I've been brewing on this topic since Mythos preview was announced. As Mythos got finally released, then banned, then released again under U.S. government control, it was time to finally flesh it out and use it as a way to exit the lurker-zone on HN !
I was actually pleased to see OpenAI openly (although timidly) complaining about the situation in their latest announcement, framing it as an unsustainable system.
One can only guess the outrage in the news if the Chinese government had been the first to pull this kind of stunt.
> outrage in the news if the Chinese government had been the first to pull this kind of stunt.
I suspect that the Chinese government "pulls this kind of stunt" often but just nobody ever hears about it because their society is not free to complain about such a thing publicly.
You also have government apparatchiks influencing almost every corporate board, not just the state owned enterprises. Every private company that employs at least 3 CCP members is required by law to form a party committee within the company to represent party interests. In smaller companies, they will often simply coordinate with local governments on securing permits, etc, but I’m sure national party leadership communicates directly with the committees at the AI labs.
> I’m sure national party leadership communicates directly with the committees at the AI labs
They do now.
Top AI researchers in China are barred from getting an exit visa [0] (the PRC has done this for other employees as well such as Foxconn China employees who were working on shifting Apple supply chains to India [1]), and "AI Safety" from a national security perspective has been codified as party policy now [2].
The leading Chinese AI labs are also shifing away from open-source AI for commercial reasons, as can be seen with the org changes at Alibaba with the axing of the Qwen team [3][4].
That said, these are called out but it's all in Putonghua and no one on HN actively reads or follows what happens within China. I've noticed most HNers now source information from Reddit which has been dealing with DRAGONBRIDGE deluge for a couple years now, and I've noticed similar tactics being applied on HN as well.
In all honesty, I've found HN's noise to signal ratio to have tanked severely since 2022. Silver lining is that less people that matter are using it as much, so the IW impact is limited.
Democracy cannot be taken for granted. There are always tendencies to drift toward authoritarian. China is authoritarian, full stop. They are capitalism, not communism, but authoritarian. Keep that in mind when discussing what come out of China.
The fear porn around this all has been horrible. I work in Cybersecurity and Mythos is all the vendors will talk about because they want to sell something. It started the day of the announcement which is what told me it was all BS. They had no information about it yet would happily tell me about all their solutions for it.
Anyone in my profession worth a damn will tell you the vast majority of security issues are related to bad configurations and bad practices + accidents and bad luck. Vulnerable software is a problem but basic defense in depth will either mitigate or drastically reduce attack surface. Mythos does nothing to change that.
The technical debt at companies is the largest security threat. That, and layer 8 which is the people factor. The amount of silliness I've seen from people and companies as a whole is truly hard to verbalize. I've seen banks that gave every employee from the janitor up to the CEO domain admin access due to a crappy application that was written in 2004 that they never updated. I've seen a fortune 250 company write its own internal routing protocol that was basically clear text traffic that dated back to the 1990's and was never retired because, why not. I've seen contractors infect entire fab's in the chip industry because they plugged an infected USB stick into a 30 year old tool that hadn't seen an update in over 20. Then when the fab came back up, they did it again the next day.
Ultimately, Mythos is just another tool in the toolbox. It's great to find new vulns but it is incredibly short sighted to think it will move the needle in any meaningful way in the security industry.
We already are using software that is ancient, with many vulnerabilities that are already in the public, we already use insecure software more than we care to admit, if Mythos is gonna help with that, it's gonna make finding (not discovering) these vulnerabilities easier because it already has the knowledge, but the enough intellect to come up with new ones.
Same applies for other LLMs
Forget whether it is Mythos or GPT 5.6, or any other specific model. SOTA models have tool likely have the knowledge and capability to create zero days from nearly every discovered and many undiscovered vulnerabilities. In the wrong hands can deploy and generate malware and submarine code that would go undetected behind secured systems. Add in the ability to clone voices, create mass social engineering campaigns.
Yet "Just another tool in the toolbox." I mean, that's not wrong!
- June 1st 2026: Anthropic files S-1 paperwork with SEC to get ready for IPO
- June 2nd 2026: Anthropic annouces expanding "Project Glasswing" to let people use their new model to enhance security of existing systems
- June 9th 2026: Anthropic releases Mythos model
- June 12th 2026: Model gets export regulations placed on it by US Gov
- June 26th 2026: US gov announces they will let some companies use new model
- August 2026: Anthropic goes IPO
The timing of all of this just seems to be a play to pump the stock. The reality is that in six months GLM-5.3 will be released open source with comparable functionality to their Mythos model. They are trying to cash in before that happens.
I would not be surprised if the US government, the people pulling the strings who actually put the export announcements onto Anthropic, actually have purchased stock in the company to artificially pump up the stock, I would bet money on it.
The actual story here: The Trump administration is going to choose which organizations get access to which AI models when.
This will establish an asymmetry where the chosen organizations get to secure their stuff and break other people’s systems with each new model release.
If you believe the “good guys” will be the ones given asymmetric offensive access, then you’re either severely misinformed or support things like ethnic cleansing (which these models are already being used for).
Mythos’ slightly higher performance is a nothing burger. It is not even the current top model. According to anthropic, gpt 5.5 is!
Personally, I’m switching to open weight models asap, and probably will start sending money to Chinese vendors since they have values more compatible with western democracy.
I tend to agree but open weight model seem to still be lagging behind in terms of capacity, even the recent ones like GLM 5.2. If anything I hope the sudden, unpredictable changes of policy will make EU companies think twice before putting all their eggs in the same AI vendors's basket, all US based. Vendors coming back on their retention policies like they did with Fable 5 or plainly cutting the service without notice should be a gigantic red flag about your business continuity.
It's maddening how the corporate world can get shy of using any of those Chinese models, just because they are Chinese. This kind of FUD makes little sense when the inference is done in-house or by an EU/US cloud provider.
Companies have never secured their stuff and it's not because they didn't have access to Mythos. No one cares and breaches don't cost them money or customers. If I sound cynical it's because I am.
There's no functional difference between
"Hey npm says this is vulnerable, we need to fix it!" /
"Nah, later."
and
"Hey Mythos says this is vulnerable, we need to fix it!" /
"Nah, later."
The genie is out of the bottle, folks. You can find some pretty good vulnerabilities even with models like Deepseek V4 Flash.
I've been brewing on this topic since Mythos preview was announced. As Mythos got finally released, then banned, then released again under U.S. government control, it was time to finally flesh it out and use it as a way to exit the lurker-zone on HN !
"Released" is doing some heavy lifting here.
Fair, let's say a heavily staggered come back.
I was actually pleased to see OpenAI openly (although timidly) complaining about the situation in their latest announcement, framing it as an unsustainable system.
One can only guess the outrage in the news if the Chinese government had been the first to pull this kind of stunt.
> outrage in the news if the Chinese government had been the first to pull this kind of stunt.
I suspect that the Chinese government "pulls this kind of stunt" often but just nobody ever hears about it because their society is not free to complain about such a thing publicly.
You also have government apparatchiks influencing almost every corporate board, not just the state owned enterprises. Every private company that employs at least 3 CCP members is required by law to form a party committee within the company to represent party interests. In smaller companies, they will often simply coordinate with local governments on securing permits, etc, but I’m sure national party leadership communicates directly with the committees at the AI labs.
> I’m sure national party leadership communicates directly with the committees at the AI labs
They do now.
Top AI researchers in China are barred from getting an exit visa [0] (the PRC has done this for other employees as well such as Foxconn China employees who were working on shifting Apple supply chains to India [1]), and "AI Safety" from a national security perspective has been codified as party policy now [2].
The leading Chinese AI labs are also shifing away from open-source AI for commercial reasons, as can be seen with the org changes at Alibaba with the axing of the Qwen team [3][4].
That said, these are called out but it's all in Putonghua and no one on HN actively reads or follows what happens within China. I've noticed most HNers now source information from Reddit which has been dealing with DRAGONBRIDGE deluge for a couple years now, and I've noticed similar tactics being applied on HN as well.
In all honesty, I've found HN's noise to signal ratio to have tanked severely since 2022. Silver lining is that less people that matter are using it as much, so the IW impact is limited.
[0] - https://www.bloomberg.com/news/articles/2026-05-26/china-exp...
[1] - https://www.bloomberg.com/news/articles/2025-01-17/china-mov...
[2] - http://theory.people.com.cn/n1/2026/0616/c40531-40741238.htm...
[3] - https://m.guancha.cn/economy/2026_06_12_820253.shtml
[4] - https://www.ft.com/content/b39da303-3188-447b-8b65-3dd8dad8b...
> their society is not free to complain about such a thing publicly
wuh?
It seems our government still has a lot to learn.
Ah so you can see the future of discourse in the US
Democracy cannot be taken for granted. There are always tendencies to drift toward authoritarian. China is authoritarian, full stop. They are capitalism, not communism, but authoritarian. Keep that in mind when discussing what come out of China.
We actively take it for granted in the US AND we’re actively watching it slip away. No one seems to give a shit.
This is a great read! I never realized the scale of the effort to find that BSD vulnerability- helps put things in perspective
So funny both this and https://news.ycombinator.com/item?id=48698617 are on the front page at the same time.
Comments are saying the vulns in that thread aren’t very impressive.
Those look like mostly nonsense/trivial findings
But what if Opus 7.1 is real smart - as what Mythos was promised to be?
Or an Opus 9.0
Will Cybersecurity ever start to be an issue?
The fear porn around this all has been horrible. I work in Cybersecurity and Mythos is all the vendors will talk about because they want to sell something. It started the day of the announcement which is what told me it was all BS. They had no information about it yet would happily tell me about all their solutions for it.
Anyone in my profession worth a damn will tell you the vast majority of security issues are related to bad configurations and bad practices + accidents and bad luck. Vulnerable software is a problem but basic defense in depth will either mitigate or drastically reduce attack surface. Mythos does nothing to change that.
The technical debt at companies is the largest security threat. That, and layer 8 which is the people factor. The amount of silliness I've seen from people and companies as a whole is truly hard to verbalize. I've seen banks that gave every employee from the janitor up to the CEO domain admin access due to a crappy application that was written in 2004 that they never updated. I've seen a fortune 250 company write its own internal routing protocol that was basically clear text traffic that dated back to the 1990's and was never retired because, why not. I've seen contractors infect entire fab's in the chip industry because they plugged an infected USB stick into a 30 year old tool that hadn't seen an update in over 20. Then when the fab came back up, they did it again the next day.
Ultimately, Mythos is just another tool in the toolbox. It's great to find new vulns but it is incredibly short sighted to think it will move the needle in any meaningful way in the security industry.
We already are using software that is ancient, with many vulnerabilities that are already in the public, we already use insecure software more than we care to admit, if Mythos is gonna help with that, it's gonna make finding (not discovering) these vulnerabilities easier because it already has the knowledge, but the enough intellect to come up with new ones. Same applies for other LLMs
Forget whether it is Mythos or GPT 5.6, or any other specific model. SOTA models have tool likely have the knowledge and capability to create zero days from nearly every discovered and many undiscovered vulnerabilities. In the wrong hands can deploy and generate malware and submarine code that would go undetected behind secured systems. Add in the ability to clone voices, create mass social engineering campaigns.
Yet "Just another tool in the toolbox." I mean, that's not wrong!
You think this is not happening with open weight models?
it all looks suspicious:
The timing of all of this just seems to be a play to pump the stock. The reality is that in six months GLM-5.3 will be released open source with comparable functionality to their Mythos model. They are trying to cash in before that happens.I would not be surprised if the US government, the people pulling the strings who actually put the export announcements onto Anthropic, actually have purchased stock in the company to artificially pump up the stock, I would bet money on it.
The actual story here: The Trump administration is going to choose which organizations get access to which AI models when.
This will establish an asymmetry where the chosen organizations get to secure their stuff and break other people’s systems with each new model release.
If you believe the “good guys” will be the ones given asymmetric offensive access, then you’re either severely misinformed or support things like ethnic cleansing (which these models are already being used for).
Mythos’ slightly higher performance is a nothing burger. It is not even the current top model. According to anthropic, gpt 5.5 is!
Personally, I’m switching to open weight models asap, and probably will start sending money to Chinese vendors since they have values more compatible with western democracy.
I tend to agree but open weight model seem to still be lagging behind in terms of capacity, even the recent ones like GLM 5.2. If anything I hope the sudden, unpredictable changes of policy will make EU companies think twice before putting all their eggs in the same AI vendors's basket, all US based. Vendors coming back on their retention policies like they did with Fable 5 or plainly cutting the service without notice should be a gigantic red flag about your business continuity.
It's maddening how the corporate world can get shy of using any of those Chinese models, just because they are Chinese. This kind of FUD makes little sense when the inference is done in-house or by an EU/US cloud provider.
Companies have never secured their stuff and it's not because they didn't have access to Mythos. No one cares and breaches don't cost them money or customers. If I sound cynical it's because I am.
There's no functional difference between
"Hey npm says this is vulnerable, we need to fix it!" / "Nah, later."
and
"Hey Mythos says this is vulnerable, we need to fix it!" / "Nah, later."