Why Washington is underreacting to AI security models

Washington is underreacting to AI security models like Anthropic’s Mythos.

Washington is treating AI security models as another policy footnote, but they are already a force multiplier for offense. Anthropic said Mythos had found thousands of high-severity vulnerabilities, including in every major operating system and web browser, which is not a lab curiosity. It is a signal that the next wave of model capability will not just draft text or write code; it will compress the time between flaw discovery and exploitation. That changes the stakes for regulators, enterprises, and anyone who still thinks “AI safety” is mostly about chatbots saying the wrong thing.

AI security models make vulnerability discovery scale like software, not like talent

The first reason Washington should take these systems seriously is simple: they industrialize bug hunting. A skilled human researcher can spend days or weeks chasing one chain of logic, while a model that can scan, reason, and iterate across huge codebases can surface candidates at machine speed. Anthropic’s claim that Mythos has already found thousands of high-severity vulnerabilities points to a step change, not a marginal improvement. When the output is measured in thousands, the question stops being whether a model can help security teams and becomes whether attackers will use the same tooling first.

This is not theoretical. Security teams already use automation for scanning and triage, and the best defenders know that scale matters more than heroics. The difference now is that a frontier model can combine pattern recognition, code comprehension, and rapid iteration in one system. That means the advantage goes to whoever can run more searches, test more hypotheses, and chain more findings into exploit paths. Washington should read that as a warning about asymmetric capability: one well-tuned model can do the work of a room full of analysts, and the same room full of analysts is not guaranteed to stay ahead.

The policy problem is not hype, it is dual use

The second reason is that the same capacity that helps defenders helps attackers. If a model can identify weak points in browsers, operating systems, or application stacks, it can also help an adversary prioritize targets, refine payloads, and accelerate exploitation. That dual use is exactly why the Mythos announcement matters politically. It is easy for policymakers to dismiss model demos as vendor theater. It is harder to dismiss a system that is described as finding high-severity vulnerabilities across core infrastructure, because that begins to look like strategic capability rather than product marketing.

We have seen this pattern before with other general-purpose technologies: the first useful deployment becomes the first dangerous deployment. The policy mistake is to regulate only visible misuse after the fact. That is too slow for a capability that can be copied, fine-tuned, or wrapped into agentic workflows. Washington should focus on the parts of the stack that create leverage: access to exploit research, model evaluation against live systems, and the governance of deployments that can move from bug discovery to exploit generation in a single workflow. If the model can think like a researcher, the policy regime must assume it can be repurposed like one.

Security gains are real, but they do not cancel the risk

The strongest counter-argument is that models like Mythos will strengthen defense more than offense. That view has merit. Most organizations are under-resourced, most software ships with flaws, and any tool that finds vulnerabilities faster can help reduce exposure. A model that uncovers issues in browsers and operating systems could improve patching, hardening, and code review at a pace humans cannot match. If the model is deployed inside a disciplined security program, the net effect can be safer systems.

That case is real, but it does not settle the policy question because security gains do not neutralize capability diffusion. The same model that helps a Fortune 500 security team can help a criminal group, a state-backed operator, or a freelance exploit broker once the method spreads. The right response is not to block defensive use. It is to insist on controls that separate defensive evaluation from open-ended offensive assistance, and to require serious auditing before these systems are allowed to operate at scale. The limit is obvious: if you want the benefits, you must also enforce containment.

What to do with this

Engineers, PMs, and founders should stop treating AI security models as a niche research story and start treating them like infrastructure with blast radius. If you build with these systems, define the allowed workflow, log every high-risk action, and keep human approval in the loop for anything that could become an exploit chain. If you buy them, ask whether the vendor can show evaluation results, access controls, and abuse monitoring, not just benchmark wins. And if you are in Washington, write policy for dual use now, before the market normalizes a model that can find thousands of serious flaws faster than most teams can patch them.