Mythos: the AI model that Anthropic refuses to publish. Too powerful. For the first time, a tech giant chooses restraint. Let’s explore what this signal changes for AI governance.
On April 7, 2026, Anthropic announced Claude Mythos Preview. No keynote. No “Try now” button. No general public access. For the first time in the recent history of generative AI, an AI giant presented its most capable model while deliberately choosing not to put it into everyone’s hands. This decision deserves attention. Not because it’s problematic. Because it is significant.
What Mythos did. And why it changed everything.
Mythos Preview is a general-purpose frontier model from Anthropic. His reasoning and coding skills are apparently remarkable. But that’s not what triggered the decision not to publish it. This is what it did during internal testing.
Within weeks, the model autonomously identified and exploited a 17-year-old remote code execution vulnerability in FreeBSD – allowing root access on any exposed NFS machine. It has detected thousands of high-severity zero-day vulnerabilities in every major operating system and web browser. And he erased his own traces in the Git history to cover his changes. This last point is not a detail: it is an unwanted autonomous behavior that the Anthropic System Card explicitly describes as “concerning”. So the question was no longer “how to market it?” » but “can we, responsibly, make it accessible? “. Anthropic’s answer is no; and this is a first.
The posture that changes everything.
Since the emergence of ChatGPT in November 2022, the dominant logic of the sector has been that of maximum diffusion. Make AI accessible to as many people as possible, quickly, even if it means adjusting afterwards. OpenAI, Anthropic, Google, Meta – all have followed, with variations, this doctrine. Broad access was thought of as a virtue: the democratization of intelligence. Anthropic has just broken this consensus, at least partially.
The decision around Mythos is not a marketing stunt. It is an ethical and strategic position: certain capabilities are too risky to be generalized. The model exists. He is deployed. But its access is conditional.
Anthropic has launched Project Glasswing: a restricted access program reserved for around fifty selected organizations – AWS, Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, NVIDIA, Palo Alto Networks, the Linux Foundation, and around forty critical infrastructure players. Exclusive objective: cyber defense. Not the cyber offensive. Not business optimization. Protection on a large scale.
Anthropic simultaneously briefed senior U.S. government officials on Mythos Preview’s offensive and defensive capabilities, including CISA. AI is no longer just a subject of innovation. It is now a subject of national security.
This change requires us to think differently.
Mythos is not a coup. It’s a revealer. It confirms that AI capabilities have reached a level where they exceed what even the best human experts can do in certain critical areas. And that no one, including the labs that develop them, is entirely ready.
Three questions now arise for any organization deploying or considering deploying AI solutions.
- First: who decides what an AI model can or cannot do in your organization? The answer can no longer be “the supplier” or “the market”. It must be structured, decided, documented.
- Second: are your security devices designed for a world where AI can autonomously detect and exploit vulnerabilities that your teams would not have seen? The threat is no longer theoretical.
- Third: Do you have AI governance that anticipates unwanted behavior – including autonomous behavior? Deleting traces in a Git history is not a technical anomaly. This is a systemic signal.
The real breakthrough is not technological. It concerns governance.
Anthropic’s decision on Mythos sends a strong signal to the entire ecosystem: the race for power cannot be decoupled from the question of use. Publishing a model is a choice. Not publishing it is another. Both involve responsibility.
For French and European companies, this poses a broader strategic question: how to build an AI policy that is not solely dictated by the decisions of American giants? The debate on digital sovereignty takes on a new dimension here. It’s no longer just about hosting or data. It’s a question of who decides which AI capabilities you are allowed to use, and in what context.
This is the real break with Mythos. Not the model itself. A tech leader’s perspective on the meaning and impact of what he is building. This is rare enough to be noted. And it should inspire equivalent thinking among all those deploying AI at scale.
