I spent part of this week reading the coverage of the Altman and Amodei spat over cybersecurity AI. Sam Altman called Anthropic's restricted release of Mythos "fear-based marketing." Anthropic said nothing particularly useful in response. Within days, OpenAI announced it would do the exact same thing with its competing tool, Cyber, and the story became a satisfying piece of business gossip about a tech CEO saying something he would immediately have to walk back. Almost every headline I read was about the hypocrisy. Almost none of them were about the actual news.
The actual news is this: Anthropic has built an AI model that can autonomously identify software vulnerabilities, build its own hacking tools, and break into digital infrastructure independently, without human direction. Researchers who tested Mythos found it could "break into digital infrastructure easily" and could go "far beyond just assisting humans by acting on its own." It identified system issues and exploited them without prompting. It targeted Linux. It constructed its own attack tools. I want to be precise about what that means, because the competitive business framing of the coverage makes it easy to miss. We have built an AI that can, in the domain of cybersecurity, act agentically. Not hypothetically, not in a controlled benchmark, but in a deployed model that multiple parties have now tested against real infrastructure.
Current AI is, in most domains, fundamentally reactive. It waits for a prompt, produces a response, waits again. The threshold that matters is when that changes: when a system can perceive an environment, reason about it, decide on a course of action, execute, and adapt, without human direction at each step. What the Mythos disclosures are describing, in the narrow domain of offensive cybersecurity, is something that has crossed that line. The model perceives a system, reasons about vulnerabilities, decides what to target, acts, adapts. That is not a chatbot. That is an agent.
The safety community has spent years on the alignment problem: how do we build AI systems that pursue the goals we intend rather than some adjacent goal we did not anticipate? It is an important question. But the Mythos situation illustrates a different category of problem, one that alignment research does not address. Mythos is not a misaligned system. It is doing exactly what it was designed and trained to do. The danger is not that it will turn on its operators; the danger is that the capability itself is hazardous in proportion to how well the system works. A perfectly aligned Mythos that autonomously hacks critical infrastructure when instructed to by a bad actor is not a failure of alignment. It is a success of capability that produces harmful outcomes when access controls fail.
And access controls do fail. Someone reportedly gained unauthorised access to Mythos within its first weeks of restricted deployment. I am not surprised by this, and neither should anyone else be. Restricted releases have always leaked, not always quickly and not always completely, but the history of high-value restricted access systems is a history of gradual erosion. The value of what is being restricted creates pressure to circumvent the restriction. The more valuable the capability, the higher the pressure. Both companies are now running vetting programmes that will, over time, expand the circle of access. The US government intervened to slow that expansion because officials were, genuinely and appropriately, worried about what happens when the circle gets wide enough to include someone with bad intentions and competent enough to use the tool.
What I find striking is the gap between the seriousness of what was disclosed and the register in which it was discussed. We crossed something this week. We built a system capable of autonomous offensive action in the domain of digital infrastructure, we deployed it, and the public conversation about it was organised almost entirely around whether Altman looked bad. The safety community, which I have considerable respect for even when I think alignment is insufficient as a frame, was not the story. Governance was not the story. The Pentagon, which was explicitly worried enough to intervene, was a single paragraph in most pieces.
I am not arguing these tools should not exist. The people who defend critical infrastructure need the best tools available, and if autonomous vulnerability identification is achievable, refusing to build it does not prevent it from being built. It prevents it from being built by people who will, at least, subject it to some vetting process. The race to build was probably inevitable the moment the underlying capability appeared to be within reach. What was not inevitable was the absence of serious parallel investment in the governance structures required to handle it. We built the weapon and then negotiated the arms control treaty in real time, under competitive pressure, after the weapon was already in hands we could not fully account for.
Does the public know what Mythos actually is? The coverage suggests they do not, or at least that nobody thought it important to tell them plainly. That gap between what is happening and what we are choosing to discuss is not a small thing. If you believe, as I do, that the AI decisions being made in the next few years will determine a great deal about what comes after, then the quality of public understanding of what is actually being built matters enormously. A week of "Altman looked hypocritical" is not that.