Anthropic announced this week that it is restricting access to its latest model, named Mythos, due to its heightened ability to identify security vulnerabilities in widely used software. Rather than making Mythos publicly available, the frontier AI lab will provide it to a select group of major corporations and institutions that manage essential online infrastructure, including Amazon Web Services and JPMorgan Chase. Reports indicate that OpenAI is contemplating a comparable strategy for its upcoming cybersecurity tool.

The stated rationale is to enable these large enterprises to stay ahead of malicious actors who might use advanced large language models to breach secure systems. However, the phrasing around this release strategy suggests considerations beyond just cybersecurity or showcasing model performance.

EMBED_PLACEHOLDER_0

Lahav raised a pertinent question: “The question I always have in my mind is did they find something that is exploitable in a very meaningful way, whether individually, or as part of a chain.”

According to Anthropic, Mythos demonstrates a significantly greater capacity to exploit software vulnerabilities compared to its predecessor, Opus. Yet, it is uncertain whether Mythos represents the ultimate solution in cybersecurity modeling. The AI cybersecurity startup Aisle reported that it could achieve similar results to those claimed for Mythos using smaller, open-weight models. Aisle’s team contends that these findings indicate there is no single universal deep learning model for cybersecurity; effectiveness varies depending on the specific task.

Given that Opus was already considered transformative for cybersecurity, there may be another motive for frontier labs to limit releases to large organizations. This approach fosters a cycle of lucrative enterprise contracts while complicating efforts by competitors to replicate their models through distillation—a technique that uses advanced models to train new LLMs cost-effectively.

David Crawshaw, a software engineer and CEO of the startup exe.dev, commented on social media, suggesting this strategy serves as “marketing cover for [the] fact that top-end models are now gated by enterprise agreements and no longer available to small labs to distill.” He added, “By the time you and I can use Mythos, there will be a new top-end rev that is enterprise only. That treadmill helps keep the enterprise dollars flowing (which is most of the dollars) by relegating distillation companies to second rank.”

This perspective aligns with observable trends in the AI ecosystem: a competition between frontier labs developing the largest, most capable models and companies like Aisle, which utilize multiple models and view open-source LLMs—often originating from China and allegedly developed via distillation—as a route to economic competitiveness.

Frontier labs have adopted a stricter stance on distillation this year. Anthropic has publicly disclosed what it describes as attempts by Chinese firms to copy its models, and a Bloomberg report noted that three leading labs—Anthropic, Google, and OpenAI—are collaborating to identify and block entities engaged in distillation.

Distillation poses a threat to the business models of frontier labs because it undermines the competitive edge gained from massive capital investment in scaling. Preventing distillation is therefore a strategic priority, and a selective release model not only supports this goal but also allows labs to distinguish their enterprise offerings as this segment becomes crucial for profitable deployment.

Whether Mythos or any new model genuinely endangers internet security is still uncertain, and a cautious rollout of such technology is a prudent measure. Anthropic did not respond to inquiries about whether its decision is also influenced by concerns over distillation before publication. The company may have devised an astute strategy to safeguard both the internet and its financial interests.