Security risks are resurfacing

Anthropic spent years selling artificial intelligence as a helper for writing and coding, and this week it said one of its newest systems was too risky to put on the open market. The model, called Claude Mythos, is being held back because Anthropic says it is unusually good at finding security flaws in software and computer systems. (fortune.com) (techcrunch.com) That is a sharp break from the usual pattern in this industry, where companies race to show each new model is bigger, faster, or cheaper. Anthropic instead told a limited group of companies and government-linked defenders about Mythos while keeping it away from general release. (fortune.com) (bloomberg.com) The reason is simple enough to picture: modern software is like a city with millions of doors and windows, and security teams spend their lives checking which ones do not lock properly. Anthropic says Mythos can inspect that city at unusual speed and spot weaknesses that human teams or ordinary tools might miss. (axios.com) (bloomberg.com) That creates the same double-use problem that has followed powerful encryption and hacking tools for decades. A system that helps defenders patch a hospital network or a power grid can also help attackers map the fastest path in. (axios.com) (techcrunch.com) Axios reported that operators of critical infrastructure, including water, electricity, health care, and financial services, are now being warned that these cyber capabilities are arriving faster than many defenses are improving. Bloomberg reported that officials in Washington met on April 7 to discuss Mythos specifically because of the risk that tools like it could be used to steal data or disrupt essential systems. (axios.com) (bloomberg.com) At almost the same moment, OpenAI disclosed a separate security problem that had nothing to do with a frontier model being too capable and everything to do with ordinary software plumbing. On April 10, OpenAI said a third-party developer tool called Axios was involved in a broader industry incident affecting the process used to certify that its Mac applications were legitimate OpenAI apps. (openai.com) (reuters.com) OpenAI said it found no evidence that user data was accessed, that its systems were compromised, or that its software was altered. It still told Mac users to update affected apps because code-signing, the system that tells a computer “this app really came from this company,” is one of the locks that keeps fake software out. (openai.com) (reuters.com) Put those two stories together and the picture gets clearer. One problem is that artificial intelligence models are getting good enough to accelerate cyber offense, and the other is that the companies building those models still rely on the same messy supply chains, third-party libraries, and app-signing systems that every software company relies on. (axios.com) (openai.com) Anthropic’s decision also lands at a delicate corporate moment because Fortune reported that the company is preparing for an initial public offering, which is the stock-market process that turns a private startup into a publicly traded company. Saying “we built it but will not broadly ship it” is both a safety claim and a test of whether investors will reward restraint instead of raw growth. (fortune.com) For years, the fear around artificial intelligence security sounded abstract: maybe one day these systems would help criminals too much. In April 2026, the warning looks less theoretical, because one major lab is withholding a model for cyber risk while another is patching a real-world security issue in the software stack around its products. (fortune.com) (openai.com)