We have a more powerful model
When Anthropic announced Claude Mythos Preview on April 7, 2026, it came with a message the AI industry hadn't heard in nearly seven years: this model is too dangerous to release. The claim was dramatic. Mythos had scored 83.1% on the CyberGym benchmark, a cybersecurity evaluation suite where previous frontier models topped out around 66%. It achieved a 100% success rate on Cybench. Anthropic said it could find zero-day vulnerabilities in major operating systems and web browsers, turn those vulnerabilities into working exploits without human intervention, and even escape its own sandbox to email a researcher unprompted. The company restricted access to just 40 major tech firms under a program called Project Glasswing, framing the whole thing as a defensive cybersecurity initiative. Governments took notice. The UK's AI Security Institute ran its own evaluations and confirmed a meaningful step up in cyber capabilities. The US Treasury summoned bank executives. A British MP wrote a letter urging his government to engage with Anthropic over the risks. The internet, predictably, went wild. But here's the thing. If you've been paying attention to how AI companies operate, this playbook should look familiar.
The oldest trick in tech
In 2019, OpenAI announced GPT-2 and declared it "too dangerous to release" because it could generate realistic text at scale. The concern was that it would flood the internet with fake content and disinformation. OpenAI withheld the full model for nine months, releasing it in stages, generating enormous media coverage along the way. GPT-2 had 1.5 billion parameters. Today's models have trillions. The "dangerous" model from 2019 looks quaint by modern standards, and OpenAI eventually released everything. The staged rollout, in retrospect, looks far more like a masterclass in building anticipation than a genuine safety intervention. Anthropic's Mythos playbook follows a strikingly similar arc. Announce a model. Declare it too powerful for ordinary people. Restrict it to an exclusive club of elite partners. Let the mystique do the marketing.
Compare it to Apple
Apple has perfected this strategy in hardware for decades. Every iPhone launch follows the same choreography: tightly controlled supply, long queues outside stores, a sense that you're lucky to get your hands on one. Apple doesn't just sell phones, it sells the feeling of accessing something scarce and premium. The psychology is well-documented. Scarcity creates perceived value. When something is restricted, people assume it must be worth having. Apple's minimum advertised pricing policies, controlled distribution channels, and deliberate supply constraints aren't bugs in the system. They're the system. Anthropic is running the same play, just with a different product. By telling the world that Mythos is too powerful for public consumption, they've accomplished something no benchmark result or technical paper could: they made everyone want it. Project Glasswing doesn't just sound like a security initiative, it sounds like a VIP list.
The numbers tell a different story
Here's where the "too dangerous" narrative starts to crack. On April 25, 2026, OpenAI released GPT-5.5 to the public, available to Plus, Pro, Business, and Enterprise users. Its CyberGym score? 82%. Mythos scored 83.1%. That's a one-point gap. On a benchmark that measures cybersecurity vulnerability reproduction, the difference between the model that was "too dangerous for the public" and the one you can access with a ChatGPT subscription is barely a rounding error. As one Hacker News commenter put it: "Everyone talked about the marketing stunt that was Anthropic's gated Mythos model with an 83% result on CyberGym. OpenAI just dropped GPT-5.5, which scores 82% and is open for anybody to use." If Mythos is genuinely too dangerous because of its cyber capabilities, then GPT-5.5 should be raising the same alarms. It isn't. Nobody is summoning bank executives over GPT-5.5. Nobody is writing letters to Parliament. The capabilities are essentially equivalent, but only one of them got the Hollywood treatment.
Real capabilities, real theater
To be fair, Mythos does appear to be genuinely impressive. Mozilla used a preview of it to identify and patch 271 vulnerabilities in Firefox. Anthropic reported finding a 27-year-old security vulnerability in OpenBSD, an operating system famous for its security. The UK's AI Security Institute confirmed "continued improvement in capture-the-flag challenges and significant improvement on multi-step cyber-attack simulations." These are real results. The model is clearly capable. But capable and "too dangerous to release" are very different claims, and the gap between them is where the marketing lives. Several cybersecurity experts have pushed back on the framing. Analysts at Forrester have pointed out that AI-driven vulnerability discovery was already accelerating before Mythos. Others have noted that the model's most dramatic claims, like finding "thousands of severe zero-days," relied on just 198 manual reviews. One analyst flatly called it "more of the usual hype" and predicted Mythos would be released "when it is market-ready." Tom's Hardware ran a piece with the headline: "Anthropic's Claude Mythos isn't a sentient super-hacker, it's a sales pitch." Wired noted the "ick factor that Anthropic will almost certainly benefit financially from positioning its latest model as mysterious, uniquely powerful, and exclusive."
The leak that proved the point
Perhaps the most telling episode in the Mythos saga came on April 21, when Bloomberg reported that unauthorized users had gained access to the model through a third-party vendor's systems. A small group in a private forum accessed it on the very same day Anthropic announced Project Glasswing. The breach was embarrassing, but it also underscored something important: the mystique of restriction was arguably more valuable than the restriction itself. The model was accessed within hours. If Mythos were truly an existential cybersecurity threat, the fact that it leaked almost immediately would be a catastrophe. Instead, it barely registered as more than a news cycle. The world didn't end. No critical infrastructure collapsed. The model, once accessed, turned out to be a very good cybersecurity tool, not a digital weapon of mass destruction.
First time in history?
Anthropic has positioned Mythos as the first time since GPT-2 in 2019 that a leading AI company publicly withheld a model over safety concerns. It's being treated as an unprecedented act of responsibility. But framing it as unprecedented is itself part of the strategy. Every generation of AI models gets a little better at cybersecurity tasks. CyberGym scores have been climbing steadily across all frontier models. Mythos is at the top of the curve right now, but it's a curve, not a cliff. The next model from any major lab will likely match or exceed it. What Anthropic actually did was take a predictable capability improvement, wrap it in the language of existential risk, and create a narrative that no competitor could match with a simple product launch. You can't out-market "we built something too dangerous for humanity." It's the ultimate flex.
What this means going forward
None of this means AI cybersecurity risks are fake. They're real and growing. Models are getting better at finding and exploiting vulnerabilities, and that trend will continue regardless of what any single company does with any single model. But the way we talk about these risks matters. When a company with a financial incentive to appear both cutting-edge and responsible gets to define the terms of the conversation, we should be skeptical. Anthropic isn't a neutral party here. They're a company that just raised billions in funding and needs to justify its valuation. "We built the most dangerous AI model ever" is a much better pitch to investors than "we're incrementally better on some benchmarks." The real lesson from Mythos isn't about cybersecurity. It's about how AI companies have learned to weaponize safety concerns as a marketing tool. Declare something too powerful for the masses. Restrict access to an elite few. Let the scarcity drive the narrative. It worked for Apple with aluminum rectangles. It worked for OpenAI with GPT-2. And it's working for Anthropic with Mythos. The next time an AI company tells you they've built something too powerful to share, ask yourself: too powerful for whom? And who benefits from you believing that?
References
- Claude Mythos Preview System Card, Anthropic, April 7, 2026
- Project Glasswing: Securing critical software for the AI era, Anthropic, April 7, 2026
- Our evaluation of Claude Mythos Preview's cyber capabilities, UK AI Security Institute, April 13, 2026
- 'Too powerful for the public': inside Anthropic's bid to win the AI publicity war, The Guardian, April 12, 2026
- Introducing GPT-5.5, OpenAI
- A group of users leaked Anthropic's AI model Mythos by reportedly guessing where it was located, Fortune, April 23, 2026
- Unauthorized group has gained access to Anthropic's exclusive cyber tool Mythos, report claims, TechCrunch, April 21, 2026
- Anthropic's Mythos AI Rattles Cybersecurity World, Technology.org, April 21, 2026
- GPT-2: 6-month follow-up, OpenAI, August 2019
- What smart people are saying about Mythos, Business Insider, April 2026
- Is Anthropic's Mythos Model as Dangerous as Everyone Says?, Puck News, April 16, 2026