Access control replaces capability as the frontier AI governance tool

On April 7, 2026, Anthropic announced Claude Mythos, a frontier model that autonomously discovered thousands of zero-day vulnerabilities across every major operating system and browser. The capability is real and consequential: Mythos found a 27-year-old OpenBSD bug and a 16-year-old FFmpeg flaw that automated security tools had missed after 5 million attempts. On Firefox JavaScript engine exploits, Mythos achieved 181 successful developments versus near-zero for Claude Opus 4.6. On expert-level capture-the-flag cybersecurity tasks, it succeeded 73% of the time. This is not incremental improvement. This is a structural change in how vulnerabilities are discovered. And Anthropic's response reveals how frontier AI governance is now fundamentally about access control, not technical capability.

Anthropic did not open Mythos to the public. Instead, it created Project Glasswing, restricting access to approximately 50 organizations, committing $100 million in usage credits plus $4 million to open-source security organizations, and pricing the model at $25 per million input tokens and $125 per million output tokens. The White House opposed expansion to 70 additional companies, citing security risks and compute constraints. The Pentagon designated Anthropic a national security supply chain risk in February 2026. Within weeks of limited rollout, unauthorized users gained access through private channels. The NSA and Pentagon are now debating access terms with Anthropic. This is not a company managing its own product release. This is a government managing a national security asset.

The governance logic is straightforward: Mythos is dual-use. It can defend critical software by finding vulnerabilities before adversaries do. It can also attack, enabling faster exploitation. No technical distinction exists between the two uses. Therefore, the only lever governments have is access control. Who gets to use it. When. Under what oversight. This represents a fundamental shift from prior AI policy, which focused on training compute restrictions, export controls, or capability benchmarks. Those tools assumed the problem was building the model. Mythos proves the problem is now controlling who uses it after it exists.

## The vulnerability discovery acceleration

Mozilla reported that Mythos identified 271 vulnerabilities in a single Firefox release, an order of magnitude increase over prior AI-assisted efforts. This compresses vulnerability discovery from months to hours. The economics of software security are built on human-speed discovery and patching cycles. Quarterly security updates are the industry norm. Mythos breaks that assumption. Organizations must now patch daily or continuously, or accept that frontier AI models will find exploitable flaws faster than they can fix them. This is not a theoretical risk. This is an immediate operational burden on every software vendor.

The Australian Signals Directorate confirmed in April 2026 that open-source models can already replicate Mythos vulnerability discovery techniques. DeepSeek V4, Qwen, and other open-weight models are acquiring cybersecurity capabilities at 1/50th the cost of frontier models. The window between exclusive access and widespread availability is shrinking from months to weeks. Restriction delays proliferation but does not prevent it. Hostile actors will not lag frontier capabilities by months. They will lag by weeks, if at all. This creates a governance paradox: restricting Mythos slows its spread to adversaries, but only by the time it takes for open-source alternatives to mature.

## The two-tier fragmentation

Mythos access is now a national security negotiation point. India, the EU, and other regions are demanding inclusion in Project Glasswing. The result is a two-tier system: US-allied defenders with access to Mythos, everyone else without. This mirrors Cold War export control regimes for cryptography and nuclear technology. The difference is speed. Cold War controls took years to implement and enforce. Mythos controls are being negotiated in weeks. Governments are moving faster than policy frameworks can accommodate, creating ad-hoc agreements that lack transparency or legal foundation.

The geopolitical implications are severe. If Mythos access becomes a US-controlled privilege, other nations will accelerate investment in open-source alternatives. China's DeepSeek and Alibaba's Qwen are already competitive on cybersecurity tasks. Restricting proprietary models accelerates the very proliferation governments are trying to prevent. The incentive structure is inverted: access control creates pressure for open-source development, which is harder to control than proprietary systems. Governments are choosing between slow proliferation of restricted models and fast proliferation of unrestricted ones. Neither option is good.

## The national security asset problem

Anthropic is no longer a company. It is a national security asset. The NSA, Pentagon, and White House are competing for exclusive access to Mythos. The question has shifted from 'should this model exist' to 'who controls it.' This mirrors Cold War competition for nuclear weapons. The implication is that frontier AI models with dual-use capabilities will be treated as strategic weapons, not commercial products. This will slow deployment, increase government oversight, and create regulatory burden that favors large, well-connected companies over startups. It will also create perverse incentives: companies will hide capabilities from governments to avoid restrictions, or governments will demand exclusive access in exchange for approval.

The precedent is dangerous. If Mythos becomes a government-controlled asset, every frontier model with dual-use implications will follow. This is not hypothetical. The White House is already intervening in model deployment decisions. The Pentagon is already designating AI companies as national security risks. The NSA is already debating access terms. These are not policy discussions. These are operational realities. Frontier AI governance is now happening in real time, without statutory authority, without public input, and without clear rules. This is how security states expand: one restricted model at a time.

## What this means for the field

The vulnerability disclosure economics are breaking. Traditional CVE-based patching assumes human-speed discovery. Mythos proves that assumption is obsolete. Organizations must shift from quarterly patching to daily or continuous cycles. This is operationally expensive and technically challenging. Many organizations will not be able to keep pace. The result is a widening gap between organizations that can afford continuous patching and those that cannot. This is not a security problem for Mythos users. This is a security problem for everyone else.

Dual-use AI policy has become urgent. Mythos proves frontier models can be weaponized or defended with. No technical distinction exists. Policy must now govern access, not capability. This requires real-time government oversight of model deployment. It requires intelligence agencies to understand model capabilities before they are released. It requires coordination between companies and governments on who gets access and under what conditions. This is a new regulatory burden that will slow commercial rollout and increase costs. It will also create a permanent tension between security and innovation.

## What to watch

Watch whether Project Glasswing expands beyond 50 organizations and under what conditions. Watch whether the White House formally codifies access restrictions or leaves them ad-hoc. Watch whether open-source cybersecurity models reach parity with Mythos within 12 months. Watch whether other countries build their own restricted-access frontier models in response. Watch whether Anthropic's breach investigation reveals how unauthorized access occurred and whether it triggers government sanctions. Watch whether other AI companies proactively restrict dual-use models or wait for government pressure. The answers will determine whether frontier AI governance becomes a transparent, rule-based system or remains a series of emergency restrictions imposed on a case-by-case basis. The current trajectory suggests the latter.