Former Government AI Analyst: White House Mythos Block Is 'Building a Dam Against a Tsunami'
AI policy analyst Dean Abal says Mythos-level capabilities will diffuse to adversaries in 6-18 months regardless. Here's the case for arming defenders first.
Dean Abal Called It: The White House Is Building a Dam Against a Tsunami
Dean Abal, an AI policy analyst with direct government experience, looked at the White House’s decision to block Anthropic from expanding Claude Mythos access and said something that should make you uncomfortable: this is the right call in the short term, and it will not work.
His exact framing: “building a dam against a tsunami.” The capabilities that make Mythos alarming to the federal government will diffuse to adversaries — state-sponsored, criminal, or otherwise — within 6 to 18 months. Not because someone will steal the model. Because the frontier moves, and it moves fast, and it moves in multiple directions at once.
That’s the tension nobody in the official response to this story has fully reckoned with. The White House made a defensible tactical decision. Abal is arguing it’s strategically incoherent. And the evidence, when you lay it out, is hard to dismiss.
What the White House Actually Did (and Didn’t Do)
Here’s the situation as reported by the Wall Street Journal: Anthropic wanted to expand Claude Mythos preview access from 50 organizations to 120. That’s an additional 70 companies — all of them vetted, all of them framed by Anthropic as “defenders,” meaning organizations using Mythos to find vulnerabilities and patch them before attackers can exploit them.
The White House said no.
Remy is new. The platform isn't.
Remy is the latest expression of years of platform work. Not a hastily wrapped LLM.
Two reasons were given. The first was national security — wider access to a model this capable creates more attack surface, more risk of misuse. That’s a coherent argument. The second reason was stranger: the White House expressed concern that Anthropic might not have enough compute to serve both the expanded list of organizations and the federal government’s own Mythos usage.
Anthropic disputes the compute framing. They’ve recently signed infrastructure deals with Amazon, Google, and Broadcom. But those buildouts take time, and there’s a real underlying question here that isn’t just about raw capacity: when compute is constrained, who gets priority? The federal government, apparently, does not want to be standing in line behind 70 additional organizations to access a model it considers strategically important.
The compute angle matters for a separate reason. Mythos sits above Opus in Anthropic’s model hierarchy — it’s a new class entirely, not just an incremental update. The inference costs are substantially higher than anything in the Sonnet or Opus tier. If you wanted to run Mythos-level security audits across every major American financial institution, you’d need compute that doesn’t currently exist at scale. That’s not a hypothetical constraint.
There’s also a detail that complicates the “controlled rollout” narrative: an unauthorized Discord group somehow had Mythos access. That investigation is still ongoing. But it’s a useful data point about how airtight access controls actually are in practice.
Why This Isn’t Just a Policy Story
The White House’s intervention looks, on the surface, like a sensible precaution. A model this capable shouldn’t be handed out freely. But Abal’s critique cuts deeper than “the policy is too restrictive.”
His core argument is about the nature of capability diffusion. Frontier AI capabilities don’t stay frontier for long. What one lab can do today, other labs — including open-source Chinese labs — will be able to do within months. If the western AI labs are restricted from putting these tools in the hands of defenders, the asymmetry doesn’t favor the defenders. It favors whoever gets there next with fewer restrictions.
The evidence for this is already visible. The UK’s AI Security Institute runs a benchmark called the Last Ones — a 32-step simulated corporate network attack that AISI estimates would take a human expert roughly 20 hours to complete. Claude Mythos completed it in 3 out of 10 attempts. That was alarming enough. Then GPT-5.5 ran the same benchmark and completed it in 2 out of 10 attempts.
Two models. Same class of capability. Different labs.
GPT-5.5 also scored 71.4% on expert-level cyber tasks, compared to Mythos’s 68.6%. These aren’t wildly different numbers. They’re converging numbers, which is exactly Abal’s point. The capability isn’t unique to Mythos. It’s a frontier trend. Restricting Mythos doesn’t restrict the trend.
Meanwhile, OpenAI is rolling out GPT-5.5 Cyber to its own list of “critical defenders.” The same capability the White House is blocking Anthropic from distributing more widely is being distributed by a different lab, on a different list, under a different set of informal rules. There’s no formal licensing regime here. No laws were passed. No legislative body created criteria. What exists is a soft, informal, ad hoc system of access control — and it’s already inconsistent.
The Capability Is Real. The Containment Strategy Is Not.
Everyone else built a construction worker.
We built the contractor.
One file at a time.
UI, API, database, deploy.
Before getting to what Abal thinks should happen instead, it’s worth being precise about what these models can actually do — because the benchmarks are specific and the specifics matter.
Mythos found a 27-year-old vulnerability in OpenBSD. Something that had gone undetected for nearly three decades, through countless security audits by human experts. The model found it. That’s not a marketing claim — it’s a documented finding that spooked the Federal Reserve enough to hold an emergency meeting.
On the GPT-5.5 side, AISI highlighted a reverse engineering challenge the model solved in 10 minutes and 22 seconds, at an API cost of $1.73. A human expert would need approximately 12 hours for the same task. The cost curve and the time curve are both collapsing simultaneously.
One important caveat: AISI explicitly states they don’t know how these models would perform against real-world hardened systems. The Last Ones benchmark uses simulated environments with no active defenses, no triggered alerts, no defensive tooling responding in real time. It’s closer to a controlled exercise than an actual attack scenario. The models are good at finding vulnerabilities in static environments. Whether that translates directly to live network penetration against a defended target is genuinely unknown.
But here’s what that caveat doesn’t change: the cost of attempting these attacks has dropped to under two dollars. The time required has dropped from half a workday to ten minutes. Even if the success rate against hardened systems is lower than the benchmarks suggest, the economics of trying have fundamentally shifted.
The Defender Imperative — and Why Restricting Access Inverts It
David Sax, who advises the Trump cabinet and has been a consistent skeptic of AI doom narratives, offered a counter-framing worth taking seriously: demystify Mythos. It’s not a doomsday device. It’s one of the first of many models that can automate cybersecurity tasks, the same way AI is automating coding tasks. These models don’t create new vulnerabilities — they find ones that already exist. The OpenBSD bug was 27 years old. Mythos didn’t create it. It surfaced it.
Sax’s prescription: arm the defenders first, as fast as possible.
This is where Abal’s argument gets interesting in a way that doesn’t fit neatly into either the “restrict everything” or “release everything” camp. He argues that technical AI safety — the actual work of making these models safer to deploy — can function as an accelerant rather than a brake. If defenders can safely use stronger systems to patch vulnerabilities faster than attackers can exploit them, you create a dynamic where safety work enables faster progress rather than slowing it down.
The implication is that the White House’s intervention, however well-intentioned, inverts this logic. By limiting Mythos access to a small set of organizations while the underlying capability spreads to other models and other labs, you’re not reducing the attack surface. You’re just ensuring that defenders have fewer tools than they eventually will, while the offensive capability diffuses anyway.
For teams building security tooling or threat detection workflows on top of frontier models, this dynamic is directly relevant. Platforms like MindStudio support 200+ models and 1,000+ integrations, which means the same orchestration layer can route to whichever model has the right capability profile for a given task — without rebuilding the stack every time the frontier shifts.
What an Informal Licensing Regime Actually Looks Like
The most underappreciated aspect of this story is the governance structure — or lack of one — that’s emerged around Mythos access.
What the White House is doing looks like a soft licensing regime. The government is effectively deciding which organizations can access which AI capabilities, based on national security judgments, without any formal legal framework. No laws were passed. No criteria were published. No appeals process exists. The 50 organizations currently with Mythos access got it through informal vetting. The 70 organizations Anthropic wanted to add were blocked through informal pressure.
This is how consequential AI governance is currently happening in the United States: through phone calls and Wall Street Journal reports, not legislation.
Abal’s point is that if this informal regime is going to function at all, it needs to become formal. There need to be rules. There need to be criteria for who gets access and why. There need to be technical safeguards, not just access restrictions. Because access restrictions alone — applied inconsistently, without legal backing, in a landscape where the same capabilities are being distributed by multiple labs under different informal arrangements — are not a security strategy. They’re a delay.
The compute shortage underlying all of this adds another layer of complexity. Anthropic’s infrastructure deals with Amazon, Google, and Broadcom will eventually come online. When they do, the compute constraint that partly motivated the White House’s position will ease. What happens to the access restrictions then? Does the informal regime expand? Contract? Nobody has said.
The 6-to-18-Month Clock
Abal’s timeline is the thing that should focus attention. Six to eighteen months before Mythos-level capabilities are widely available — not from Anthropic, but from the broader frontier. GPT-5.5 is already there on the key benchmarks. Chinese open-source labs are close. The Last Ones benchmark that two models can now complete will be a baseline capability, not a frontier one, within a year.
The question the White House’s decision doesn’t answer is: what happens when the dam is no longer relevant? When the capability is available from a dozen sources, some of them open-weight, some of them outside US jurisdiction, the informal access control regime around Mythos becomes moot. The defenders who were blocked from using it during the window when it mattered most will have spent that time without the tool. The attackers — who don’t wait for permission — will have had whatever they could access.
This is the structural problem with access restriction as a primary security strategy for dual-use AI capabilities. It’s time-bounded in a way that offensive capability diffusion is not. The dam holds until it doesn’t, and then it’s gone all at once.
Other agents start typing. Remy starts asking.
Scoping, trade-offs, edge cases — the real work. Before a line of code.
For builders thinking about where this goes: the cybersecurity capability gap between Mythos and earlier Claude models is real and measurable now. But that gap will compress as the frontier moves. The interesting engineering question isn’t which model can do this today — it’s how to build systems that can route to the right capability as the landscape shifts. That’s a workflow and orchestration problem as much as a model selection problem. Tools like Remy approach a related challenge in software development: rather than hand-wiring integrations to specific model versions, you write a spec that captures intent, and the implementation gets compiled from it — which means the source of truth stays stable even as the underlying stack evolves.
Where This Leaves the Debate
The White House made a call. Abal says it’s the right call for the short term and the wrong strategy for the long term. Sax says stop mystifying Mythos and arm the defenders. Anthropic says the compute concern is overstated and the defenders need access now.
All three positions contain something true. The White House is correct that unrestricted access to this capability creates real risk. Abal is correct that the capability will diffuse regardless. Sax is correct that treating Mythos as uniquely dangerous obscures the fact that GPT-5.5 can do the same things. Anthropic is correct that defenders with better tools patch faster.
What none of them have is a governance framework that resolves the tension. The informal regime that currently exists — ad hoc, inconsistent, legally unbacked — is not that framework. It’s a placeholder that will be overtaken by events within the window Abal is describing.
The 27-year-old OpenBSD vulnerability that Mythos found had been sitting there, undetected, through decades of human security audits. The model found it in a session. That’s the capability the White House is trying to control. It’s also the capability that defenders need most urgently.
The dam metaphor is apt. Dams are useful. They’re also temporary in geological time. The question is what you build on the other side of one.
