If Mythos is too dangerous, we will soon have a much bigger problem

The global shutdown of Anthropic’s ‘Mythos’ and ‘Fable’ frontier models on 12 June 2026 illustrates the fundamental governance debate. What began as a limited release programme ended in a regulatory shutdown, prompting speculation as to whether usage bans are an effective way of managing AI risks.
Anyone working in a regulated industry knows this reflex all too well: something is too powerful, so access is controlled. And rightly so. However, this precedent highlights that external access controls alone are no longer a reliable foundation. In order to protect critical core systems, organisations must strengthen their own technological capabilities and integrate defence mechanisms directly into their architectures.
What is Mythos 5 and why was the model banned?
The ‘Mythos’ frontier model, developed by Anthropic, possesses capabilities that were previously considered purely hypothetical. It can identify unknown vulnerabilities independently, write functional exploits and execute complex cyber operations with minimal human intervention. Such capabilities were long deemed too dangerous for public release.
To manage these risks, Anthropic initially pursued a two-stage approach:
- Project Glasswing: Access to the unfiltered original weights of Mythos remained restricted to a closed circle of around 50 vetted industry partners.
- ‘Fable’: For the general public, Anthropic provided a safeguarded variant designed to be prevented by downstream filters and classifiers from operating in high-risk areas such as cybersecurity.
The trigger for the global shutdown
In practice, this security architecture only lasted a few days. Although Fable shares Mythos’s architecture, it also incorporates classifiers designed to block responses in high-risk domains. However, security researchers bypassed this protective concept using a simple method. They asked Fable 5 to analyse a specific codebase and patch its vulnerabilities. In the process of carrying out this seemingly defensive task, the model activated its offensive capabilities and exposed the security flaws.
In response, Commerce Secretary Howard Lutnick instructed Anthropic CEO Dario Amodei in a letter to disable both models for all foreign nationals, including foreign-born employees, regardless of their location. As selective implementation was impractical, Anthropic shut down both models globally.
Where classical regulation reaches its limits
The government’s concerns are entirely justified. The current debate centres on the fundamental question of whether highly advanced frontier models should be deployed outside of strict controls at all. This caution is particularly understandable for systems that exhibit pronounced strengths in sensitive areas such as cybersecurity or biologically relevant information. The debate touches on the two areas of risk where biological weapons and large-scale cyberattacks could cause irreversible damage: a single mistake could have catastrophic consequences. Those who dismiss these concerns as hysteria are ignoring the dramatic escalation in technological development over the last two years.
The current control framework has a real impact on at least part of the problem. Central control points exist with major providers. However, the system relies on the physical accountability of these actors.
Central control points: API access leaves traces, allowing suspicious behaviour to be detected and blocked. A provider with a registered office and a board of directors is liable and regulatorily accountable. This is precisely the familiar ground for IT decision-makers.
BIS Framework (January 2025): The BIS framework ‘Framework for AI Diffusion’ created its own control class for frontier model weights. ECCN 4E091 covers closed weights trained with more than 1026 computing operations, making their export from the US subject to mandatory licensing.
Executive Order (2 June 2026): The US government signed the order ‘Promoting Advanced Artificial Intelligence Innovation and Security’. It requests developers to submit their most advanced models for voluntary regulatory review 30 days prior to release.
Together, these two measures form a coherent system: strict export controls regulate the international dissemination of the most dangerous models, while domestic policy relies on cooperation and involves the responsible developers. This model works as long as cutting-edge capability and institutional responsibility reside in the same place. But this is precisely what makes the debate incomplete if it ignores the technological reality of decentralisation.
The control deficit: Why model weights cannot be retrieved
The problem lies in the system’s reach. Open-source models currently lag behind in terms of performance. However, what is only possible today with a frontier model could be available in the form of an open-source model, a specialised fine-tuned model or a locally executable variant within 6 to 12 months. The gap is narrowing. The line of control remains drawn around closed-weight providers, while capability is leaking out underneath.
This problem already exists to some extent today. Uncensored models run locally without a central API, provider monitoring or effective access control. No licensing framework can access a file on a private hard drive. This dramatically lowers the barrier to entry.
Anthropic’s own objection to the order is revealing. The company complied with the order, but disputed its basis. They argued that the alleged jailbreak vulnerability was trivial and, in any case, could be reproduced using other publicly available models, such as GPT-5.5. If banning one model can be bypassed using a second, freely available model, then the ban merely addresses the symptom rather than the cause.
The structural shift in governance
Dangerous knowledge is no longer confined to isolated forums or the dark web. Locally run, uncensored models can structure and simplify it, so that technical background knowledge barely matters anymore.
For the governance logic of regulated industries, this represents a structural shift. Our tools are based on a point of reference, such as a provider, a contract or an interface. However, this point dissolves as soon as the model weight leaves the controlled sphere. The critical difference lies in the reversibility of control:
- API access can be blocked.
- A company can be regulated.
- A globally copied model weight, on the other hand, can hardly be recaptured.
This third line is a technical property. If you close down a provider, the product remains gone. However, if you distribute open weights globally, they persist on tens of thousands of computers. Once a file has been copied, it cannot be recalled.
Abliteration as the permanent removal of safety filters
Furthermore, existing safety mechanisms can be stripped from open models retroactively. Abliteration is a post-training technique that permanently removes a language model’s refusal behaviour by orthogonalising the weights against the so-called “refusal direction” in the activation space. This is a permanent modification to the model itself, in which the capabilities are largely preserved. Pre-release vetting takes effect before publication. Abliteration takes effect afterwards.
Ordinarily, I would not mention such a tool by name, but with around 24,800 GitHub stars and approximately 2,660 forks, Heretic is no longer a secret. The open-source tool, published in September 2025 by Philipp Emanuel Weidmann, automates exactly this intervention. Heretic is merely the most visible representative of an entire genus: over 1,000 abliterated variants have already been published on Hugging Face, derived from Llama, Qwen, Mistral, Gemma, and DeepSeek, often within hours of release.
A closed weight can be placed under export control. Once copied and distributed globally, an open weight is practically impossible to recall. Therefore, regulation precisely addresses the part of the problem that can still be addressed, but fails to reach the part that is currently evading resolution. This is not a weakness of the individual measure. Rather, it reveals the structural weakness of any prohibition logic, as open weights cannot be held back by any export classification or pre-release vetting.
The consequence for IT managers
The protective mandate is changing significantly for organisations responsible for digital core systems. Simply blocking access to dangerous models or relying on the integrity of cloud filters is an inadequate strategy. Strong offensive AI capabilities are widely available and cannot be banned.
The response must not be one of hysteria or technological resignation, but rather a realignment of security architecture. For IT decision-makers, this means transitioning to a zero-trust model for AI interactions.
- Assumption of a constant threat: Security architectures must assume that potential attackers already have unrestricted access to optimised, uncensored leading-edge models.
- Focus on defensive resilience: If attackers conduct automated vulnerability scanning, defenders must secure, patch, and monitor their own systems in an equally automated manner.
- Regulatory compliance as a baseline: Frameworks such as DORA (Digital Operational Resilience Act) or NIS2 already require robust operational concepts that remain functional even under extreme conditions. Compliance must not be a bureaucratic tick-box exercise, but must serve as the technological foundation for genuine sovereignty.
Securing digital sovereignty
Companies in regulated industries in particular should not depend on the security promises of external API providers. The ‘Mythos’ case demonstrated how swiftly geopolitical decisions can disrupt global supply chains in artificial intelligence. Digital sovereignty therefore means establishing controllable, resilient AI infrastructures that comply with strict European data protection and auditability requirements.
If Mythos is too dangerous to be operated openly, then the ban is not the real message. The key takeaway is that uncensored AI capabilities are already in circulation. Rather than hoping for ineffective bans, companies must strengthen their core systems against autonomous attacks.
Contact
Are you looking for an experienced and reliable IT partner?
We offer customised solutions to meet your needs – from consulting, development and integration to operation.
References
The release of Mythos and Fable and US export controls (12–13 June 2026)
- Anthropic: Statement on the US government directive to suspend access to Fable 5 and Mythos 5
https://www.anthropic.com/news/fable-mythos-access
Retrieved on 15 June 2026 - Fortune: Anthropic disables Fable and Mythos AI models after U.S. bars foreigner access
https://fortune.com/2026/06/13/anthropic-disables-fable-mythos-export-controls-national-security-threat/
Retrieved on 15 June 2026 - Al Jazeera: US orders Anthropic to disable AI models for all foreign nationals
https://www.aljazeera.com/news/2026/6/13/us-orders-anthropic-to-disable-ai-models-for-all-foreign-nationals
Retrieved on 15 June 2026 - Quartz: Anthropic disables Claude Fable 5 and Mythos 5 after U.S. export order
https://qz.com/anthropic-fable-5-mythos-5-export-control-directive-061226
Retrieved on 15 June 2026 - Tom’s Hardware: US export-control order forces Anthropic to disable Claude Fable 5 and Mythos 5 worldwide
https://www.tomshardware.com/tech-industry/artificial-intelligence/us-export-control-order-forces-anthropic-to-disable-claude-fable-5-and-mythos-5-worldwide
Retrieved on 15 June 2026 - Snyk: What the Fable 5 and Mythos 5 suspension means for security teams
https://snyk.io/blog/fable-mythos-suspension-security-takeaways/
Retrieved on 15 June 2026
Mythos as a frontier model and Project Glasswing
- Just Security: Too Dangerous to Deploy: Anthropic’s Mythos and What Comes Next
https://www.justsecurity.org/138011/too-dangerous-anthropic-mythos/
Retrieved on 17 June 2026 - World Economic Forum: Anthropic’s Mythos moment: how frontier AI is redefining cybersecurity
https://www.weforum.org/stories/2026/04/anthropic-mythos-ai-cybersecurity/
Retrieved on 17 June 2026 - CrowdStrike: Mythos Is a Wake-Up Call: Five Steps to Prepare for Frontier AI
https://www.crowdstrike.com/en-us/resources/crowdcasts/mythos-is-a-wakeup-call-five-steps-to-prepare-for-frontier-ai/
Retrieved on 17 June 2026
Regulation: AI Diffusion Framework and Executive Order
- Council on Foreign Relations: Assessing Trump’s Executive Order on AI Oversight
https://www.cfr.org/articles/assessing-trumps-executive-order-on-ai-oversight
Retrieved on 17 June 2026 - Crowell & Moring: Executive Order Creates Voluntary Regulatory Regime of Frontier AI Models
https://www.crowell.com/en/insights/client-alerts/executive-order-creates-voluntary-regulatory-regime-of-frontier-ai-models
Retrieved on 17 June 2026
Abliteration and Heretic
- GitHub: p-e-w/heretic: Fully automatic censorship removal for language models
https://github.com/p-e-w/heretic
Retrieved on 19 June 2026 - Hugging Face / Maxime Labonne – Uncensor any LLM with abliteration
https://huggingface.co/blog/mlabonne/abliteration
Retrieved on 19 June 2026
You are currently viewing a placeholder content from Hubspot Embedded Content. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More InformationYou are currently viewing a placeholder content from HubSpot. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More InformationYou are currently viewing a placeholder content from Hubspot Meetings. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More Information