In other words, a weapons missle defense system is equivalent to an attack one.
I think that applying this thinking to software is a mistake. A lot of commercial software uses open source libraries under the hood, and and while the large corporations might have access to Mythos/Fable/gpt 5.6, the open source library maintainers typically don’t. That leaves them vulnerable to foreign adversaries who do have access to AI models. Attackers don’t need Mythos-level capability then, they just need to outperform whatever the maintainers are using.
Which means that Anthropic’s decision to restrict security research on even Sonnet makes that gap (and thus an attackers opportunity) even larger.
I say this as a coder who wants to release some of my internal libraries to open source. The risk now is that I open up my own products (which use those libraries) to vulnerability scanners while not having those kinds of detection methods myself. This, it’s safer to not release and keep internal than to risk increasing my own attack risk.
Hopefully we will come to see that software is not equivalent to missle defense — writing safe code is different than attacking others’.
And CVE's: People actually do that now, which before they didn't. Github allowing it now, certainly does help massively. This is a good thing
1. Someone with early access to Mythos leaked it to the bad guys.
2. Cybercriminals are getting enough mileage out of alternatives to Mythos to create exploits far more quickly, even though they don't have access to Mythos.
My own guess is that it's a combination of #2 plus vibe-coding degrading software quality at multiple layers, open the door to sophisticated exploits, but I have no insider access to Mythos so am just guessing. Maybe someone with Mythos access might say why they think this vulnerability spike happened when it did.
It's almost like... Finding bugs is a good thing.