AI 'Too Dangerous to Release' Gets Full Rollout in Weeks—The Core Contradiction Behind Anthropic's Mythos Policy Reversal

Published: 2026-05-30

Anthropic announced plans to deploy Mythos-class AI to all customers within weeks—the same model it deemed too dangerous for public release due to cybersecurity risks just weeks prior. We examine the contradiction, the reasoning, and what it means for AI governance.

AI Deemed “Too Dangerous to Release” Is Now Coming to Everyone—What Changed?

In April 2026, Anthropic announced it would not release its most advanced AI model, “Claude Mythos,” to the general public due to unacceptable cybersecurity risks. Then, on May 28th—just weeks later—the company reversed course, announcing plans to make Mythos-class models available to all customers within weeks. The decision sent shockwaves through the technology community and among regulators worldwide.

What changed? And does the explanation—“we’ve developed stronger safeguards”—actually resolve the contradiction? This article examines the latest information to find out.

What Is Mythos—And Why Was It Considered “Too Dangerous”?

Unprecedented Vulnerability Discovery Capabilities

Claude Mythos was announced as a limited preview on April 7, 2026, as Anthropic’s top-tier AI model. Its capabilities set it apart from any previous AI model.

According to Anthropic’s official report, Mythos can autonomously discover and exploit vulnerabilities in every major OS and every major browser. In a demonstration, it autonomously identified and exploited a 17-year-old remote code execution vulnerability in FreeBSD’s NFS server (CVE-2026-4747).

The scale and speed were equally alarming:

  • Over 2,000 zero-day vulnerabilities discovered in just 7 weeks (estimated to be approximately 30% of all vulnerabilities discovered by humanity in a year)
  • Over 99% of discovered vulnerabilities remained unpatched at time of publication
  • More than 10,000 high and critical vulnerabilities detected in one month of operation through Project Glasswing

These numbers describe not merely a “high-performance security tool” but a weapon-grade capability that could cause catastrophic damage in the wrong hands.

Project Glasswing: A “Controlled Experiment”

Given these risks, Anthropic declined to release the model publicly and instead launched “Project Glasswing,” a limited access program.

Participating organizations included approximately 40 major technology and financial firms: Amazon Web Services, Apple, Microsoft, Google, NVIDIA, CrowdStrike, JPMorgan Chase, and others. The scope was strictly limited to defensive cybersecurity work—using Mythos to fix the vulnerabilities it discovered.

Global regulators took notice. Federal Reserve Chair Jerome Powell and Treasury Secretary Scott Bessent convened major bank CEOs to discuss Mythos risks. Bank of England Governor Andrew Bailey demanded a direct meeting with Anthropic. The IMF warned that “AI-enabled cyber risk should be treated as a financial stability issue.”

The Reversal—“All Customers Within Weeks”

The “Bombshell” Buried in the Claude Opus 4.8 Announcement

On May 28, 2026, Anthropic announced the new model “Claude Opus 4.8”—released just 41 days after its predecessor, an unusually short cycle. However, this article is not about Opus 4.8 itself.

Within the same announcement, a separate sentence shocked the industry. It concerned the policy shift on when and how Mythos-class models—deemed “too dangerous” for public release in April—would be rolled out to all customers:

“We are rapidly advancing safety measure development and expect to be able to offer Mythos-class models to all customers within weeks.”

Equivalent capabilities to the model deemed “too dangerous” in April—now available to everyone worldwide, in a matter of weeks. The speed of the reversal surprised many experts.

What This Article Is Actually About: The Forthcoming Mythos-Class Rollout

An important clarification: Opus 4.8 and Mythos are separate models, announced on the same day. Opus 4.8 is a routine flagship model update and is not the subject of the contradiction this article examines.

What this article addresses is the Mythos-class model Anthropic plans to deploy to all customers within weeks, as signaled in the sentence above. A model with vulnerability-discovery capabilities equivalent to the Claude Mythos limited preview from April—moving beyond Project Glasswing’s restricted access to general availability. That decision is the core of this article’s argument.

The Core Contradiction—Do “Safeguards” Actually Eliminate the Risk?

The Asymmetry Between Capability and Risk

A fundamental question arises: Can “enhanced safeguards” resolve the risk posed by the capabilities themselves?

Anthropic’s claim is that it has “developed stronger safeguards.” But the core problem lies in what the model can do.

Original Judgment (April) Current Plan (Late May) The Contradiction
“Vulnerability discovery capability is too dangerous” Offering Mythos-class to all customers If capability is equivalent, so is the danger
“Misuse risk is unacceptable” General release planned Misuse risk is fundamentally unchanged
“Use restricted to cyber defense” Rollout to all customers Use restrictions become practically unenforceable

Safeguards do not change what the model is capable of. Access controls and terms of service can try to prevent misuse by “choosing who uses it,” but they do not “reduce the danger of the capability itself.”

A Self-Contradiction: “No Adequate Safeguards Exist”

Even more striking is what Anthropic itself acknowledged. In an early Project Glasswing update, the company stated:

“At this time, no company—including Anthropic—has developed safeguards sufficient to prevent the misuse of such models and stop serious harm.

This statement was made on May 22nd. Six days later, on May 28th, the company announced plans to release to all customers within weeks. The implication: in just 6 days, the company achieved visibility into completing safeguards that no one had yet managed to develop. No adequate explanation for this reversal has been provided.

The Invisible Factor: Competitive Pressure

Impossible to ignore in this reversal is competition.

The May 28th announcement as a whole—Opus 4.8’s release and the Mythos rollout policy shift—came against a backdrop of rapid competing releases from OpenAI’s Codex and Google’s Gemini Flash. Some users had voiced disappointment with Opus 4.7, giving Anthropic strong incentive to accelerate. The distinction that matters—“releasing because the safety issues are resolved” versus “needing to release for competitive reasons, so framing safeguards as complete”—is one that is very difficult to observe from the outside.

Expert Perspectives—“The Threat Is Already Here”

Existing Models Can Already Discover Zero-Days

Security experts offer a contrasting perspective.

Claudia Klock, CEO of security firm Vidoc, told CNBC: “The models we have right now are already powerful enough to discover zero-days at scale—and that itself is already terrifying. This situation has been going on for months, or even a year.”

From this perspective, the question around Mythos’s release shifts from “will this create new risks” to “how do we deal with risks that already exist.”

The “Defense Window” of 6–12 Months

Anthropic CEO Dario Amodei has stated there is a 6–12 month window before adversaries develop models with equivalent capabilities to Mythos. Using that window to patch vulnerabilities is the primary justification for deploying Mythos for defensive purposes.

Through Project Glasswing, as of May 2026, 530 high and critical vulnerabilities have been reported, with 75 patched. A critical vulnerability in wolfSSL (CVE-2026-5194)—an encryption library used by billions of devices—was also discovered and fixed.

The logic of acting while defenders still have the advantage is understandable. But that justifies limited, controlled deployment—not necessarily full rollout to all customers.

What to Watch Going Forward

If Mythos does reach general release, the following will be critical:

Technical

  • Whether the specific content of “safeguards” is publicly disclosed
  • How effective misuse detection and blocking systems prove to be
  • The overload problem for open source project maintainers (requests to “slow the pace of disclosure” have already emerged)

Regulatory and Policy

  • How G20 financial regulators respond
  • Progress on expanding Project Glasswing to US and allied governments
  • Alignment with EU AI Act and national cybersecurity regulations

Competitive

  • Status of competing vulnerability-discovery AI development (e.g., China’s Qihoo 360)
  • Risk scenarios if the assumption of “defenders having a head start” breaks down

Conclusion

Anthropic’s Mythos policy reversal cuts to the heart of the debate over AI safety.

“We can release it because we’ve strengthened safeguards” sounds reasonable on its surface. But taken together—the fact that the underlying capabilities haven’t changed, Anthropic’s own statement that no one had adequate safeguards yet, and the very real backdrop of competitive pressure—the explanation of “safety is now assured” falls short.

The Mythos question is not simply about one company’s decision-making. It is a fundamental AI governance question for our era: when AI capabilities reach the level of directly affecting human societal infrastructure, who decides whether to release—and how?

The general release is weeks away. The world is watching to see what those “safeguards” actually contain.

This article is based on publicly available information as of May 30, 2026.

Related Articles

What Is Claude Fable 5? A Complete Guide to Anthropic's Most Powerful AI Model—Performance, Pricing, and How to Use It

2026-06-10

A detailed guide to Claude Fable 5, released by Anthropic on June 9, 2026. We cover the first publicly available Mythos-class model—its performance, pricing, benchmarks, and how it compares to Opus 4.8.

« Back to Blog