Why Anthropic Is Hiding Claude Mythos and What It Means for China

Anthropic has built Claude Mythos, which it describes as the most powerful AI model on the planet, but the model is not released publicly. Access is limited to a select group of companies—including Amazon, Microsoft, Apple, Google, NVIDIA, CrowdStrike, and Palo Alto Networks—while no API, subscription, or enterprise licensing is offered.

Purpose and Core Capabilities

The model is positioned as an "AI‑version top hacker + white‑hat + code‑audit master". According to Anthropic’s own statements, within a few weeks it can autonomously discover thousands of zero‑day vulnerabilities, sweep operating systems, browsers, and core open‑source software, and uncover many high‑risk, remotely exploitable bugs that could persist for decades. It can also automatically generate exploit chains and obtain privileged access.

UK security agency testing reported a 73% success rate on expert‑level CTF challenges.

In a 32‑step enterprise attack‑defense simulation, the AI completed the entire process from start to finish for the first time.

Across ten runs, it succeeded three times, averaging 22 steps per successful run.

Why Anthropic Keeps It Closed

Anthropic argues that the risk is too great: 99% of the vulnerabilities the model finds remain unpatched, and even users without security training could write functional exploit code the next day. Releasing the model could empower black‑market actors, script kiddies, and large‑scale hackers.

To mitigate this, Anthropic created "Project Glasswing", locking the model within a white‑hat ecosystem and allowing it only for defensive purposes such as vulnerability remediation.

Geopolitical Dimension

The model’s limited distribution forms a "US‑centric AI" ecosystem. The list of approved users consists entirely of major US technology and security firms. Anthropic plans to extend access to about 40 critical software‑infrastructure institutions, aiming to build an AI‑driven national network‑defense system that pre‑scans operating systems, browsers, open‑source components, cloud platforms, and financial systems, fixing issues before others discover them.

Implications for China

The article identifies four major consequences for China:

A widening gap in vulnerability‑discovery capability, as AI can automatically find zero‑days while traditional methods rely on manual effort and rule‑based scanning.

A widening gap in defensive ecosystems; the US combines model vendors, cloud providers, security firms, open‑source communities, and financial institutions into a closed‑loop AI defense.

Software supply chains become pre‑immunized, with AI automatically scanning and fixing components across Linux, Windows, macOS, Android, Chrome, FFmpeg, etc.

Control over rules defining which models can be opened, which capabilities are regulated, and which organizations are deemed trustworthy.

The author concludes that AI security has entered a "capability era" rather than a "content era". Capability safety—preventing the same AI ability from being used as a defensive shield or a large‑scale weapon—is roughly 100 times harder than traditional content‑based safety.

Recommended Path Forward

China should develop its own version of Project Glasswing, an AI‑native network‑defense system that includes:

Security‑focused large models capable of autonomous vulnerability discovery, automatic reproduction, and self‑remediation.

Integration with real codebases, supply chains, and critical infrastructure.

A closed‑loop workflow: discovery → reporting → remediation → verification.

Strict access controls, auditing, isolation, and sandboxing.

Collaboration among model vendors, cloud providers, security firms, open‑source communities, regulators, and enterprises.

Only by building such an AI‑driven defense can China keep pace with the emerging "AI defense moat" that the United States is constructing.