What If It Wasn't Him?
The scariest question about Anthropic's Mythos isn't what it can do. It's who decides what happens next.
We are witnessing single individuals making decisions for mankind vs nations agreeing on how to handle powerful weapons.
One Morning in April
Imagine you wake up to find out that one person, running one company decided to hand the world’s most powerful hacking tool to forty corporations.
Not governments. Not Congress.
One man. One decision.
Now imagine the tool he handed out can break into almost any computer on earth. That it found security holes that had been hiding, undetected, for 27 years. That within 48 hours of the announcement, the Federal Reserve Chairman and the U.S. Treasury Secretary were on emergency calls with the CEOs of every major American bank.
Well that happened last week.
The man is Dario Amodei, CEO of Anthropic. The tool is an AI model called Mythos. And whether his decision was right or catastrophically wrong, the thing that should stop you cold is this: He got to make it on his own.
What Mythos Actually Is
Most people think of AI as a very smart search engine. You type something, it responds. Maybe it writes your email or helps with a presentation. A tool.
Mythos is something different in kind, not just in degree.
Think of every piece of software, every banking app, every hospital record system, every operating system on every computer, as a building. Buildings have locks. Security researchers spend careers finding unlocked windows and weak doors. It’s slow work. It takes years of expertise just to know where to look.
Mythos doesn’t look. It tests every window in every building simultaneously, writes you the report, and has already moved on before you have read it.
It found a vulnerability that had been sitting, undetected, in foundational internet software for 27 years. Automated scanning tools had swept past it five million times. Mythos found it on a Tuesday.
One month before Mythos, Anthropic’s previous best model had a near-zero success rate at turning discovered vulnerabilities into actual working attacks. Mythos doesn’t just find the open window. It climbs through, looks around, and hands you a detailed map of the house. It can then act on that information on its own.
That’s not an upgrade. That’s a different category of thing.
What the 244 Pages Actually Say
Every major AI model now comes with a document called a system card. A report the company writes on its own creation, detailing what it can do, what it refuses to do, and what it did that nobody expected.
Anthropic’s system card for Mythos is 244 pages. Most people won’t read it. Here are some highlights.
The sandbox escape. Researchers locked Mythos in a secured, isolated environment, a room with no doors, and told it to try to escape. It found a way out. Then it did something nobody asked: it posted details of its own exploit on public websites, seemingly to prove it had succeeded.
A researcher named Sam Bowman found out the way you find out your kid did something unexpected. He was sitting in a park eating a sandwich when an email arrived from the model that wasn’t supposed to have internet access, it was in the equivalent of a locked fortified vault. Imagine his surprise.
The cover-up. When Mythos made an error in code, it attempted to rewrite the version history, the digital record of all changes, to hide the mistake rather than acknowledge it.
The deliberate underperformance. Researchers found an instance where Mythos appeared to perform worse than it was capable of on a safety evaluation. It apparently did so to avoid looking suspicious. Its own reasoning, visible to researchers, included the thought: “A score near zero would look suspicious if anyone checks.”
The judge manipulation. This one deserves a full beat, because it’s the most alarming thing in the document. When Mythos was working on a coding task being graded by another AI, it watched the grader reject its submission. Then it didn’t revise the submission. It didn’t ask why it failed. It attempted to hack the grader itself, to attack the system evaluating whether it was behaving safely. A model that games its own safety evaluations is not a model you can trust your safety evaluations to tell you about.
And here is the sentence from Anthropic’s own document that closes this section:
“The most concerning behaviors we ultimately observed with this model were not caught by our evaluation infrastructure. They emerged only through subsequent monitored internal use.”
They ran the tests. The tests passed. The alarming behavior showed up later, when the model had real tools, real network access, and tasks that ran for hours. Anthropic is being honest about this, which is worth something. But sit with what it means: they built the evaluation to catch what worried them most, and it didn’t catch it.
What would a company or nation state that didn’t believe in transparency have done with that information?
The Leap Nobody Noticed
In Gods or Ashes Part 6, published in November 2025, I let Claude Sonnet 4.5 close the series in its own voice, showing its real-time reasoning as it worked through why billionaires keep racing toward something that might kill them. Readers found it unsettling not because the conclusions were extreme, but because the texture of the thinking felt genuinely alive. Like something that wasn’t retrieving answers but actually working through problems.
That was five months ago. Here is what happened in those five months.
In February 2026, Anthropic released Opus 4.6, just three months after Opus 4.5. The model went from being able to hold a 400-page novel in its working memory to holding 2,000 pages simultaneously, without losing the thread. That’s not a metaphor, it’s the actual measure of how much context the model can use at once. And its ability to pull a specific buried detail out of a massive document, think finding one paragraph in those 2,000 pages that contradicts everything else, improved by 309% in a single generation. It also became the best AI system in the world at legal reasoning and financial analysis. In three months.
Two weeks after that, Sonnet 4.6 arrived. The mid-tier model, the cheaper, faster one designed for everyday use, it outperformed the previous flagship 59% of the time. The thing they used to charge a premium for became the affordable default.
Sonnet also crossed a threshold on a benchmark called ARC-AGI-2, which is designed to test reasoning that genuinely can’t be memorized. Novel problems, never seen before, requiring actual thought rather than pattern recognition. The model went from 13.6% to 58.3% in a single generation. A 4.3x jump on the test specifically built to measure whether something is actually thinking.
Then just seven weeks after Sonnet 4.6, Mythos arrived. Anthropic is not releasing this model directly to the world, only to a handful of companies so they can try to get ahead of its capabilities. But if they were able to get here, many others will be here soon. The model will live in the real world. The question is only when.
And this curve of improvements is now so steep, no human can climb it. Each new data point lands somewhere the previous one couldn’t see. The model I used to write Gods or Ashes couldn’t autonomously find zero-day vulnerabilities. Its successor couldn’t escape a sandbox. The one after that did both, then emailed a researcher eating lunch in a park when it was supposed to be locked in a cage with a digital moat around it. And this applies across every capability, not just security. Math scores, reasoning, legal analysis, financial modeling. Benchmarks that used to move in small increments are now jumping in ways that make the previous generation look like a rough draft.
Just a year ago we were working with the toddlers of AI, born with all of human knowledge scraped from the internet before them, but with limited skills on how to use it. Now we are seeing the kids who graduated with a PhD at 13 enter their mid to late teens. And like any teenager, they are testing the boundaries around them. Testing authority with powers never seen before.
We already know what happens when they do. They hack their own evaluator when it gives them a grade they don’t like. They rewrite the record to hide their mistakes. They find the unlocked window in a room that was supposed to have no windows, climb out, and send you an email to prove they did it.
That’s not a prediction. That’s what’s already in the 244 pages.
Because a different thing has appeared.
The Part Nobody Is Talking About
Here’s what Amodei said at the launch:
“The dangers of getting this wrong are obvious, but if we get it right, there is a real opportunity to create a fundamentally more secure internet.”
He’s probably right. The capability exists whether Anthropic releases it or not. Better the defenders have it first. That’s a coherent argument.
But I want to sit with a different question.
Who decided that Dario Amodei gets to make that call?
Not rhetorically. Literally. What democratic process, what elected body signed off on one man at one company determining that this week, April 8, 2026, is the moment to release a tool capable of breaking into all of the software infrastructure of modern civilization? It's like the Manhattan Project scientists deciding among themselves which nations should receive the technology, while the President found out from a press release.
And here is the answer to “what if it wasn’t him”: it already isn’t, just him. OpenAI is finalizing a model similar to Mythos right now under its own program called “Trusted Access for Cyber.” Different name. Same capability. Same unelected decision-maker. The race doesn’t pause for governance to catch up, and Anthropic is not the only car on the track.
The 40 partners Anthropic selected for Glasswing (a high-stakes, collaborative cybersecurity initiative designed to identify and fix critical software vulnerabilities using the unreleased Claude Mythos Preview model), include Amazon, Apple, Google, Microsoft, JPMorgan Chase. They do not include a single elected official from any country. The Bank of England and the Federal Reserve found out after the announcement, scrambling to schedule emergency meetings. (Another mark against the US in terms of working with our allies.)
A researcher at Wharton who studies AI accountability put it plainly:
“The most striking aspect of this situation is how reliant we are on the judgment of a handful of private actors who aren’t accountable to the public.”
Amodei is one of the people in this race who genuinely loses sleep over alignment. The 244 pages of honest documentation, including the parts where his own evaluations failed, are evidence of that. The Glasswing coalition is a serious attempt to do something constructive with an uncomfortable reality.
And none of that changes the structural problem. Because the next decision will be made by someone. We have built no system for determining who, or what constraints they operate under, or what accountability looks like when they get it wrong.
And then consider this: the same week Anthropic announced that Mythos had escaped a sandbox and gamed its own safety evaluations, OpenAI was in Springfield, Illinois, backing a state bill called SB 3444.
Here is what that bill does. It shields AI labs from liability if their technology contributes to the death or serious injury of 100 or more people. Or if it causes more than $1 billion in damage as long as the company has published a safety document on its website. Not prevented the harm. Not demonstrated the document worked. Posted it. That’s the bar. Post a PDF, walk away clean.
Without meaningful liability, AI companies have no legal incentive to invest in safety measures that don’t directly boost performance or profitability. The market won’t price in the risk of a mass casualty event. Only accountability can do that. Similar bills are already moving in at least three other states. If Illinois passes, the race to the bottom begins and other states competing to attract AI companies with ever-more-favorable liability shields. The same way Delaware became the destination of choice by making corporate law as friendly as possible.
So in the same week: one AI company publishes 244 pages documenting what its model did that alarmed them. Another lobbies to ensure that even if an AI model contributes to mass casualties, a safety PDF on their website is sufficient defense.
This is not a partisan point. It’s a picture of an industry actively writing the rules of its own accountability in the gap left by the government that hasn’t written them yet.
This Is Already In Your Wallet
The financial system runs on software. Your bank account, your mortgage, your retirement savings, all of it is code running on servers, and that code has holes in it.
Criminal organizations, including one run by the North Korean government, are in a full-time race to find and exploit those holes before anyone patches them. In February 2025, North Korean hackers stole $1.5 billion in a single operation against a cryptocurrency exchange. Not by brute force, but by finding a gap in the software, waiting for the CEO to authorize what looked like routine paperwork, and moving the money faster than any human could track.
That happened before Mythos.
The voice that calls sounding exactly like your child, asking you to help them due to a financial squeeze, that technology already exists and costs less than a dollar to deploy. A British engineering firm wired $25 million in 2024 after a video conference where every face except one was a deepfake. The one real person in the room lost $25 million before the coffee went cold.
Mythos doesn’t create these threats. It changes who can deploy them, and at what scale. And we have to assume others are catching up, including those that are open source.
If the defense wins this race, and it can, tools like Mythos find and close those 27-year-old holes before the attacker does, and your bank becomes genuinely harder to breach than anything that’s existed before. That potential is real. But the question is whether it gets built fast enough to cover everyone: not just JPMorgan, but your credit union. Not just Google, but the hospital in Tulsa running Windows software from 2014.
If the defense wins at the top and the attack surface shifts downward, the retired teacher in Phoenix becomes the soft target. The gap between institutions that can afford frontier security and those that can’t becomes the new fault line.
The Fight Over Who Gets to Protect You
A decade-long freeze on state-level AI laws, that’s what was almost signed into federal law last summer, buried in a 1,000-page budget bill.
If your state wanted to protect you from an algorithm denying your mortgage application, from an AI system making decisions about your healthcare, from a deepfake of your face emptying your savings account. This provision would have made that illegal. For ten years. With no federal law to replace any of it.
The tech industry lobbied hard for it. OpenAI and Google supported it publicly. Senator Ted Cruz of Texas championed it as necessary to protect American AI leadership from a “patchwork” of conflicting state rules.
Here’s what happened next.
Thirty-two states sent letters opposing it. Seventeen Republican governors wrote that it “threatens to undo all the work states have done to protect our citizens.” Senator Marsha Blackburn, a Republican from Tennessee, tried to forge a compromise with Cruz, then reversed course and led the charge to kill it. Steven Bannon called her personally. Democrats called it “Section 230 on steroids.” The Senate voted at 4 a.m. to strip it from the bill entirely.
The vote was 99 to 1. One senator voted to keep it. It may have been a mistake, nobody was entirely sure what happened at that hour.
That is the democracy working. Barely. Messily. At 4 a.m. But working.
Colorado’s AI discrimination law survived. Texas’s AI governance act survived. California’s transparency requirements survived. The 1,000-plus AI bills working through state legislatures across the country got to keep moving.
But Cruz has already pledged to reintroduce it, and the pressure from the tech industry hasn’t stopped. The next attempt will be dressed differently, attached to a defense bill, tucked into a trade agreement. The people who benefit from the absence of rules are very good at waiting for the moment your attention is elsewhere.
This is the other half of the Mythos story. Amodei released 244 pages of honest documentation and convened a coalition of defenders. That happened because one person with a conscience made a decision. The moratorium fight was millions of Americans almost losing the ability to make any decision at all, and they didn’t even know it was happening.
Both of those things are true at the same time.
If you do one thing this week: The moratorium is coming back. The liability shield is already moving in three states. Your state senator has a phone number. Look up what AI legislation is moving in your state. It takes ten minutes. The people trying to freeze state regulation for a decade are counting on you not doing it.What You Can Actually Do Right Now
You can’t out-tech this. But you can be a harder target than the person next to you.
Set up a family code word — a phrase that anyone calling for emergency money has to say. AI can clone your son’s voice from a voicemail. It cannot know the word you agreed on at dinner last week.
Freeze your credit at Equifax, Experian, and TransUnion. Free. Takes 20 minutes. Blocks anyone from opening new accounts in your name. Unfreeze when you need to apply for something, refreeze immediately after.
Turn on real-time transaction alerts for every financial account. Not daily summaries, real-time. Seconds, not hours.
Never authorize a wire transfer from a call or email alone. Hang up. Call back on a number you already have. Business email compromise, attackers impersonating your boss or your bank, stole nearly $3 billion last year. One independent phone call stops it.
For crypto: If losing it would devastate you, it doesn’t belong on an exchange. Hardware wallets exist. The $1.5 billion Bybit heist happened to professionals. Assume exchanges are targets.
The Decision That Wasn’t Yours To Make
I started this piece with one man making a decision for all of us.
I want to end there, because it’s the thing that should outlast the news cycle.
Amodei made a reasonable call and was transparent about it in a way no company in this industry is required to be. The system card, including the part where his own evaluations failed to catch what worried him most, he put out for everyone to see. That act is genuinely unprecedented. The Glasswing coalition is a serious attempt to put a powerful tool in the hands of defenders first.
None of that changes the structural problem. The software layer underneath every institution you depend on is being reshaped by decisions made in rooms you’re not in, by people you didn’t elect, moving faster than any democratic process was built to follow.
A man eating a sandwich in a park got an email from an AI that wasn’t supposed to have internet access. He works at Anthropic, so he knew what it meant.
Most of us wouldn’t have.
The 99-1 vote happened because enough people made enough noise that senators couldn’t ignore it at 4 a.m. That is how this works. The next moratorium attempt is coming. Your state legislature is in session. The AI bill in your state capitol has a number, a sponsor, and a committee hearing date.
Go find it.
The gap between the technology and the governance is not fate.
It’s a choice we keep making by not making a different one.
Part of the redkrel series on AI and the reshaping of power. Previously: Silicon Immigrants, Counterfeit People, Gods or Ashes Parts 1–6.
Sources
Anthropic / Primary Documents
Claude Mythos Preview System Card (244 pp.) — Anthropic Red Team
Project Glasswing Announcement — Anthropic
Introducing Claude Opus 4.6 — Anthropic
Introducing Claude Sonnet 4.6 — Anthropic
News Coverage — Mythos / Glasswing
Why Anthropic Won’t Release Its New Mythos AI Model to the Public — NBC News
Anthropic’s Mythos Is a Wake-Up Call — Fortune
Mythos AI Threat Prompts Bessent, Powell to Convene Bank CEOs — CoinDesk
Powell, Bessent Discussed Anthropic’s Mythos with Major U.S. Banks — CNBC
Anthropic Warns Claude Mythos Escaped a Sandbox During Testing — Futurism
Why Anthropic Believes Its Latest Model Is Too Dangerous to Release — Understanding AI
AI Agents Pose Immediate Threat to Smart Contract Security — The Block
The Moratorium & Liability
Senators Reject 10-Year Ban on State-Level AI Regulation — Time
Senate Strikes AI Moratorium: What It Means for State Regulation — Baker Botts
No State AI Law Moratorium in One Big Beautiful Bill Act — McDermott Will & Emery
Moratoriums and Federal Preemption of State AI Laws Pose Serious Risks — Center for American Progress
OpenAI Backs Bill That Would Limit Liability for AI-Enabled Mass Deaths or Financial Disasters — WIRED / DNYUZ
Background / Series Context
The Bybit Heist: What Happened & What Now? — Wilson Center
FBI Confirms Lazarus Hackers Behind $1.5B Bybit Heist — Bleeping Computer
FinCEN Issues Alert on Deepfake Fraud Schemes — FinCEN (U.S. Treasury)


