Something unusual happened in the artificial intelligence industry this week. Anthropic, one of the leading AI labs, built a model so capable that it chose not to release it. The model, called Claude Mythos Preview, is not just another incremental advance. It can autonomously discover and exploit serious cybersecurity vulnerabilities — tasks that have historically required elite human researchers working for weeks. In one instance, it reportedly identified and exploited a long-standing remote code execution flaw in FreeBSD that allows an attacker to gain complete control over a server from anywhere on the internet, starting from an unauthenticated position. No human was involved in either the discovery or exploitation after the initial prompt.
That is not just a technical milestone. It is a glimpse of a near future in which AI systems could dramatically accelerate both cyber defence and cyber offence.
Pausing the launch
To its credit, Anthropic did something rare in Silicon Valley: it paused. Instead of launching the model, it created Project Glasswing, a coalition that includes Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft and NVIDIA. The goal is to use the model defensively — to identify and patch vulnerabilities in critical systems before similar capabilities become widely available. It is hard to overstate how unusual this is. A company sat on what could be an enormously valuable commercial product because it judged the risks to global infrastructure too high. In an industry defined by rapid releases and competitive pressure, that decision deserves recognition.
But it should also make us uneasy. Because for all its promise, Project Glasswing exposes a deeper problem: the future of global cybersecurity may be shaped not by public institutions, but by the internal decisions of a handful of private companies.
Anthropic decided Claude Mythos Preview was too dangerous to release. It chose who would get access to it. It defined what counts as “defensive use.” And it will ultimately decide when systems with similar capabilities are safe enough for broader deployment.
That may be the right call. But it is still a private call. We have seen this pattern before in other high-stakes industries and rejected it. Banks do not determine their own capital requirements without oversight. Drug companies cannot unilaterally declare their products safe. Nuclear operators are not left to design their own inspection regimes. In each case, society concluded that even well-intentioned companies should not be the sole gatekeepers of technologies with systemic risk. Artificial intelligence is now at that point.
What would a more credible system look like? Start with independent verification. Today, when an AI company says a model is too dangerous or safe enough, there is no widely trusted external body that can rigorously audit that claim. That is a glaring gap.
Then consider coordination across the industry. Anthropic’s restraint matters little if a competitor races ahead. Systems from OpenAI, Google DeepMind or others may soon reach similar or greater capability levels. Without shared guardrails, the incentives to move fast will remain powerful.
There is also the question of representation. Project Glasswing is composed almost entirely of large corporations. They bring expertise and resources, but they do not represent everyone affected by these technologies. Small businesses, governments in the developing world and civil society groups have little say in how risks are prioritised or mitigated.
Finally, there is the issue of infrastructure. Some forms of safety, especially in cybersecurity, should not depend on the budgets or strategies of individual companies. They require sustained public investment and international cooperation.
The writer is a Distinguished Fellow at the Avinyum Foundation and former Managing Director of CGI India
Published on April 9, 2026


























