Anthropic just released Mythos, a model built specifically for cybersecurity tasks - and immediately restricted who can use it. Rather than offer it through the standard API, the company is limiting access to vetted organizations rather than making it broadly available.
The dual-use problem makes this a reasonable call, even if it frustrates practitioners. A model trained to reason about vulnerabilities, malware behavior, and attack chains is useful to defenders trying to harden their own systems. It's equally useful to anyone trying to compromise someone else's. Anthropic has consistently positioned itself as more cautious than competitors on these risk categories, and Mythos follows that pattern.
What makes a dedicated security model worth building is the specialization gap in existing tools. Claude and other general-purpose models can discuss security concepts, review code for obvious flaws, and explain common attack patterns. What they struggle with is the specialized reasoning security professionals actually need - chaining together vulnerability classes, reasoning about exploit conditions, and working fluently with the technical vocabulary of frameworks like MITRE ATT&CK (a structured catalog of how attackers operate). A model trained specifically on security data should close that gap meaningfully.
What Restricted Access Means in Practice
Practically, this creates a two-tier security AI market. Large enterprises with established Anthropic relationships will get Mythos access first. Independent security researchers, smaller penetration testing firms, and individual practitioners will either wait or continue using general-purpose models with security-specific prompting - which is what most of them are doing today anyway.
The bigger open question is whether access ever broadens. Anthropic hasn't outlined public criteria for what would justify wider distribution. Without that clarity, Mythos risks becoming a capability that stays out of reach for the practitioners who could most benefit from it - a different kind of failure than releasing it without guardrails.
For the security teams that do get access, this represents a shift from treating AI as a general assistant you coax into security work, to using a tool actually designed for it.