Advanced AI Models Pose Growing Security Risks — And Experts Say They're Inevitable

The Rise of Dual-Use AI Models

When Anthropic launched its Mythos AI model in April, it came with an unusual warning from the company itself: this technology is a double-edged sword. According to Anthropic, Mythos is capable of identifying software vulnerabilities to help security teams defend their systems — but those same capabilities could just as easily be weaponized by malicious actors.

The company acknowledged this tension openly when announcing both Mythos 5 and Claude Fable 5. In an official blog post, Anthropic wrote that advanced AI usage is inherently dual-use in nature, noting that queries valuable to cybersecurity professionals and biology researchers could pose serious dangers in the wrong hands.

A Controlled Rollout That Sparked Federal Concern

In response to these risks, Anthropic initially released a preview version of the model exclusively to a vetted group of researchers through a program called Project Glasswing. Mythos 5 was similarly shared only within this private consortium, while Claude Fable 5 — described as carrying Mythos-level capabilities — was made available to the broader public, but with specific restrictions preventing it from responding to sensitive questions involving biology and cybersecurity.

Despite these precautions, the Trump administration moved to restrict access to both models late last week. Officials reportedly believe that Fable 5's built-in guardrails can be bypassed, effectively unlocking the full power of Mythos 5 and presenting what they characterized as a national security threat.

Experts Warn: This Is Bigger Than One Company

While the government's intervention has drawn significant attention, cybersecurity specialists argue it misses the larger picture entirely. Anthropic may currently be at the forefront of this capability race, but comparable technologies are already emerging — or quietly existing — across multiple organizations.

"It's myopic in the extreme to think that no other competitors to Anthropic will develop similar capabilities to Mythos or even that they have not already done so," said Tarah Wheeler, Chief Security Officer at TPO Group. Wheeler added that rival companies are likely watching how Anthropic is being handled by regulators before deciding whether to publicly reveal their own advanced tools.

Anthropics own frontier red team lead, Logan Graham, echoed this sentiment when the Mythos Preview first launched. "We need to prepare now for a world where these capabilities are broadly available in 6, 12, 24 months," Graham told WIRED, emphasizing that the issue extends well beyond any single model or company.

Reinforcing this point, OpenAI conducted its own private release of a cybersecurity-focused AI model in mid-April and simultaneously announced a wider cybersecurity strategy — signaling that the race to develop powerful, security-relevant AI is already well underway across the industry.

Existing Models Already Pose Significant Risks

Researchers point out that even before this latest generation of AI, existing models could already be leveraged for sophisticated vulnerability discovery and exploit development when paired with refined technical approaches. A broad coalition of cybersecurity leaders sent an open letter to the White House on Sunday arguing that the administration's export-control directive was fundamentally misguided.

Bruce Schneier, a prominent researcher affiliated with both Harvard University and the University of Toronto, put it plainly: "It's not one model; it's the general trend of technology. Smaller, cheaper, open-source models, sometimes by themselves and sometimes in concert with each other, can match Mythos and Fable's performance with more sophisticated prompting."

Schneier also cautioned that competing models are expected to match Mythos and Fable's creative problem-solving capabilities within months, with open-source alternatives following shortly thereafter.

What Governments Should Actually Be Doing

Rather than focusing on restricting individual models, cybersecurity experts are calling on governments worldwide to develop comprehensive, transparent, and democratically informed strategies for managing the ongoing advancement of AI capabilities — particularly in sensitive domains like cybersecurity and biotechnology.

Chris Wysopal, co-founder of cloud security firm Veracode, framed the core policy question clearly: "The question is whether a specific restriction meaningfully reduces that risk or whether it mainly slows down the people trying to make systems safer."

The consensus among experts is clear — reactive measures targeting a single company or model will not contain a technological shift that is already well in motion. What is needed is forward-thinking governance that anticipates the road ahead rather than reacting to each new development as it emerges.