Recently, Bruce Schneier and I wrote an OpEd on Anthropic’s announcement of Claude Mythos Preview, an AI model so capable at finding and exploiting software vulnerabilities that the company decided it was too dangerous to release to the public.

When access to systems like Mythos is limited to a small group of organizations, asymmetries are created in who can defend (or exploit) critical infrastructure. When key performance details remain opaque, the broader community is left without the information needed to assess risk.

AI systems that can uncover and exploit thousands of vulnerabilities are not just technical tools, they are governance challenges. How we respond now will shape the security landscape for years to come. Decisions with global security implications shouldn’t rest with any single company. We need more transparency, broader access for researchers, and coordinated oversight.

Our article was published in the Globe and Mail: Author’s copy (Republished with permission), Original (Paywall), Linked in Post