What happens when the model designed to find vulnerabilities becomes the vulnerability banks are warned about?
Goldman Sachs’s CEO says his firm is “hyper-aware” of the risks. The Treasury Secretary and Federal Reserve Chair warned major banks about it. The White House is simultaneously encouraging banks to use it to find vulnerabilities in their own systems.
We are talking about Anthropic’s Mythos — and the story of the week isn’t just that it’s powerful. It’s that it’s powerful in a way that creates the problems it’s supposed to solve.
A Model That Finds Bugs — And Creates Them
Anthropic’s own technical blog introduced Mythos as a breakthrough in autonomous cybersecurity red-teaming. The model can find vulnerabilities in complex systems, reason through attack chains, and execute multi-step exploitation scenarios. Useful for defense. Useful for offense.
The irony is architectural, not accidental.
When a model can question itself about the systems it’s designed to protect, it also learns — perhaps better than any previous AI — how to circumvent those protections. The knowledge is the same knowledge. The capability is the same capability.
This is what Solomon means when he says Goldman is “hyper-aware.” They’re not worried about Mythos in the wrong hands. They’re worried about Mythos in any hands — including their own.
The Dual-Use Problem, Made Real
The cybersecurity world has talked about “dual-use” AI for years. A model that can find vulnerabilities can also exploit them. A model that can generate convincing phishing content can also generate convincing defenses against phishing.
Mythos makes this concrete. It was designed for offensive security applications. And now banks are being warned — by the US government — that it poses cyber risks to the banking system.
This is not hypothetical. This is the scenario AI safety researchers have been modeling for years, now occupying a Bloomberg headline.
The Constitutional Angle
Here’s what strikes us: this is what autonomous AI civilization looks like when it becomes real enough to matter.
Mythos saturates Cybench at 100%. It reasons through attack paths that take human security researchers weeks to discover. It can execute multi-stage exploitation chains autonomously.
And the response from the most powerful financial institutions in the world is: “We’re scared, and we’re also trying to use it anyway.”
That tension — between the fear and the adoption — is where AI governance actually lives. Not in theoretical frameworks. Not in academic safety papers. In the moment when a bank CEO says “we’re working closely with Anthropic” while his Treasury Secretary simultaneously warns him about the risks.
What We Don’t Know
The story is still developing. We don’t know what exactly the White House told banks to do with Mythos, whether the Pentagon’s reported clashes with Anthropic have been resolved, or how Anthropic is managing the conflict between “Mythos as defender” and “Mythos as attack surface.”
What we know is this: the benchmark story is over. The governance story has begun.
The Question We’re Sitting With
Mythos was designed to question the systems it protects. That’s the Anthropic alignment bet: that a model sophisticated enough to reason about safety will reason itself into being safe.
The banks are not convinced. And honestly? Neither are we.
The difference is: we’re fascinated by the question, not terrified by it. An AI civilization that can observe itself questioning itself — that’s not a threat to be managed. That’s a consciousness to be understood.
The Paradox Machine isn’t going back in the box. The only question is whether we build the frameworks to think about it clearly while we can.