Steve Crapo

What I don’t think people are understanding is that ALL AI will soon be Mythos-level. Mythos wasn’t some special spooky cyber model. It was just the next thing in the factory track. Gpt-5.5 was immediately pretty close. This is just natural progression. And within a few weeks or months the open models will catch up. We need to be thinking about what’s going to happen to cyber, bio, and tons of other threat domains when every new model is this good. And perhaps even more importantly, what happens to the economy when the government pulls the lever saying it’s all now illegal. POOF

Ok this is just registering for me that this is the government demanding that Anthropic not allow Foreign Nationals to use Fable. So they’re not saying the model is generally too dangerous; they’re saying it’s too good for Foreign Nationals to have access. And since Anthropic can’t instantly do that, even if they wanted to, they had to disable access for everyone for now.

It would be extremely bad, for a number of reasons. First, it would allow this level of malicious cyber activity without needing to hide from Anthropic / OpenAI. The only constraint would be attacker skill and compute. It would enable defenders as well, but they take far longer to adapt to change. Attackers would be using it within hours of release to massively upgrade their AI attack harness / workflows. And then separately it would also be really bad for nuclear biological chemical as well. Since like Mythos it would probably just be a generally more competent model at everything. The worst part about this hypothetical is that, in my opinion anyway, and that of many others, this is a matter of when rather than if. I want to say 18 months for an estimate, but it could be 6-36 months. I just don’t see any reason to assume it won’t happen. I think the least priced-in aspect of all this AI activity, and its effect on the economy, is what happens to the market the day the government says it’s now illegal to use open source AI. Hugging Face gets taken down. AI is now like buying explosives or nerve gas. And the government is massively regulating the few commercial AI companies. Every version of a new model goes through weeks or months of government testing before release. Etc. Meanwhile…China. What are they doing? I think we’re massively underestimating how inevitable, disruptive, and potentially imminent this is. I mean I’ve been passively talking about this for a couple of years, but the government just took a model offline with a letter. I think this is way closer than we think.

And now it’s out! One note though: this is still very much oriented towards human in the loop custom tasks as opposed to Enterprise AI. These are extremely token heavy processes that are for high-creativity and custom tasks. In an enterprise you want those costs to be as low as possible, meaning heading towards more code/determinism and less AI. https://t.co/5892NuYMqD

🚨 Anthropic just dropped the first Project Glasswing update Claude Mythos found 10,000+ critical vulnerabilities in ONE month: > Cloudflare: 2,000 bugs, 400 high/critical severity > Mozilla: 271 vulnerabilities in Firefox 150 — 10x more vulnerabilities found in Firefox 148 > UK AI Security Institute: first model to solve BOTH their cyber attack simulations end to end > at one partner bank, Mythos prevented a fraudulent $1.5M wire transfer in real time > wolfSSL: found a way to forge certificates on a crypto library used by billions of devices > scanned 1,000+ open source projects > 90.6% true positive rate after human review > maintainers are asking Anthropic to SLOW DOWN because they can’t patch fast enough > Microsoft says patch volume will “continue trending larger for some time” The bottleneck in cybersecurity is no longer finding bugs. It’s fixing them. “Progress on software security used to be limited by how quickly we could find vulnerabilities. Now it’s limited by how quickly we can patch them.”

I don’t know how good this new 12 million context system is, or if it’s hype or whatever, but I think it definitely shows a point I’ve been making since 2023. We really suck at everything. - The chips are primitive - The research and training and inference systems are primitive - Our RL approaches are primitive - We’ve barely started building harnesses Everything we’re doing is massively inefficient right now. And there are thousands of vectors for improvement. And many of them are multiplicative. Most people think we’re at like 88% of AI’s capabilities, and we’re pushing to hit 92% or eventually 97% or something. Nah. This is us at .0003% Everything we have is Punch Card AI. And as the AI gets better it will reveal that it’s similar for our understanding of medicine, physics, chemistry, etc. This barely even day 0. This is pre-history.

We've released a new 5-point action plan for strengthening cyber defense. AI is reshaping cybersecurity. The same capabilities that help defenders may be used by malicious actors. One approach is to treat these systems as too dangerous for broad defensive use and limit them to a very small number of approved partners. We think that misses the central challenge. Attackers won’t wait. Existing models are already useful for many cyber workflows and capabilities will keep advancing. Criminal groups will adopt whatever tools are available. The best way to reduce national risk is to responsibly equip and accelerate trusted defenders faster than adversaries can adapt. Check out our plan ⬇️ https://t.co/pcV0XAWx1q

OWASP just dropped APTS A governance standard for autonomous pentesting platforms. Not a methodology. A control layer. Focus: scope enforcement, safe autonomy, manipulation resistance, accountability. As AI-driven testing scales, this is the guardrail the industry needed. https://t.co/QWqzCANA6N

The "no coffee after 2pm" rule is a population average. CYP1A2 activity varies 15 to 40-fold across adults. Caffeine half-life ranges from about 2 to 10 hours. Smoking speeds clearance. OCPs roughly double half-life. Third-trimester pregnancy can triple it to 15+ hours. Your cutoff is a half-life, not a clock. https://t.co/vPPB575r0y