Power, Accountability, and the Claude Mythos Question
In October 1907, a banking crisis tore through the United States faster than any government body could respond. The Treasury had no mechanism to act. So J.P. Morgan, a private banker, convened the heads of New York's most powerful financial institutions in his personal library, locked the doors, and decided which banks would survive and which would fail. He organized the bailout himself, directed the capital, and resolved the panic over a few nights.
It worked. And it terrified everyone.
Congress spent the next six years figuring out how to respond to the fact that one unelected private citizen had just functioned as the entire American financial system's emergency backstop, with no democratic mandate, no oversight, and no mechanism that would have stopped him from making very different choices. The result, in 1913, was the Federal Reserve Act.
The lesson was not that Morgan was malicious, but that the system had no way of seeing the concentration of power coming, no way of governing it while it was happening, and no way of responding until after it had already determined the outcome. The governance arrived six years late.
We are in that window again. This time, the question is not only who controls the money, but who controls the machine.
On April 7, 2026, Anthropic announced that it had built an AI model it considered too dangerous to release to the public. The model, called Claude Mythos, had demonstrated the ability to attack computer networks autonomously, find vulnerabilities in critical software that had gone undetected for decades, and complete tasks that had previously required teams of expert human professionals to work for weeks. Anthropic labeled it a cyberweapon, and, instead of a public launch, they announced Project Glasswing: restricted access for a small number of vetted companies and researchers, backed by $100 million in usage credits, to find and patch vulnerabilities before bad actors could build something similar.
The Economist called Mythos the story that proved that AI's leading men may be on their way to becoming as powerful as Ford or Rockefeller. That framing is correct, but it understates the problem. Ford and Rockefeller built fortunes. What Mythos represents is something closer to what Morgan held in his library in 1907: a structural advantage so significant that it changed the rules of the system, exercised by a private actor, in a vacuum that democratic institutions were not designed to fill.
The question the Federal Reserve Act answered in 1913 took six years even to ask. The question Mythos raises needs to be answered now, before the next threshold is crossed, or before we discover that it already has been.
What does the “Federal Reserve Act” for AI capability look like? And who gets to design it?
For that question to be answerable, the public has to understand enough about the problem to demand an answer. That is a communications challenge before it is a policy challenge. And, right now, it is a communications challenge that no one is meeting.
What the Capability Reveals
The same system that identifies a flaw in a piece of software can also exploit it. Detection and attack are not two different tools but the same tool, pointed in different directions. The UK's AI Safety Institute, which has tracked AI cybersecurity capabilities since 2023, confirmed as much in its evaluation of Mythos: a model that two years ago would have struggled with beginner-level tasks is now completing expert-level cyberattack simulations that no AI had ever finished before.
The technical details matter, and for readers who want them, the AISI's full evaluation and Hank Green's interview with cybersecurity expert Sherri Davidoff are great sources. What matters for this piece is what the capability reveals about power and knowledge, and whether anyone is translating it clearly enough for the public to act on.
The Question Nobody Has Answered
The public conversation around Mythos has been shaped by a single assumption, stated or implied in almost every piece of coverage: “Isn't it remarkable that the company that got here first chose to be transparent?”
That assumption contains something unverified.
We have no way of knowing whether Anthropic was the first organization to reach this level of capability. We only know they were the first to reveal it publicly. Another AI company, a defense contractor, or a state actor may have already mapped these backdoors, discovered the same vulnerabilities, and said nothing. Every incentive points toward silence. If you suddenly have that kind of capability, going public means giving up the advantage. Staying quiet means keeping it. A commercial competitor keeps quiet to protect a financial edge. A state actor keeps quiet because the advantage is strategic. An organized criminal group has no reason to disclose at all.
That is the real asymmetry that Mythos has laid bare. Not simply that one company holds extraordinary capability, but that the architecture of the situation makes it structurally impossible to know who else does. No registry exists. No disclosure is required. Nothing in the current system would reveal a capability like this if the organization holding it chose to stay quiet. The information isn't hidden. It's just that nothing requires the light to be turned on.
As The Economist recently observed, Zuckerberg, Altman, Amodei, Musk, and Hassabis, the five men most responsible for AI development today hold, in a very real sense, the fate of Western civilization in their hands. But it still understates the problem because it assumes we know who those five men are. It assumes the relevant actors have identified themselves, and we cannot be certain they have.
And this is not a problem the public is currently equipped to respond to. For democratic accountability to function, people have to understand the issue well enough to care about it and care enough to demand legislation, oversight, and appropriately allocated responsibility. That requires cultural salience, the kind of communication that turns abstraction into something concrete, something people can see and feel personally. For Mythos, that communication does not yet exist.
This is where the J.P. Morgan parallel becomes most useful and most precise. In 1907, Morgan's intervention was visible, and the crisis was public. The response, whatever its flaws, could be observed and eventually governed. What Mythos introduces is the possibility of a Morgan moment that never becomes visible at all. Power concentrated quietly, behind a capability that the holder has every reason to keep secret, in an environment where no institution has the mandate or the mechanism to find it.
The question Mythos raises is whether we can build the governance before the problem surfaces.
What It Means to Choose
Anthropic chose not to release Mythos, and what that choice actually means deserves scrutiny.
Project Glasswing restricted access to a small number of vetted partners, including AWS, Apple, Google, Microsoft, JPMorgan, CrowdStrike, and the Linux Foundation, backed by $100 million in usage credits. The stated rationale was transparency as defense: find the vulnerabilities now, using Mythos, and patch them before bad actors build something comparable. The partners with access are using it to harden their systems. Open-source foundations are using it to secure software that the entire internet runs on, software that would otherwise have no budget for such an audit.
That is a reasonable case, and it may even be the right call, but three things complicate it, and they're worth naming directly.
The first is that secrecy is not a stable strategy. Davidoff put it plainly: three can keep a secret if two of them are dead. Project Glasswing currently involves more than 40 companies and a significant number of academic researchers. They all carry something extremely valuable now. They're all targets. This is no longer a theoretical concern. On April 21, Bloomberg reported that a small group of unauthorized users had already accessed Mythos, on the same day Anthropic announced Project Glasswing. The group gained access through a third-party contractor and by guessing the model's URL based on formatting patterns revealed in a separate data breach. They are part of a private forum that also hunts for unreleased Anthropic systems. The group says it has not used Mythos for cybersecurity purposes. That is reassuring only if you believe this will be the last breach, and that every future breach will be equally benign.
The second is a question of geography. Nicolas Moës, executive director of The Future Society, has pointed out that no European regulatory authority or company was invited to participate in Project Glasswing's pre-release. The goodwill and good judgment of a handful of American executives currently stand between the EU's software system and those vulnerabilities. That is an extraordinary amount of power to rest on an invitation list that no democratic body helped write. As Moës put it: for all the talk of European AI sovereignty, this situation illustrates that sovereignty is not just about simplification, but about resilience, security, and the protection of property rights.
The third is a question of motive. Critics have described Glasswing as strategic theater: a safety framing that builds public trust while quietly constructing a dependency on Anthropic's proprietary tools. “Too dangerous to release” may be both a principled position and an effective product strategy. The companies that need Mythos most are now paying for access. Anthropic retains control over who gets in, on what terms, and for how long. The decision to restrict Mythos may be genuinely responsible and commercially advantageous at the same time. But when the only check on that power is the company's own judgment, no one outside can resolve the question of motive.
That is precisely the problem. Not that Anthropic made the wrong choice, but that we have no way of knowing whether they did. And until the public actually cares about this question, nobody is going to build a better one.
Why the Governance Gap Is a Communications Gap
The existing governance frameworks are not irrelevant to Mythos, but none of them are built for what Mythos actually represents. Cybersecurity law governs breaches after the fact. The White House's AI Framework is primarily concerned with the pace of innovation. None of them addresses the concentration of asymmetric capability in private hands. None contains a mechanism for surfacing Mythos-level development that its holder has chosen not to disclose. And none of them answers the question that sits underneath all of this: who decides what a private actor is allowed to do with a capability of civilizational consequence, and on what basis?
That is a governance problem. But it is first a communications problem. Governance follows public demand, and public demand follows understanding. The frameworks don't exist because the cultural salience that would generate them hasn't arrived.
Anthropic's own conduct shows what happens in the absence of that salience. When the Pentagon sought to use Claude for mass surveillance of American citizens, Anthropic refused on ethical grounds. The company refused, plainly and publicly, and accepted the consequences: the Trump administration designated Anthropic a supply chain risk and banned government agencies from using its technology. That refusal was, by any reasonable standard, admirable. But when the Pentagon sought to use Claude for autonomous weapons, Anthropic's objection was of a different kind. The company refused on reliability grounds. The technology, Anthropic argued, was not yet accurate enough to be used for lethal autonomous decisions without making unacceptable errors. The implication was clear: when it is accurate enough, the ethical objection disappears. It is fine to use this technology to kill, as long as it kills correctly.
That distinction is carrying a lot of weight. It tells us how a company with this kind of power decides what's acceptable and what isn't. The boundary is technical, not ethical. And technical boundaries only move one way.
Philip Trippenbach, Seismic's Strategy Director, has described this as the acceleration problem. Having stronger AI allows you to build even stronger AI. The compounding is not linear. Dario Amodei said in 2024 that whoever holds the strongest AI by 2026 may be in a position that others cannot mathematically close, not because of a single decision, but because the gap compounds forward mathematically. Even a six-month lag may eventually be unbridgeable.
If that is true, then the window for building democratic controls is not indefinite. That window exists only until the gap becomes structural. And the window for building communications infrastructure that makes democratic control politically possible is even shorter. You can't legislate what people don't understand, and you can't regulate something the public isn't paying attention to. Governance will not precede salience. It never has.
What Needs to Happen Now
Every major technological wave in American capitalism has eventually produced a democratic response: antitrust regulation, regulatory frameworks, legislative reform. But in every case, the response was triggered by something the public could see. A panic. A crisis. A book. The governance arrived late, but it arrived because the problem had surfaced. For tobacco, the window between the problem and the governance was thirty years. For social media, fifteen. The interval compresses when the communication is deliberate and emotionally grounded, and when it's aimed at the public rather than the policy community.
The Mythos story has not yet surfaced for the public. It landed in the technical press, the financial press, and the national security community. The public that responded to the Anthropic-Pentagon story with extraordinary concrete action has largely not engaged with Mythos at all, not because they do not care about what it represents, but because no one has yet given them a way to do so.
The Federal Reserve question cannot remain rhetorical. “What does the Federal Reserve Act for AI capability look like, and who gets to design it?” is the right question. But a question without an institutional target is an observation, not a call to action. The responsible AI community needs to be specific: mandatory disclosure requirements for frontier model capabilities above a defined threshold. An independent body, outside the companies and outside the existing national security apparatus, with the mandate to evaluate and surface concentrations of AI power. A coordinated public demand that the next Mythos-level development not be announced via press release to a restricted group of vetted partners, but be disclosed to a body that represents the public whose infrastructure it affects. Every other industry with civilizational-level consequences already works this way. Banks submit to stress tests. Pharmaceutical companies disclose trial results to independent regulators before products reach the public. Nuclear facilities operate under mandatory inspection regimes. These are not radical asks. They are the minimum that the J.P. Morgan precedent suggests is necessary.
But none of that happens without cultural salience. The public has to understand the problem well enough to demand the answer. That is what is missing. Not the policy ideas, not the willingness to act, but the communication that makes people see what's been invisible, feel what's been abstract, and do something about what's been urgent.
Hope is not a strategy.