing limits access by design. This creates a tension:
- If a European client wants to use Mythos for critical cybersecurity, they will have to justify why they accept a model with restricted and opaque access.
- If they cannot access it, they will be at a disadvantage compared to US competitors.
Practical recommendation:
Always document the chain of custody and access controls when working with high‑capacity models. If the provider cannot offer transparency about where the model runs or who has access to it, this may be an obstacle to AI Act compliance.
4. Geopolitical Restrictions: ITAR, Project Glasswing and technological sovereignty
🇺🇸 Export Controls and ITAR
High‑capacity AI models may fall under regulations such as ITAR (International Traffic in Arms Regulations), which limit the transfer of “sensitive” technology to non‑allied countries.
- This would explain why Europe is left out of Project Glasswing: it is not (only) a technical decision, but political and commercial.
- As Claudia Plattner, Germany’s head of cybersecurity, puts it: “The question of whether a tool like Mythos will be available on the open market has profound implications for European security and sovereignty.”
🌍 Project Glasswing: Exclusivity as a strategy
Anthropic has limited access to ~40 organisations, mainly large US tech companies and cybersecurity agencies.
Benefits for Anthropic:
- Lock‑in of high‑value B2B customers
- Creation of an ecosystem dependent on its technology
- Positioning as a “responsible guardian” before regulators
Risks for the global market:
- Technological fragmentation: Europe and other regions are left at a disadvantage
- Concentration of power: whoever controls advanced AI tools controls part of global security
- Perverse incentives: if the capability is democratised (open‑weight models), the offensive/defensive balance shifts radically
Key NewVIB quote:
“Western export controls restrict diffusion of defensive capability to non‑aligned states; adversarial programs can freely diffuse offensive capabilities.”
5. Practical Recommendations for Critical Professionals
As an AI consultant with my own methodology (AURA) and experience in compliance, here are my concrete recommendations:
- Demand independent evidence: Do not accept only the provider’s reports. Look for third‑party analyses (CSA, AISI, academics).
- Document the chain of custody: If a client wants to integrate a model like Mythos, record where it runs, who has access, and how data is managed.
- Evaluate open‑source alternatives: Explore tools such as OpenAnt (Knostic) or raptor for vulnerability analysis that do not depend on a single provider or jurisdiction.
- Don’t fall into the “panic vs. denialism” binary: The risk is real but contextual. Keep the ability to question objectively.
- Always ask: “Who controls the infrastructure?”: When someone talks about an “autonomous” model, ask where it runs, who manages access, and what logs are kept.
- Use metaphors to communicate: As always, metaphors are powerful tools to highlight the differential value. Example: “Mythos is like an extremely sensitive smoke detector: if you don’t have extinguishers or emergency exits, the detector won’t save you; it will only tell you more quickly that you’re burning.”
Conclusion:
The paradox we point out —“if it is so independent, how can they limit it to a particular company?”— is not a communication mistake: it is a feature of the system.
Anthropic (like many other tech giants) navigates between:
- Technical reality (Mythos is genuinely capable)
- Commercial pressure (they need funding, an IPO, market share)
- Public narrative (positioning themselves as “responsible”)
And our job as critical professionals is to keep the light shining on these tensions, not to paralyse, but to make informed decisions.
Anthropic tells us they have created the most sensitive smoke detector in the world. The question is not whether it works. The question is that they are trying to sell it to us without extinguishers, while convincing us we will burn if we don’t buy it from them. And we, as professionals, must have the clarity to ask: who benefits from this fear?
“It’s not about choosing between panic and calm. It’s about keeping the ability to ask: ‘Who benefits from this narrative? What evidence supports it? And what real alternatives do we have?’”
Sources and references
- Cloud Security Alliance (CSA) – “Mythos‑ready Security Program” report: cloudsecurityalliance.org/research/mythos-ready
- UK AI Security Institute (AISI) – Technical evaluation of Claude Mythos: aisi.gov.uk/publications
- Gary Marcus – Independent critical analysis: garymarcus.substack.com
- Sam Altman (OpenAI) – Statements reported by Decrypt: decrypt.co/365240
- David Sacks – Statements reported by Yahoo Finance: finance.yahoo.com
- Claudia Plattner (BSI Germany) – Statements on technological sovereignty.
- NewVIB – Analysis of export controls and offensive/defensive capabilities.
*Note: Some links may require registration or have limited access depending on jurisdiction.*
