We Can Fix the Internet. That's Not the Hard Part.
The coverage of Claude Mythos followed a familiar pattern. Initial alarm about offensive capability followed by security community response followed by company mitigation and marketing, followed by a rapid news cycle. Then attention moved elsewhere.
Now we can discuss what Mythos actually revealed, instead of the point that captured the news cycle.
Not because the breaching capability isn't real, but because the alarm was aimed at the wrong target. The question Mythos raises isn't whether Anthropic should have built it. It's what the existence of this capability class means for infrastructure that was never designed to withstand it, and whether we are going to do anything serious about that.
What Mythos Actually Revealed
Mythos demonstrated the ability to autonomously identify, reason about, and exploit vulnerabilities in complex codebases at a speed and scale no human team can match. The coverage treated this as a new condition, but it isn't. The offensive capability has been ambient across open-weight models for some time. Mythos just made it impossible to ignore.
The attack surface of global computing infrastructure is effectively infinite, and the cost of sophisticated exploitation just dropped by several orders of magnitude. This was always true in the sense that sufficiently motivated and resourced actors could always find and exploit vulnerabilities. What changed is the resource requirement: it is no longer a meaningful constraint.
The XZ Utils incident in 2024 is a clearer example. A sophisticated actor spent two years infiltrating a single open source maintainer relationship, came close to embedding a backdoor in a compression library running on a significant portion of Linux-based critical infrastructure globally, and was caught before widespread deployment – not through systematic institutional detection, but because one engineer noticed anomalous CPU behavior in an unrelated benchmark. The margin wasn't institutional competence. It was luck.
That incident produced no adequate institutional response. The vulnerability surface it revealed, that the dependence of global infrastructure on small teams of volunteer maintainers, sans systematic verification of the foundations everything else runs on, remains exactly as it was. We noted it and moved on.
Mythos means we will not always be lucky.
What Glasswing Is
Anthropic's Glasswing initiative deploys Mythos-class capability to find and patch vulnerabilities at scale. This is valuable: finding vulnerabilities faster than adversaries can exploit them is better than the current situation.
But, it is patching. It is applying sophisticated capability to a broken foundation and making the foundation slightly less broken. The foundation itself, the architectural assumptions underlying the software that runs critical infrastructure, most of which were made in an era when the threat model was entirely different, remains intact.
Patching is not a solution. It is a mitigation. The distinction matters because mitigation can be sustained indefinitely without the underlying problem ever being addressed, which is precisely what tends to happen when the mitigation is working well enough to prevent acute crisis. The burning building doesn't collapse, so we keep improving the fire suppression system.
The Argument Nobody Is Making
Here is what has changed that makes a different response possible for the first time.
Formally verified operating systems exist. seL4, and systems like it, have been mathematically proven to be free of entire classes of vulnerabilities: not tested, not audited, proven. The security properties are not empirical claims that could be falsified by a sufficiently clever attack. They are theorems. The attack surface that Mythos-class capability can exploit does not exist in a system built on verified foundations.
The reason critical infrastructure doesn't run on verified foundations is not that verified foundations don't exist or don't work. It is that the engineering and compatibility barriers to migration have always exceeded the perceived cost of staying on broken ones. Rebuilding on verified architectural foundations has historically required expertise, certification processes, and compatibility work that organizations could not justify against a threat that remained largely theoretical. The challenges of migration at scale are real and not trivial.
Mythos changes that calculus in both directions simultaneously. It raises the cost of staying on broken foundations because the threat is no longer theoretical. And it creates the conditions for reducing the cost of rebuilding: the same capability class that makes exploitation tractable also makes the analysis, planning, and systematic execution of large-scale migration more feasible than it has ever been. We now have tools that didn't exist before. Whether they are sufficient is an empirical question that won't be answered without attempting it. What's clear is that the argument for attempting it has never been stronger.
This argument is not being made in mainstream AI governance discourse. The conversation is about whether AI systems should be allowed to find vulnerabilities, and under what conditions, and with what oversight. That is a real question. It is not the important one. The important question is whether we are going to use this capability window to fix the foundation, or whether we are going to use it to patch more efficiently while the foundation remains broken.
The Governance Gap
The capability to attempt the rebuild exists. The institutional structure to direct it as a global public good does not.
This is not a generic AI governance problem. It does not require a broad international framework for AI development, which would be slow, contested, and almost certainly capture-prone. It requires something narrow and specific: an intergovernmental body with a defined mandate to oversee the use of AI capability for critical infrastructure verification and migration, modeled on what the IAEA does for nuclear materials: not governing the technology broadly, but governing this specific application of it, with the specific goal of moving global critical infrastructure toward verified foundations within a defined timeframe.
The IAEA analogy is imperfect but instructive. The IAEA works not because it has solved the political problem of nuclear weapons but because it has created a narrow technical verification function that most actors find it in their interest to participate in. The function is specific enough to be operationalizable and important enough to justify the institutional investment. A body with the equivalent mandate for infrastructure verification would look similar: small, technical, with a defined scope that doesn't require resolving every contested question about AI governance before it can act.
No government is proposing this. The companies with the relevant capability have no incentive to propose it; the capability is a competitive asset, and directing it as a public good means not owning it exclusively. The security community is focused on the near-term threat. The AI governance community is focused on broader questions. Nobody is sitting at the intersection saying: we have a window, the window will not stay open, here is the specific thing we should do with it.
What Institutional Courage Would Look Like
The Mythos news cycle is over. The alarm has dissipated. This is actually the right moment to think clearly about what it revealed, because clarity is easier when the immediate reaction has passed.
What it revealed is a genuine window, probably measured in years, not decades, during which the cost asymmetry between patching and rebuilding has shifted enough that rebuilding is worth attempting seriously. That window closes as the threat environment normalizes to the new capability level, as adversarial use of equivalent tools scales, and as the perceived urgency fades.
Using the window requires an institution that doesn't exist yet, making an argument that isn't being made, directing resources toward a goal that has no natural constituency among the actors who control the relevant capability.
That is a description of what hard governance problems always look like before someone decides to solve them.
The capability to fix the foundation exists. Whether we use it is a political question, not a technical one. That's the hard part.
