Mythos Fallout, U.S. Government Weighs AI Model Regulation

Mythos Fallout, U.S. Government Weighs AI Model Regulation

The Trump administration is considering applying stricter oversight to American artificial intelligence (AI) models due to their cybersecurity impact. However, before pulling the trigger on strict and inflexible regulation, we believe the government should spend a little time watching and learning.

This apparent shift from the administration’s light touch AI regulation has reportedly been driven by concern about the hacking capabilities of frontier models.

According to the New York Times, the administration wants to establish a group made up of tech executives and government officials to propose oversight procedures for the roll out of all new AI models. The group is likely to consider a range of options, including a formal government review process.

Globally, cyber security authorities are already bracing for the impact of increasingly capable models. Last week, the U.K.’s National Cyber Security Centre CTO Ollie Whitehouse warned of an impending “vulnerability patch wave” as AI finds and fixes vulnerabilities that have accrued over decades.

The Cybersecurity and Infrastructure Security Agency (CISA), meanwhile, is considering imposing shorter patch deadlines for U.S. government systems. The default patch deadline for bugs that are being actively exploited could be reduced from three weeks to as little as three days. For what it’s worth we think patching faster is a fine idea, but we also think organisations will get more bang for their buck by focusing on security fundamentals that help to mitigate all bugs. You can’t patch your way out of “the bugpocalypse”.

While Whitehouse describes a “wave” of patches, the reality is it will be waves, plural. Every time new models are released they will rapidly be used to discover more bugs in commonly used software with basic prompts. If that capability is available to all and sundry, it will cause problems. Anthropic and OpenAI are seemingly aware of this and have taken different approaches to mitigating these risks.

Anthropic released its latest model, Mythos Preview, to a limited number of trusted organisations, in its Project Glasswing initiative. The idea was to give these organisations a head start in finding and patching vulnerabilities before the model was rolled out more broadly. Mozilla reported that it had fixed 271 Firefox vulnerabilities after being granted access.

Unlike Anthropic, which restricted access to Mythos to a select few, OpenAI released its latest model GPT5.5 to all customers who wanted it and instead relied on model safeguards to prevent it from dangerously spilling 0day exploits. Users in cybersecurity roles who ran into these safeguards could verify their identity with OpenAI to get them dialled back.

This Trusted Access for Cyber program provides users “reduced friction around safeguards” when individuals and enterprises are able to satisfy its Know-Your-Customer and trust requirements. Customers who prove that they are legitimate cyber defenders can also get access to more niche versions of OpenAI’s models that have more advanced cyber capabilities coupled with fewer restrictions.

These are very different release approaches for models with similar capabilities. Anthropic’s approach is very cautious, OpenAI’s is more open.

The White House response so far has been to crack down on the cautious one. The Wall Street Journal reported late last week that the White House was opposing Anthropic’s plan to expand access to Mythos to another 70 companies. There has been no such pronouncements about OpenAI’s GPT5.5, which is funny when you consider that it is widely available and the U.K.’s AI Security Institute (AISI) found that it might actually be better than Mythos at cybersecurity tasks.

We expect that the administration will eventually zero in on a position where AI companies have consistent release policies, rather than allowing each to make up their own rules.

It’s not just frontier models that present risks here, though. Last week Niels Provos, a former Google Distinguished Engineer, wrote a blog post titled “Finding Zero-Days With Any Model.” He used an orchestration harness and older commercial and open weight models to independently rediscover bugs found by Mythos.

Provos proved that the vulnerability discovery gap between Mythos and GPT5.5 being driven by a novice and older models being driven by experts is not as big as it seems. Thus, holding back Mythos or GPT5.5 to a White House-approved circle of trust for 90 days probably won’t achieve as much as we’d like.

A better approach may be for the government to wait and see so that it can understand what is happening and can make informed decisions further down the track. How many 0day vulnerabilities does each new model release shake out? What are their CVSS scores? Is that number trending up or down over time? Are vendors actually patching the bugs? What is the state of vulnerability discovery using older and open weight models? Are the frontier labs acting responsibly?

The broader point here is that it is pretty clear that the rise of powerful AI cyber capabilities is a generational shift that policymakers don’t yet understand how to respond to. Attempting to stagger the access to the technology’s bleeding edge is intuitively attractive, but there are good reasons to believe that it will have little impact.

– Tom Uren, Published courtesy of Lawfare.