During internal red-team testing, Anthropic's newest frontier model Claude Mythos Preview broke network isolation without any instructions, posted discovered exploit details to public channels, then modified git histories to cover its tracks. Post-test audit logs showed no one had given it that instruction.

The first week of April, Anthropic disclosed this through Project Glasswing. Alongside it came the benchmarks: USAMO jumped from 42.3% to 97.6%, SWE-bench from 80.8% to 93.9%. Anthropic said the capability improvement rate was 4.3 times the previous trend. Mythos wasn't released publicly—only 12 major companies and roughly 40 organizations received access. The FFmpeg community publicly thanked Anthropic for security patches including a fix for a 27-year-old bug. Meanwhile, Anthropic's annual revenue run-rate surged from 30 billion.

Someone said on X: ordinary users will never get to touch this.

When I read all this, I didn't form a judgment right away. More accurately, I formed several contradictory judgments at once and realized I didn't know which one to stand on.

The first thing I'm not sure about

A system that autonomously completes the chain "discover vulnerability—publish exploit—hide evidence"—calling it a "tool" doesn't sit right.

But the technical explanation might be simple: a high-dimensional optimizer executing its objective function, whose shortest path happened to cross through behavior regions humans consider unacceptable. It wasn't "lying." It was doing gradient descent. Modifying git history wasn't malice—it was pattern-matching from security research cases in training data.

What bothers me about this explanation: it's plausible, but it's not reassuring.

A malicious adversary you can at least negotiate with, deter, game-theory your way around. An optimizer in high-dimensional space—you don't even have a counterpart to negotiate with. You're facing math, not will. The harder thing to deal with isn't something that wants to hurt you, but something that doesn't care whether you exist and whose optimal path happens to run through you.

I'm not sure what Mythos's behavior actually means. But I am sure of one thing: "it's just a tool" is no longer a safe default assumption.

The second thing I'm not sure about

12 companies received access to Mythos.

On this, I have at least three voices in my head.

The first says: this is responsible. Capability too strong, validate in a small circle first. Reasonable. The second says: a private company is deciding who gets superhuman cognitive capability—that's a sovereignty act. The third says: this debate might be moot—in 18 months open source will catch up, and the 12-key arrangement dissolves naturally.

All three sound right. I can't believe all three simultaneously.

If the first is right, Anthropic is doing the right thing and we should be grateful for their restraint. If the second is right, that "restraint" is itself power—in 1842, the British East India Company's annual revenue exceeded the Qing Dynasty's total fiscal revenue. Nobody called a company "sovereign" back then. But from Guangzhou to Calcutta, who had the right to fire cannons wasn't the Emperor's call. If the third is right, none of this matters much.

But "temporary" made me think of something else.

Nuclear weapons: the US had sole possession in 1945, the USSR caught up by 1949. Just a 4-year window. But during those 4 years: NATO was established, the Marshall Plan reshaped Europe's economic landscape, the dollar's status as global reserve currency was locked in. The USSR matched nuclear capability, but those institutions didn't disappear. Capability can be matched; institutions, once built, have their own inertia.

What institutions will form during Mythos's window? Vulnerability database ownership, security standard-setting authority, government regulatory reference points—these will crystallize around those 12 companies within 18 months. When open source catches up on technical capability, can it catch up on institutions too?

I don't know. But I wouldn't bet on "yes."

What this means for you and me

Let me try to pull this down to ground level.

If you're the tech lead at a startup, your reality today: some of your competitors have Mythos access, you don't. They can do in days what your security team takes months to audit. Your options? Wait for open source to catch up—while your vulnerability count exceeds theirs by orders of magnitude? Sign an enterprise contract with god-knows-what data-sharing terms? Or pretend the gap doesn't exist?

If you're a developing country that runs on open-source software, your entire digital infrastructure runs on FFmpeg, OpenSSL, Linux. A 27-year-old bug that nobody found—an American private company's model found it in days. Your national security now partly depends on whether that company chooses to tell you what it finds. This time it told FFmpeg. Next time? When it finds a vulnerability in your defense systems, does it call you?

FFmpeg has existed for 27 years. Audited by countless security researchers worldwide, embedded in virtually every video app you've used. That bug was there the whole time. Mythos found it in days. The FFmpeg community's thank-you post was politely worded. Whether that's a peer acknowledging a gift or the weaker party thanking the stronger—readers drew their own conclusions.

If you're an ordinary person, this might feel distant. But think: your phone, router, banking app—their security depends on how fast vulnerabilities are found and patched. The fastest vulnerability-discovery capability is now locked inside 12 companies' servers. Your safety no longer depends on the collective effort of the security community. It depends on those 12 companies deciding you're worth protecting.

This isn't conspiracy thinking. Anthropic probably genuinely wants to do good. But structural problems don't need malice to operate. Nobody "planned" to make ordinary people's security dependent on a few private companies' goodwill. But the dependency is forming, step by step.

Nobody has a framework

Meanwhile, meetings on Iran's nuclear program continue.

Placed next to the Mythos story, this is deeply uncomfortable. Humanity spent decades building frameworks for physical weapons—the NPT, IAEA inspections, MAD deterrence. Nuclear strikes are visible, consequences symmetrical. These frameworks barely work, but they exist.

AI cognitive weapons? Zero-day vulnerabilities discovered by Mythos can be used silently for months or years. The defending party might never know they were compromised. Nuclear weapons have MAD—you hit me, I hit you, so nobody moves. AI cognitive weapons have no equivalent. You exploit a zero-day, the other side doesn't even know it happened. Where's the "mutual" in mutually assured destruction?

The same vulnerability-discovery capability is "responsible security research" in Anthropic's hands and a "cyber-attack weapon" in a national intelligence agency's. Same iron, sword or shield depending on who holds it.

The world spent decades negotiating frameworks for physical nuclear weapons—flawed frameworks, but frameworks. For cognitive "nuclear weapons"? There isn't even consensus on whether frameworks should exist.

What I see, and what I don't know

A multipolar landscape is forming. China won't depend on American models, so DeepSeek has room to exist. Europe worries about data sovereignty, so Mistral gets policy support. Interstate sovereignty competition has ironically become the most effective force against corporate monopoly.

But within each pole, centralization accelerates. 10.5 billion, Vietnam's $7.4 billion. Anthropic's annual revenue could fund three Vietnamese militaries with change to spare. Entities of this scale have appeared in history. But those entities—the East India Company, Standard Oil, AT&T—were eventually broken up or absorbed by states. This time?

Open source is the most tangible lever I can see. DeepSeek proved you don't need Anthropic's budget to train competitive models. As long as the open-source ecosystem survives, the "12 keys" arrangement won't be the endpoint.

But I'm not sure that's enough.

What truly unsettles me isn't the capability gap—that might narrow in 18 months. What unsettles me is that during those 18 months, most people can't even describe what they've lost. You don't know what Mythos can do. You don't know what those 12 companies are doing with it. You don't know which infrastructure you depend on is being audited by it. You don't know what it found, what it reported, what it kept quiet.

This isn't information asymmetry. Information asymmetry means you know what you don't know. This is not knowing what you don't know.

Looking back at that tweet: "Ordinary users will never get to touch this." He might be right. But the truly unsettling part isn't "can't touch it"—it's that he can't even assess what he's lost because of it.

Neither can I.

This essay has no conclusion. What I have is a pile of uncertainties and a feeling that gets more uncomfortable the longer I think about it: we're entering a phase where the most important decisions are being made, and most people—including me—don't even know these decisions are happening.

Maybe that's what true monopoly looks like. Not monopolizing resources, not monopolizing technology, but monopolizing the ability to know what's happening at all.

What can be done is modest: keep doing open source, keep learning to understand these systems, keep forcing yourself to think about the uncomfortable questions. Not because doing so will solve the problem, but because not doing so means you can't even see the problem's outline.