What smart people are saying about Mythos, Anthropic’s new AI model that has some cybersecurity experts spooked

Gary Marcus, an AI researcher and author, said Anthropic’s announcement on Mythos was “overblown.”

“To a certain degree, I feel that we were played,” Marcus wrote on Substack. “The demo was definitely proof of concept that we need to get our regulatory and technical house in order, but not the immediate threat the media and public was lead to believe.”

Marcus said from what he has seen, the model appears to be “incrementally better” than previous models, rather than a “breakthrough.”

Yann LeCun, founder of AMI Labs and former chief AI scientist at Meta, also threw cold water on the Mythos hype.

“Mythos drama = BS from self-delusion,” he wrote in an X post.

He was responding to a post from Aisle, an AI security company, that said it tested smaller, cheaper models on the same vulnerabilities highlighted in Anthropic’s Mythos announcement and found that they could do much of the same analysis.

Jake Moore, global cybersecurity specialist at ESET, previously told Business Insider there was some marketing language in Anthropic’s announcement, but that “fundamentally, this model seems incredibly impressive and will only improve over time.”

“Anthropic has built its reputation as the ‘safety first’ AI company, so announcements like this serve two purposes: genuine caution and signaling its safety-conscious stance,” Moore said.

Dave Kasten, head of policy at Palisade Research, said he thinks it’s likely that other AI models aren’t far behind Mythos.

He told CNBC in an interview on Thursday that his expectation is that “Anthropic is a little ahead, but not overwhelmingly ahead, and they don’t necessarily have much of a permanent moat here.”

He flagged a recent report from Axios that said OpenAI also has a model with advanced cybersecurity abilities that it plans to only release to a small group, rather than the general public.

Kasten also said he thinks Gemini is also probably not far behind, but the fact that Google is partnering on Mythos implies that Anthropic likely has an advantage with this particular model, at least for a couple of months.

David Sacks, tech investor and former White House AI czar, said Anthropic’s claims about Mythos are important but should be taken with a grain of salt.

“The world has no choice but to take the cyber threat associated with Mythos seriously. But it’s hard to ignore that Anthropic has a history of scare tactics,” Sacks said in an X post, sharing some examples of past instances when Anthropic issued alarming warnings or narratives about AI models.

T.J. Marlin, CEO of Guardrail Technologies, who formerly worked on EY’s global forensic technology practice, said the meeting between federal officials and Wall Street was about ensuring that the banks, should a big security breach happen, couldn’t turn around and say, “We didn’t know.”

“Every CEO in that room who fails to document a board-level response is now operating in the most legally exposed position possible,” Marlin wrote on LinkedIn.

Pablos Holman, a VC at Deep Future, said cybersecurity defenders — the people who are trying to defend against digital attacks — stand to benefit more from advancements in AI than those who are carrying out the attacks.

“Now everybody is losing their minds over AI-powered attacks,” Holman said in a LinkedIn post about Mythos on April 1, before Anthropic’s announcement this week. “What they’re missing is that defenders have the same AIs. Often better ones and way more compute.”

Holman said cybersecurity defenders will have access to the same models as well as more resources to work with, like the source code.

“This is still a war of escalation, but now the defender has the advantage,” he wrote. “Security is about to get better. Not worse.”

“We have entered cybersecurity’s Manhattan Project moment,” Ben Seri, cofounder of cybersecurity startup Zafran Security, said in a post.

Seri said the cybersecurity threat was real and immediate, while the defensive potential was real but would take longer to realize. He said the real challenge will be for cybersecurity defenders to work faster at scale.

“AI will find vulnerabilities faster. AI will fix them faster. But the bottleneck was never discovery or remediation alone. It is the ability to deploy fixes into production environments safely, quickly, and at scale,” he said. “Securely adopting rapid change in production is the most important shift that technology and security leaders need to take on to meet this moment.”

Alice Tecotzky contributed reporting.