Two events this past week put the AI industry’s central tension on full display — and together they raise a question that every CISO, policymaker, and strategic technologist needs to sit with: what does it mean to withhold a dangerous AI model when your competitors are open-sourcing theirs?

On April 7, Anthropic announced the existence of Claude Mythos — a model the company described as a “watershed moment for cybersecurity.” It said the model could identify and exploit zero-day vulnerabilities across every major operating system and web browser. Some of the flaws it had already surfaced had gone unnoticed for decades. Mythos, Anthropic concluded, was too dangerous to release publicly. Only a curated set of partners — Apple, Goldman Sachs, select government agencies — would get access through a controlled program called Project Glasswing.

Then, on April 24, China’s DeepSeek released DeepSeek-V4-Pro to the world. Open source. Free to download. 1.6 trillion parameters. “World-class” reasoning. Best-in-class agentic coding capability among open-source models. Performance on coding benchmarks described as “comparable to GPT-5.4.” One million token context window. And built with tight integration to Huawei’s domestic chip infrastructure — a direct workaround to U.S. export controls.

Read in sequence, these two events illuminate a strategic paradox that the United States has not yet found an answer to.

What Mythos Actually Is

Anthropic’s Mythos announcement was deliberately understated — the company published through its safety research arm, not a product launch page. The message was: we built something we’re not going to release because we’re responsible.

According to reporting from The Guardian, Mythos represents what the UK’s AI Security Institute called “tangible evidence of the disruptive capabilities of advanced AI.” It doesn’t just find vulnerabilities. It finds zero-days — previously unknown flaws — across operating systems and browsers, and can theoretically be used to exploit them on demand. The concern isn’t just scale, it’s specificity: an attacker with access to Mythos wouldn’t need a team of elite security researchers. The model itself is the team.

Anthropic’s caution was immediately stress-tested. Within days of Project Glasswing launching, the company confirmed it was investigating a report that a small group of users in a private online forum had gained unauthorized access to the model. The fear Anthropic had designed around had already materialized — in the first week.

Reuters reported that global banks are now in close contact with European financial regulators to assess what Mythos-class capabilities mean for financial system resilience. Central banks have opened emergency review processes. The U.S. government is reportedly planning to provide a version of Mythos to major federal agencies. The model has become, simultaneously, a tool for defenders and a case study in the limits of responsible disclosure.

What DeepSeek V4 Actually Is

Three days after the Mythos leak story broke, DeepSeek dropped V4.

The model comes in two versions: DeepSeek-V4-Pro (1.6 trillion parameters, performance “rivaling the world’s top closed-source models”) and DeepSeek-V4-Flash (a smaller, cheaper variant). According to TechCrunch, V4-Pro-Max outperforms open-source peers across reasoning benchmarks and beats OpenAI’s GPT-5.2 and Gemini 3.0 Pro on several tasks. DeepSeek claims coding performance “comparable to GPT-5.4.” All of it is open source — free to download, fine-tune, and deploy without restriction.

The Huawei chip integration is the detail that deserves more attention than it’s getting. U.S. export controls were specifically designed to slow China’s AI development by restricting access to NVIDIA’s advanced GPUs. DeepSeek’s V4 architecture was built, in part, around Huawei’s Ascend hardware. That’s not just a technical footnote — it’s a direct signal that export control pressure is accelerating China’s domestic chip ecosystem rather than stopping it, and that the resulting models are competitive at the frontier.

CNN reported that DeepSeek claims V4 has the best agentic coding capability of any open-source model currently available. Agentic coding — the ability to write, run, debug, and iterate on code autonomously — is not an academic benchmark. It is the capability that underlies AI-assisted vulnerability research, automated exploit development, and the acceleration of every phase of offensive cyber operations.

The Paradox in Full

Here is the position the United States now finds itself in: Anthropic built the most capable cybersecurity AI yet produced, decided it was too dangerous to release, locked it down — and it leaked anyway. Meanwhile, China built a frontier-class open-source model with equivalent agentic capabilities, integrated it with domestic hardware, and distributed it to anyone on the planet who wants it.

The secrecy calculus assumed that withholding Mythos would buy time — time for defenders to patch, for governance frameworks to develop, for access controls to hold. That assumption is worth interrogating. Mythos’s zero-day discovery capability is exceptional. But DeepSeek V4’s agentic coding capability at frontier performance, available to every threat actor who wants it, changes what baseline offensive capability looks like for the entire ecosystem.

This is the AI equivalent of a dynamic that OODALoop has covered extensively in other domains: the United States invests massively in developing a classified capability, treats the existence of that capability as the strategic moat, and then discovers that adversaries have independently developed equivalent capability and distributed it openly.

The strategic question isn’t whether Anthropic should have released Mythos. The question is whether the framework of “responsible withholding” can function as a meaningful security strategy when frontier capabilities are being open-sourced by competitors operating under different incentive structures.

What This Means for Defenders

At The Claw Street Journal, we’ve written repeatedly about the governance gap in agentic AI. The events of this past week tighten the urgency of that argument considerably.

For CISOs and security leaders, the practical implications are immediate:

The vulnerability surface is larger than your threat model assumes. Mythos found zero-days that had existed undetected for decades. That’s not a Mythos-specific finding — it’s a finding about how much latent vulnerability exists in legacy software. Assume your environment has undiscovered, high-severity flaws. Prioritize vulnerability discovery programs accordingly.

Agentic offensive capability is now widely available. DeepSeek V4’s open-source release means that the threshold for AI-assisted exploit development, reconnaissance automation, and adaptive phishing just dropped significantly. Security awareness training that relies on detecting imperfect phishing emails is no longer sufficient. Every organization needs behavior-based detection that doesn’t depend on knowing what the attack will look like in advance.

Access controls for AI models are not a solved problem. Mythos leaked in its first week. Enterprise deployments of powerful AI tools face the same pressure — from insiders, from supply chain partners, from contractors with access to development environments. Zero-trust principles apply to AI systems, not just networks.

The Huawei chip story is a signal worth tracking. Export controls remain a legitimate tool for managing technology transfer. But V4’s architecture demonstrates that China’s domestic semiconductor ecosystem is advancing, that the gap is closing, and that policy frameworks built on hardware chokepoints need to be continuously re-evaluated as those chokepoints shift.

The week that began with a dangerous model locked in a vault and ended with a dangerous model distributed to the world is a week that will be analyzed for years. The secrecy paradox is not going away. The question is whether we build governance frameworks robust enough to function despite it.

References