The internet just blew up with articles and reactions to Anthropic’s new Claude Mythos Preview model, and the tone is almost apocalyptic. The headlines are understandable. According to Anthropic’s own technical disclosure, Mythos was able to identify and exploit zero-day vulnerabilities in every major operating system and every major web browser tested, including bugs that had remained undetected for decades. Anthropic says the model found a now-patched 27-year-old OpenBSD bug, autonomously chained multiple vulnerabilities into working exploits, and performed far beyond its previous public models on exploit-development benchmarks. Because of that, Anthropic chose not to release Mythos publicly and instead restricted access through Project Glasswing, a defensive-security initiative involving companies such as Apple, Microsoft, Google, Amazon Web Services, Cisco, CrowdStrike, JPMorganChase, NVIDIA, Palo Alto Networks, and the Linux Foundation.
This is not just another AI product launch. It is a warning shot about the fragility of a civilization that has made itself totally dependent on digital systems while neglecting the value of physical fallback mechanisms. The Guardian rightly framed Mythos as a threat whose implications extend far beyond the users who will ever touch the model directly, because cyberattacks are no longer merely digital events. Airports, hospitals, transport networks, banks, and public services all now depend on software layers that bridge code and physical reality. Once those layers are compromised, the damage does not remain on screens. It spills into bodies, infrastructure, logistics, and public order.
That is why the Mythos story should not only be read through the usual AI-safety vocabulary of alignment, model evaluation, and controlled release. It should also be read as a design critique of the world we have built. The deeper problem is not only that AI can now help discover and weaponize vulnerabilities at unprecedented speed. It is that we have designed too many systems on the assumption that digital control is enough. We have built a world in which everything is connected, always on, remotely manageable, software-defined, and often stripped of any meaningful physical override.
Anthropic’s own framing makes clear that we are entering a transitional period in which attackers may benefit from these capabilities before defenders fully adapt. Their researchers explicitly describe this as a watershed moment for cybersecurity and warn that the short-term equilibrium could favor offensive actors if frontier labs are not careful. In other words, the risk is not speculative. Even if Anthropic is overstating some capabilities, both the documented examples and the extraordinary defensive mobilization around Project Glasswing suggest that something important has changed.
The Atlantic captured the geopolitical scale of the issue well: what was once the domain of elite state-backed hacking teams now appears to be moving into the hands of private AI companies, and soon perhaps far beyond them. The article also notes one of the most unsettling aspects of the Mythos story: this is likely not a singular anomaly. Other labs are likely close behind. So the real question is no longer whether one company acts responsibly, but whether our digital infrastructure is designed to remain governable when software intelligence becomes both more autonomous and more adversarial.
This is where the conversation needs to return to basics. We have gone too far down the digital rabbit hole and forgotten the radical intelligence of analog design.
Take the smartphone. In many modern devices, connectivity can only be disabled through the software interface itself. Airplane mode is not a physical severing of communication pathways; it is a menu option mediated by the same digital logic stack you are trying to mistrust in a crisis. Batteries are sealed, power buttons often route through software menus, and meaningful control over radio functions has been abstracted away from the user. In normal conditions, this feels elegant. In abnormal conditions, it is absurd. In case of a major security breach, your only option is to frantically search for a pin to remove your SIM card, and unplugging any WiFi your phone can connect to.
The same logic has spread everywhere: connected cars, home assistants, cameras, toys, locks, industrial interfaces, even critical enterprise systems. We have relentlessly optimized for seamlessness, remote management, telemetry, and data extraction, while underinvesting in selective disconnection, local autonomy, and hard physical interruption points. Mythos does not create that design failure. It reveals it.
The proper response, then, is not to romanticize a pre-digital past or imagine that every system needs a giant red “off” switch. It is to recover the importance of circuit breakers. In electrical systems, circuit breakers do not abolish complexity; they prevent it from cascading into catastrophe. In human physiology, panic does not continue escalating forever because the body imposes limits on the brain’s runaway loops. In technological systems, we need the equivalent: dedicated, local, non-bypassable controls that can interrupt digital spirals when software becomes unreliable, compromised, or simply too powerful to trust in real time.
That means rethinking connectivity itself. Not every connected object needs to be online 24/7. Some should default to offline operation, with internet access activated only when necessary. Others should privilege local-area networking over cloud dependency. Some should use segmented architectures, where remote visibility does not imply remote control. In vehicles, for instance, route calculation, diagnostics, and software updates need not imply permanent exposure of critical functions to remote attack surfaces. Mesh networking connectivity could be the solution for autonomous cars, in order to ensure they communicate within a radius of 100 meters or so about traffic conditions and hazards. In toys, appliances, or household devices, many “smart” functions could be performed locally or over local networks without continuous internet dependence. Anthropic’s Mythos moment should sharpen our awareness that permanent connectivity is not neutral convenience. It is exposure.
It also means reintroducing physical control surfaces. Devices with meaningful risk profiles should include hardware-level ways to cut connectivity, isolate subsystems, or revert to trusted baseline functionality. This is especially important for systems whose compromise has bodily or infrastructural consequences: transport, energy, health, industrial controls, and home security. The market has often moved in the opposite direction, removing buttons in the name of aesthetic minimalism and platform lock-in. But a physically actuated control is not nostalgia. It is governance embodied in matter.
There is an uncomfortable economic truth beneath all this. Many companies prefer always-on connectivity because their business model depends on continuous data collection, remote dependence, and centralized control. A world of devices that can be disconnected, locally operated, or manually reverted is less profitable for firms that want constant streams of behavioral data and software-mediated leverage over users. That incentive structure has pushed design in precisely the wrong direction: away from resilience and toward extractive dependence.
The Mythos story therefore should not only trigger a race to patch software. It should trigger a broader re-evaluation of how we design the boundary between digital intelligence and physical control. Better firmware, more open-source review, stronger red-teaming, and faster patching all remain essential. Anthropic is right to mobilize defenders through Project Glasswing, and the reported urgency has already been great enough to prompt high-level concern among major financial institutions and U.S. officials. But software-only answers to software-created systemic fragility will not be enough on their own.
Claude Mythos matters not only because it may accelerate cyber offense and defense. It matters because it exposes the underlying philosophical error of the digital age: the belief that ever more software mediation automatically equals more control. Often it means the opposite. Often it means that when the digital layer fails, there is nothing left beneath it that ordinary humans can still govern directly.
That is why the lesson of Mythos is, in part, an analog one. In a world of increasingly capable AI systems, the humble physical button may become politically and technically important again. Not as a crude kill switch for civilization, but as a granular circuit breaker: a way of reasserting bounded human control when digital logic begins to outrun the systems meant to contain it.
by Martin Schmalzried , AAIH Insights – Editorial Writer
Top comments (0)