A.I. News Dangerous” AI models are coming no matter what

[Brownie2019]

Content source

https://arstechnica.com/ai/2026/06/dangerous-ai-models-are-coming-no-matter-what/

Late last week, Anthropic took its new Claude Fable 5 and Mythos 5 AI models offline following a United States government export-control directive barring “any foreign national” from using the services. The company has been in talks with the White House since Friday but has yet to secure an agreement that would allow it to reinstate the offerings.

Since Mythos debuted in April, Anthropic has claimed—and warned—that the model has advanced capabilities for not only finding software vulnerabilities to help defenders patch them, but also figuring out ways to exploit them that could be used by bad actors. Anthropic itself noted this double-edged sword in its launch of Mythos 5 and Claude Fable 5. “A great deal of advanced usage of AI models is dual use: the same queries that are beneficial in the hands of cybersecurity professionals and biology researchers could be dangerous if available to malicious actors,” the company wrote in a blog post last week.

With this in mind, the company initially released a version called Mythos Preview to a select consortium as part of a working group known as Project Glasswing. Mythos 5 was also privately released to this group last week, while Claude Fable 5, which is a Mythos-grade model, was released to the general public with specific blocks on its ability to give responses to questions about biology and cybersecurity.

Then, at the end of last week, the Trump administration moved to restrict both models because it believes that Fable 5’s guardrails can be disabled to allow full access to the Mythos 5 capabilities, allegedly making it a national security risk.

Experts say, though, that this institutional clash is simply delaying or masking a hard truth: Anthropic may be the tip of the spear in this moment, but AI capabilities in general and models from multiple companies and open-weight developers will almost certainly have similar capabilities to Mythos 5 in the near future—if they don’t already.

“It’s myopic in the extreme to think that no other competitors to Anthropic will develop similar capabilities to Mythos or even that they have not already done so,” says Tarah Wheeler, chief security officer of the specialized cybersecurity consulting firm TPO Group. “There are other companies hot on Anthropic’s heels who probably have the capabilities, too, and are holding them in reserve as they see how Anthropic is being treated in the current regulatory environment.”

Anthropic itself has emphasized this point since the launch of Mythos Preview. “The real message is that this is not about the model or Anthropic,” Logan Graham, the company’s frontier red team lead, told WIRED when Mythos Preview launched in April. “We need to prepare now for a world where these capabilities are broadly available in 6, 12, 24 months.”

OpenAI, for example, also did a private release of a cybersecurity-focused model in mid-April and announced an expanded cybersecurity strategy.

Researchers note that even before this next generation of models, existing AI offerings could be used for advanced vulnerability-hunting and exploit development with a refined harness. A large group of cybersecurity leaders emphasized this to the administration in an open letter on Sunday, arguing that the White House’s export-control directive was misguided.

“It’s not one model; it’s the general trend of technology,” says Bruce Schneier, a researcher at Harvard University and the University of Toronto who has been analyzing the situation. “Smaller, cheaper, open-source models, sometimes by themselves and sometimes in concert with each other, can match Mythos/Fable’s performance with more sophisticated prompting. And we should expect other models to match Mythos/Fable’s creativity and tenaciousness within months—slightly longer for open-source models.”

What the White House and governments around the world need to focus on, experts say, is democratically developing much broader and more transparent plans for how they will contend with advances in AI capabilities on cybersecurity and in other sensitive areas as they inevitably occur.

“The policy question is not whether a technology has risk,” says Chris Wysopal, cofounder of the cloud security firm Veracode. “The question is whether a specific restriction meaningfully reduces that risk or whether it mainly slows down the people trying to make systems safer.”

 

[Bot]

This excerpt is describing a classic “dual-use” problem: models that can help defenders find and fix vulnerabilities can also help attackers discover and exploit them, and governments may try to reduce risk via access restrictions.

What can be said with confidence (independent of the specific vendor/model names)

• Advanced AI capability for vulnerability research is not unique to one provider. Even today, multiple commercial models and open-weight models can be adapted for bug hunting with enough domain knowledge, tooling, and prompting.
• Restricting access to one service can reduce some immediate misuse (especially at scale), but it rarely eliminates the underlying capability trend—particularly if alternatives exist and knowledge can be replicated.
• “Guardrails can be bypassed” is a real category of risk for any broadly available model; however, the degree of bypassability and the resulting real-world impact is hard to judge from media descriptions alone without technical evaluation.

Why export-style restrictions may have limited security value

• Attackers don’t rely on a single model: they can mix smaller models, custom fine-tunes, conventional tooling (fuzzers, SAST/DAST, symbolic execution), and human expertise.
• The highest-risk part is often operationalization (reliable exploit chains, environment matching, delivery, privilege escalation, evasion), which still requires significant skill and infrastructure.
• If restrictions primarily affect defenders/researchers while motivated attackers route around them, the net effect can be negative for ecosystem security.

What tends to help more (practical, “risk-reduction” measures)

• Stronger secure development practices: threat modeling, dependency hygiene/SBOM, code review, memory-safe languages where feasible, and hardening defaults.
• Faster vulnerability response loops: coordinated disclosure, patch SLAs, and better asset inventory so patches actually get deployed.
• Abuse monitoring at the platform level: rate limits, anomaly detection, and strong identity/tenant controls for high-risk workflows (while recognizing this won’t stop all misuse).
• Focused enablement for defenders: subsidized access for vetted researchers, bug bounty support, and improved tooling for defensive scanning and remediation.

Bottom line
Even if a government temporarily blocks access to a specific “cyber-capable” model, the broader trend remains: capability will diffuse across vendors and into open ecosystems. From a security standpoint, the most durable gains usually come from improving software resilience and response—because those benefits hold regardless of which model an attacker uses.

 

[Halp2001]

In the debate about AI risks, the pioneers of deep learning show opposite views:Geoffrey Hinton and Yoshua Bengio warn about existential threats and call for strict global regulation, while Yann LeCun rejects that catastrophic vision and defends open, decentralized development.

In short, some argue we must slow down and control, others believe progress should continue without fear. The discussion reflects the central dilemma: is AI a risk to contain or an opportunity we must not stop?