When Anthropic announced that its new Mythos AI found thousands of high-severity vulnerabilities in major operating systems, web browsers, and core cryptography libraries, it opened an explosive debate. Should access be limited to reduce risk? Or should defenders be given wide access to stop attackers who will find the tools regardless?
The answer is far from obvious.
The White House opposes plans to expand access to Mythos beyond its initial limited group. The administration cites security risks. It is even considering requiring AI companies to vet frontier models with the government before releasing them — a potential volte-face from its previous light-touch regulatory approach. An Executive Order was soon expected to be released, though it has been postponed due to internal debate.
Companies stake out the opposite view. Although Anthropic itself refused a widespread public release of Mythos, it did ask to expand access to additional trusted organizations. OpenAI’s cybersecurity action plan goes further. It argues that attackers will not wait. Criminal groups will adopt whatever tools are available. The best way to reduce national risk is to responsibly equip and accelerate trusted defenders faster than adversaries can adapt. OpenAI calls this posture “controlled acceleration,” backed by a tiered access program for vetted defenders
The debate upends traditional cybersecurity standards. Until now, companies were encouraged to practice responsible disclosure: find a vulnerability, notify the vendor, allow time for a patch, then publish. Responsible disclosure practices were hard-won.
Frontier AI models do not erase these disclosure rules, but they strain them. When a model like Mythos can find in hours what took a skilled researcher months, the window for responsible coordination narrows. And when that model is controlled by a private company rather than a government or independent researcher, the question of who decides whether to disclose (and to whom, and when) becomes fraught and charged.
So far, Anthropic has chosen restraint. Rather than publishing what Mythos finds or making it broadly available, the company restricted access to a limited private release, coordinating quietly with a small group of infrastructure operators and firms. In practice, Anthropic is behaving like a regulator: setting the terms of disclosure, access, and deployment.
The scale of AI adoption across government makes that regulatory vacuum hard to ignore. The National Security Agency is reportedly using Mythos. The CIA has moved well beyond testing, actively integrating AI into its core analytic platforms. Frontier AI has become operationally indispensable to the institutions most responsible for national security well ahead of any governance framework designed to oversee it.
The gap between rapid government adoption of AI tools and slow construction of regulatory oversight structures leaves the AI companies filling the void. They might not be seeking the authority, but someone has to exercise it.
This is new institutional territory. Defense contractors build to government specifications and operate under strict procurement rules. Traditional tech companies sell products and manage liability. Frontier AI labs occupy neither category. They are developing capabilities that outpace the regulatory imagination, and they are writing the rules themselves.
The diffusion of AI capabilities is unlikely to remain confined to Anthropic and a handful of peers. As models proliferate and techniques become widely understood, the barrier to entry for sophisticated cyber operations may fall, for both state and non-state actors.
Every major offensive capability that has passed from elite hands to wide circulation has followed the same arc: early containment, gradual diffusion, eventual democratization. There is little reason to believe AI-assisted vulnerability discovery will be different.
Governments and AI labs are circling each other. The White House wants control. OpenAI wants speed. Anthropic wants caution. Mythos is exposing the gaps in AI governance. Unlike a software patch, there’s no obvious fix
Elly Rostoum is a Resident Senior Fellow with the Center for European Policy Analysis (CEPA).
Bandwidth is CEPA’s online journal dedicated to advancing transatlantic cooperation on tech policy. All opinions expressed on Bandwidth are those of the author alone and may not represent those of the institutions they represent or the Center for European Policy Analysis. CEPA maintains a strict intellectual independence policy across all its projects and publications.
Tech 2030
A Roadmap for Europe-US Tech Cooperation
