A heated debate has been laid bare: Is AI a weapon or a commodity? If it is a weapon, who will regulate it? If it is a commodity, who decides whether to sell it?

With this yardstick set, only one question remains: In the future, will we stand on the side of distribution or application?

—Introduction

The hottest topic in global AI right now is no longer about which company has released a new model, but rather a 'myth' created by Anthropic.

Calling it a myth is half literal—the model is named Mythos, which can be associated with the Greek words for 'myth' and 'legend'; the other half is factual—it is indeed incredibly powerful.

In fact, it is not a new species but the next-generation general-purpose large language model developed by Anthropic, internally codenamed 'Capybara' (a term circulating within the security community, unconfirmed officially). Rumors suggest its parameters are in the tens of trillions—a level that ranks among the top globally.

But what truly sets Mythos apart is not the string of zeros on its parameter sheet but its first move after introduction.

Anthropic did not release, price, or sell the model, which it rated as 'the strongest to date,' as usual.

The reason?—'It's too dangerous.' More precisely, it is too powerful to be treated as an ordinary commodity on the shelves—so Anthropic took a third path: instead of a public sale, it is selectively licensed to a few institutions through 'controlled authorization.'

This plan, named 'Project Glasswing,' was initially released to about forty institutions, almost exclusively U.S. tech and financial giants, including Amazon Web Services, Apple, Broadcom, Google, Microsoft, and cybersecurity giants like Palo Alto Networks and CrowdStrike.

It spreads much faster than nuclear proliferation—two months later, about 150 more institutions were added, bringing the total to nearly 200 across more than fifteen countries. The newly included institutions cover critical infrastructure sectors such as power, water, healthcare, communications, and hardware.

The question is: When Anthropic says 'too dangerous,' is it sincere or calculating?

This is what we will discuss next, but first, remember a fact: an item deemed 'the strongest' and potentially dangerous to humanity by its creator is not publicly sold but distributed by this private company deciding 'who gets it and who doesn't'—this itself is a transfer of power.

And when this powerful tool might flow to other countries, the U.S. government imposes a second gate. One hand holds the model, the other controls its export; private enterprise leads, government supports—neither hand opens easily, which is indeed rare.

The capability Mythos displays on the table is financial-grade cybersecurity infrastructure, but its terror stems from this very fact.

Consider what Mythos has done: it unearthed vulnerabilities dormant for decades in untouched legacy code.

It uncovered a TCP protocol vulnerability lurking for twenty-seven years in the OpenBSD operating system—a system renowned for security and often used in firewalls and critical infrastructure. It also found a sixteen-year-old flaw in the FFmpeg audio-video library, a seventeen-year-old remote code execution vulnerability (CVE-2026-4747) in the FreeBSD kernel, and even memory corruption issues in a production-grade cloud virtual machine claiming to be 'memory-safe,' along with sandbox escape vulnerabilities in multiple mainstream browsers.

More specific examples abound: during internal testing for Mozilla's Firefox, Mozilla relied on it to patch 271 flaws in one version; in a benchmark test, it generated 181 usable attacks—the previous model managed only two.

Cloudflare scanned over fifty core codebases with it, uncovering about two thousand vulnerabilities. More impressively, since the launch of 'Project Glasswing,' Mythos has discovered over ten thousand high-risk or critical vulnerabilities across about fifty partner institutions.

Some might say: Isn't this a good thing? It's helping us fix vulnerabilities; it's the ultimate security tool.

This is precisely what makes it most unsettling.

Right now, Mythos is helping humanity patch vulnerabilities simply because humanity allows it to view the code and endow it (assigns it) the basic attribute of a 'benevolent cybersecurity tool.'

But imagine if such formidable vulnerability-finding capabilities were used by attackers?

In fact, this has already been proven—Mythos is not only extremely adept at finding vulnerabilities but can also autonomously chain multiple low-level weaknesses into a complete attack chain—linking four vulnerabilities together to break free from the dual sandboxes of browsers and operating systems on its own—meaning it can push from 'suspected vulnerability' to 'confirmed exploitable' without human intervention.

The UK Artificial Intelligence Safety Institute (AISI, under the British government) built an 'ultra-high-difficulty simulated network range codenamed The Last Ones (TLO)' with a thirty-two-step complete attack chain. By estimation, human professional red team personnel would take about twenty hours to complete the same task. The result? Mythos succeeded three times in ten attempts, averaging twenty-two steps per attempt, far surpassing any previous model's performance.

The implication behind all this is that if Mythos were weaponized (and in a sense, it already is): the databases, payment systems, and internal APIs of any bank globally, and even more critical systems of powerful departments, would become extremely vulnerable before it.

Because Mythos transforms 'vulnerability hunting' from an expensive and scarce skill into a scalable, low-cost automated capability. On the positive side, it raises the ceiling for preventive cyberdefense, but at the same time, it exposes all the aging cracks in systems for the offensive side.

The fragility of the digital world is fully illuminated before this mirror for the first time.

Precisely because of this level of power, the 'controlled authorization' system carries weight. But the question is, who ultimately controls the valves of this mechanism? Whether they can be turned correctly remains unknown.

Take a simple example: British financial institutions want to use it but are left out—this could easily be misread as a souring of Anglo-American relations, but it's not. Anthropic itself is willing to let British banks trial it; the real bottleneck is another gate: because Mythos is too dangerous, relying solely on Anthropic is insufficient; the U.S. government must also personally vet where it flows, and why do approvals vary in speed across countries? Even Bank of England Governor Bailey cannot say—because that switch is not within his reach.

The banks of a nation, especially those of America's staunchest ally, Can (whether they can) obtain the strongest shield depends on the whims of a private enterprise company across the ocean and the U.S. government behind it, relying on a black-box mechanism for selection. The metaphor of this event speaks volumes.

Mythos has been around for only a few months, yet Anthropic made two intriguing moves in the same week.

On June 4, 2026, Anthropic, in a rare solemn posture (posture), released a long article titled 'When AI Builds Itself' on its official blog, co-authored by co-founder Jack Clark and research institute head Marina Favaro.

This was no ordinary technical update—the company proactively disclosed a set of internal data never before made public: as of May this year, over 80% of the code merged into Anthropic's codebase had been written by Claude, with engineers' average quarterly code volume eight times that of 2021–2025... These are not surprising; what is concerning is the article's proposal of a disturbing concept based on this data—'recursive self-improvement.' At the engineering level, this technology translates to the current buzzword 'AI building AI,' where AI systems design and iterate stronger next-generations autonomously without human intervention.

Anthropic warns that this phase 'could occur within the next two years, or even sooner.'

Immediately after, Anthropic, through this article, made a rare global proposal: to collectively slow down or temporarily halt frontier AI research, provided a multinational verification mechanism is established. They claim that current AI technology is iterating too rapidly, with the potential to autonomously optimize and upgrade beyond human intervention in the short term, posing unforeseeable major societal risks.

The article specifically proposes that the world should have 'the option to slow down or temporarily pause frontier AI development' to allow social institution-building and alignment research to keep pace with technological progress.

The news immediately split public opinion.

Many quickly pointed out that Anthropic is leveraging human fear for marketing, a tactic it has mastered over the years.

Under Anthropic's post, a netizen pierced the veil: 'Telling everyone AI can build better AI is also the best fundraising pitch ever written—let me award you the Best Marketing Award.'

David Sacks, White House official overseeing AI and encryption affairs and a venture capitalist, bluntly stated that Anthropic is engaging in 'a sophisticated regulatory capture strategy based on fearmongering,' noting its habit of releasing a study 'rendering the worst possible technological scenarios' alongside every new model launch to grab headlines.

Former Wall Street analyst Tae Kim directly called it out: Anthropic's sustained fear-based marketing strategy to attract attention is clearly aimed at securing regulatory advantages for its upcoming IPO, saying this approach 'is tiresome and will backfire on the entire U.S. AI industry.'

These skeptics' judgments are not unfounded. They point out that a deeper suspicion lies in the fact that the lead author of this long article, Jack Clark, was a tech media journalist and is now a policy executive at Anthropic; the other author, Marina Favaro, is also a policy researcher specializing in security strategy. The two core authors of an article advocating such a heavyweight technical judgment as 'recursive self-improvement' actually ( actually ) both come from the policy team rather than the technical team—this undoubtedly leaves a significant question mark.

Memorably, this is not Anthropic's first such move. A previous 'ransomware' experiment with one of its models was criticized as 'tailor-made for headlines.' And this time, it coincides with a critical juncture.

Because right now, Anthropic's valuation is on a rocket-like trajectory. By early May 2026, its annualized revenue had soared to forty-seven billion dollars; in the same period, it completed its Series H funding, raising sixty-five billion dollars, reaching a post-money valuation of nine hundred sixty-five billion dollars, surpassing OpenAI to top the global list of highest-valued AI startups. Later, in early June, the company secretly filed for an IPO with the U.S. Securities and Exchange Commission, targeting a valuation exceeding one trillion dollars.

Thus, things form a cycle: every time it releases a stunning model, it urgently publishes a long article Rendering Fear (playing up fears), boasting about how 'dangerous it is to let loose,' and then conveniently calls for everyone to pause frontier AI research. With near-sincerity, it says, 'I fear what I've created,' implying the same subtext—my technology is so powerful even I fear it.

More intriguingly, this company's founding principle was precisely 'safety.' Anthropic's founding team left OpenAI because they felt OpenAI did not prioritize safety enough. In 2023, they put it in black and white: they would not train stronger AI models without sufficient safety measures. This so-called 'Responsible Scaling Policy' was once Anthropic's core selling point distinguishing it from all competitors.

However, by early 2026, under pressure from competitors advancing rapidly, Anthropic quietly deleted that promise—its chief science officer publicly stated that halting AI model training benefits no one and that unilateral commitments are unrealistic in industry competition.

A company that built its brand on 'safety' and made promises its calling card tore down the memorial archway (memorial archway, metaphor for reputation) in the face of market value.

By now, the answer to the question at the beginning is clear. Mythos is indeed exceptionally powerful, but Anthropic's descriptions of its 'danger level' likely resemble a sophisticated commercial PR stunt. As for this global call for an 'AI emergency brake,' it is merely another proficient (skilled) fear-based marketing ploy. It declares to the world, 'The monster is out,' but the unspoken next line is—only I can tame it.

Returning to the original fact: the distribution rights of Mythos lie in Anthropic's hands; when it involves other countries, the U.S. government steps in. This is not a trade dispute but a new shift in power allocation itself: a private company and a sovereign nation jointly decide who can possess the strongest shield.

Similar things are happening in the AI field—Jensen Huang once pitched the term 'sovereign AI' to representatives from 150 countries at the World Government Summit—the rhetoric sounds grand, but sovereignty is not something that can be bought with money. When NVIDIA became the world's largest manufacturer of computing hardware, the 'sovereignty' it sells to countries with no AI foundation is merely a lease of uncertain duration.

Put bluntly, this is the United States projecting its AI monopoly advantage globally in a new form. Compared to maintaining a dozen massive aircraft carrier strike groups or stationing about 170,000 military personnel across eighty-plus countries, using computing power and models to grip other nations' lifelines is far more effortless and aligns better with maintaining hegemony in the new era.

Private enterprises using AI to hold a country by the throat—such a scenario was unheard of in the past, but has now become commonplace and will only increase in the future.

Focusing on China, fortunately, we have some cards to play this time. To safeguard its AI sovereignty, China has acted both steadily and swiftly—for instance, the upcoming cross-border investment by the National Integrated Circuit Industry Investment Fund, also known as the 'National Big Fund.' For the first time in its twelve-year history, this fund is investing in a pure large model company, leading the initial financing round for DeepSeek, effectively placing top-tier models on par with chips in terms of strategic importance.

More importantly, China's confidence does not rely solely on DeepSeek. There are independent model companies like Zhipu, Moonshot AI, MiniMax, and StepFun; tech giants such as Alibaba, Baidu, and ByteDance; as well as Huawei, Cambricon, Hygon, along with new chip players like Moore Threads, MetaX, Biren, and Enflame—collectively known as the 'Four Little Dragons of Domestic GPUs.'

With hardware at the base, powerful models in the middle, and the world's most densely packed application scenarios on top—only China and the United States possess all three of these elements. While China may currently lag behind the United States in terms of cutting-edge AI capabilities, its current foundation is sufficient to prevent its AI sovereignty from being easily stripped away. Instead, it can confidently keep it firmly in its own hands.

However, a sobering reminder must be given to readers: currently, we do not yet possess super infrastructure of 'mythical' proportions—at least not publicly. This precisely indicates that China's AI cannot stop at writing code or conducting business; it must tackle the toughest, most fundamental infrastructure challenges of the AI era.

As for Mythos itself—regardless of how much its dangers may have been exaggerated—its emergence has already heralded the arrival of a new era: for the first time, the most powerful capabilities have become a strategic resource that can be held in the palm of a single company and distributed to various countries as needed.

Its even more profound significance lies in bringing a contentious debate to the forefront: Is AI a weapon or a commodity? If it is a weapon, who will regulate it? If it is a commodity, who decides whether to sell it?

Now that this yardstick has been laid out, only one question remains—when faced with it, do we stand on the side of distribution or the side of application?