That’s what Anthropic’s Mythos package is. Anthropic already has released it to 50 companies and organizations, and now it wants to release Mythos to an additional 70. This would be a terrible mistake of highly destructive proportions for our national security. The White House is entirely correct to object and to move to get Anthropic to not release it further.

In my not very humble opinion, the 50 releasees already are ‘way too many. As The Wall Street Journal‘s news writer noted, Mythos is fully capable of find[ing] and exploit[ing] software vulnerabilities.

As such, Mythos is the beginnings of both a powerful offensive weapon and a critically proactive defensive tool. Release it too widely, and it becomes a powerful offensive weapon and critically proactive defensive tool in the hands of our enemies. Leaks happen. As the adage so correctly has it, telling a secret to three people makes it no longer secret. Fifty is dangerously larger than three, and those additional seventy guarantee widespread access to Mythos by our enemies.

The better solution would be to leave Mythos in its currently restricted release state, and let Anthropic, or DHS/DoD apply it on request to any company wanting its software inspected for vulnerabilities. Let DHS/DoD encourage companies above a size (TBD) to ask for the inspection, with that inspection coming at a nominal fee. Companies above that size that do not apply for a Mythos inspection that are then successfully cyber attacked should be fined heavily for their negligence. With the availability of a tool like Mythos, the existence of a successful cyber attack would be prima facie evidence of the victim’s negligence.