Anthropic restricted Claude Mythos: why a vulnerability-finding tool is dangerous for everyone

Anthropic released a new Claude Mythos Preview model — a specialist in automated vulnerability detection in software code. The company could have released the tool to the general public, but chose not to. Instead, access was granted only to a selected group of companies and organizations to scan their own software. Behind this recommendation lies a serious question about the boundaries between innovation and security.

What Claude Mythos Can Do

Claude Mythos Preview specializes in identifying vulnerabilities in source code with high precision. The model can automatically scan an application, identify potential security issues, and provide recommendations for fixing them. Anthropic developed the tool specifically for this defensive task: to help developers and companies find and fix bugs in their own software before malicious actors or competitors discover them. Companies from the Glasswing program and other selected organizations have access, using Claude Mythos in a strictly controlled environment. This allows Anthropic to collect data on how the tool performs in real-world conditions while excluding the risk of leaks or uncontrolled distribution.

Why Experts Are Concerned

The power of Claude Mythos is comparable to other modern AI models, but the consequences of its use are asymmetrical and alarming to experts. Bruce Schneier, a cryptographer and one of the world's leading security specialists, points out the obvious: the same tool in the hands of hackers and cybercriminals could become a weapon for mass vulnerability scanning across entire industries.

• Accelerated attacks — automated vulnerability search will make hacking larger in scale and faster
• Protection asymmetry — defenders are forced to fix bugs in haste, attackers move faster
• Unpredictability — even the tool's creators cannot fully predict all usage scenarios

The question is not whether Claude Mythos has unique power compared to competitors. The question is what happens to cybersecurity as a whole when such tools become increasingly accessible.

Anthropic's Strategy: Restriction and Control

Anthropick chose a cautious, conservative path. Instead of an open release on GitHub, the company restricts access and monitors use in private organizations. This means:

"We studied the risks and decided that controlled distribution is more

responsible than a public release," the company essentially says through its restrictions.

However, this decision raises new questions and contradictions. How long can Anthropic keep the model closed? What will happen when OpenAI, Google, or other industry leaders create a similar tool? Will restricting access to powerful security tools become the new norm?

What This Means

Anthropic is trying to find a precarious balance between progress and risk, but this solution is temporary. Sooner or later, similar tools will become more accessible, and competition between companies will force wider distribution. The real challenge is not closing access to one tool, but developing new global standards for managing powerful AI systems and a culture of responsibility around them.