Anthropic denies China access to the Mythos model: the AI cold war intensifies
🔎 A refusal that marks a geopolitical turning point
During a meeting in Singapore in late April 2026, Chinese representatives demanded that Anthropic be granted access to Mythos, the most sensitive AI model ever developed by the company. The response was clear: no. This refusal, reported by the New York Times on May 12, 2026, goes far beyond the scope of a simple commercial dispute. It signals that frontier AI models have become strategic assets on par with nuclear weapons or advanced semiconductor manufacturing blueprints.
The context makes this refusal even more significant. Mythos is not an ordinary chatbot. It is a model designed specifically for offensive and defensive cybersecurity, capable of discovering tens of thousands of unknown vulnerabilities in global software infrastructure. Handing it over to a rival power would, in Anthropic's view, amount to handing over the keys to the global computer system.
This moment marks a turning point. Until now, the AI race was primarily played out on chips, datacenters, and training budgets. Now, geopolitics is stepping directly into model deployment. States are no longer content with controlling hardware — they want to control access to cognitive capabilities themselves.
The essentials
- Anthropic categorically refused China access to Mythos during a meeting in Singapore, according to the New York Times (May 2026).
- Mythos is a cybersecurity model limited to about 40 global organizations, including the NSA, which uses it operationally.
- The model has already discovered tens of thousands of zero-day vulnerabilities in global software infrastructure.
- Anthropic breaks with the consensus on the democratization of AI by deliberately choosing not to release a model deemed too dangerous.
- China estimates being 6 to 12 months behind American frontier capabilities in AI cybersecurity.
- Three security incidents affected Mythos in a single month, including one case of unauthorized access.
Recommended tools
| Tool | Main usage | Price (June 2025, check website) | Ideal for |
|---|---|---|---|
| Hostinger | Secure web hosting | Starting from 2.99 €/month | Deploying protected infrastructures |
| Claude Opus 4.7 (Adaptive) | Advanced agentic reasoning | Via Anthropic API | Complex analytical security tasks |
| Gemini 3.1 Pro | General and multimodal analysis | Via Google AI Studio | Tech monitoring and source analysis |
| GPT-5.5 | Reasoning and code | Via OpenAI API | Automation and agentic workflows |
| DeepSeek V4 Pro (Max) | Open-weight alternative | Via DeepSeek API | Cost-effective large-scale analyses |
Mythos: this model that no one should own
Mythos has nothing to do with Claude, GPT-5.5 or Gemini 3.1 Pro. It is a specialized model, designed by Anthropic for a single objective: finding and exploiting vulnerabilities in software code. Not theoretical flaws. Real, exploitable vulnerabilities present in software used by billions of people.
The creator of curl, Daniel Stenberg, experienced this firsthand. On May 11, 2026, he confirmed on his blog that Anthropic had discovered a vulnerability in curl's code via Mythos in April 2026. Curl is one of the most widely used tools in the world for data transfers. If a critical vulnerability is found in it, the entire internet infrastructure is potentially exposed.
Anthropic's CEO stated that the world had "6 to 12 months before this becomes very serious." The company claims that Mythos has already identified tens of thousands of unknown vulnerabilities in global software infrastructures. This figure alone explains why the model is locked behind restricted access for about 40 organizations.
The NSA is among these 40 organizations. It uses Mythos operationally to detect critical vulnerabilities in American systems — and potentially in those of other countries. This paradox, where the US military sues Anthropic while using its most sensitive model, illustrates the complexity of the situation.
The model is also capable of attacking. Anthropic did not design it solely for defense. And it is precisely this offensive capability that makes the debate over international access so explosive. When a Chinese think tank requested access to Mythos, it was not to improve the security of its systems. It was to obtain a next-generation cyber weapon.
Singapore: Details of the Confrontation
The Singapore meeting took place in a diplomatic setting in late April or early May 2026. Chinese representatives formally demanded that Anthropic be granted access to the Mythos model. The New York Times reports that Anthropic's refusal was categorical and immediate.
IDC China, cited by the New York Times, stresses that this refusal creates a "significant technological gap" for Chinese companies. In other words, without access to Mythos or an equivalent, China finds itself at a measurable disadvantage in terms of offensive and defensive cybersecurity.
This demand was not trivial. It is part of a broader Chinese strategy of acquiring sensitive technologies through formal or informal channels. The Trump-Xi summit, reported by the BBC in May 2026, confirmed that US export controls explicitly aimed to limit China's access to frontier AI capabilities. Singapore, a diplomatic crossroads between the two powers, was the ideal stage for this confrontation.
Anthropic's refusal is more than just a business move. It is an explicit alignment with US national security policy. And it is a signal sent to all developers of frontier models: you can no longer claim to be apolitical.
Anthropic's withholding strategy: a dangerous precedent
For the first time, a tech giant is deliberately choosing not to release a model it deems too powerful. The Journal du Net analyzes this move as a break from the consensus on the democratization of AI. For years, the industry operated on a simple principle: every trained model eventually gets released, either in open-weight or via API.
Anthropic breaks this rule with Mythos. The model, launched in April 2026 for restricted testing, is not available on Anthropic's API. There is no open-weight version. No public waitlist. Just invite-only access, validated on a case-by-case basis, for around forty organizations.
This choice raises a fundamental problem for the industry. If every lab unilaterally decides what is too dangerous to be released, we end up with total opacity regarding the actual capabilities of frontier models. Anthropic says that Mythos is dangerous. How do we verify it? We can't.
The parallel with Claude, GPT, Gemini, Llama : quel modèle choisir en 2026 ? is enlightening. The models on this list are public, evaluable, and comparable. Mythos exists in another category: that of classified weapons. And it is precisely this status that makes it so highly coveted.
This withholding strategy also sets a precedent for regulators. If private companies can decide to secretly classify a model, what is the role of governments? The question is no longer theoretical. It is raised by the facts.
The US-China race: a shrinking lead
The gap between American and Chinese models is no longer what it used to be. The Stanford AI Index 2026, shared on LinkedIn, reveals a staggering figure: the performance gap between the best US and Chinese models has narrowed to just 2.7% on broad benchmarks.
The roster of current models confirms this trend. Models like Moonshot AI's Kimi K2.6 reach an 88.1 agentic score (self-host), while Z.AI's GLM-5 borders on 82. DeepSeek V4 Pro (Max) climbs to 88 overall, a score that places it in the global top 10. China isn't just catching up — it is closing the gap, and fast.
To maintain their lead, the United States has spent 23 times more private capital than China in AI, according to the Stanford AI Index. This funding gap is massive, but it translates into a single-digit performance advantage. The marginal return on US investments is diminishing.
It is in this context that Mythos takes on its full strategic importance. If the advantage on general benchmarks is shrinking to 2.7%, the advantage in specialized capabilities — such as zero-day vulnerability discovery — becomes the true differentiator. And this is exactly what China is trying to achieve.
Anthropic knows this. In a May 2026 Business Insider article, the company calls on the US to act quickly to lock in a 1- to 2-year lead over China, notably by closing chip export loopholes. The message is clear: the window is closing.
Security vulnerabilities: when the guard gets hacked
The irony is cruel. The model designed to protect global infrastructure fails to protect itself. In a single month, three security incidents have affected Mythos.
The most serious, reported by MSN in May 2026, is unauthorized access to the model. Anthropic launched an internal investigation, but the details of the breach remain unclear. All that is known is that an unidentified actor managed to interact with Mythos outside the framework of the 40 authorized organizations.
Les Numériques confirms that a leak has already occurred and emphasizes that the model is "just as capable of attacking." This offensive capability, combined with failing security, creates a nightmarish scenario: the tool designed to find the vulnerabilities of others is itself full of flaws.
These incidents raise an uncomfortable question. If the NSA uses Mythos operationally, as reported by CoinAcademy, and the model suffers security breaches, what is the level of exposure of American systems? The US military is also suing Anthropic — a paradox that illustrates the tension between government control and lab independence.
The security of frontier models has become a national security issue. Not in a theoretical way, but in a concrete and immediate manner. Every security incident on Mythos is potentially a vulnerability discovered in the systems of those who use it.
Agentic models: the other front of the war
Beyond Mythos, the US-China competition is also playing out in general agentic models. The current ranking shows clear, but fragile, American dominance.
OpenAI's GPT-5.5 dominates with 98.2, followed by Google's Gemini 3 Pro Deep Think at 95.4 and Anthropic's Claude Opus 4.7 (Adaptive) at 94.3. These three American models make up the leading pack. But behind them, China is catching up.
Moonshot AI's Kimi K2.6, at 88.1 in self-host mode, surpasses GPT-5.4 (87.6) and Gemini 3.1 Pro (87.3). This is a strong signal. A Chinese model, deployed on-premise, outperforms American models accessible via API. The question of deployment becomes just as strategic as that of raw performance.
The development of CLI coding agents, as illustrated by Grok Build : xAI lance son premier agent coding CLI — la guerre des coding agents s'intensifie, shows that the battle is shifting from chatbots to autonomous tools. A coding agent capable of finding and exploiting vulnerabilities in code is Mythos in another form. The boundary between a general agentic model and a specialized cybersecurity model is fading.
This convergence makes export controls even more complex. How do you ban access to Mythos while allowing the use of GPT-5.5, which could potentially accomplish similar tasks with the right prompting? There is no simple answer to this question, and regulators are aware of it.
Export Controls: The Imperfect Weapon
US export controls aim to limit China's access to the chips needed to train frontier models. The Trump-Xi summit of May 2026, reported by the BBC, confirmed that these measures remain a central diplomatic lever.
But export controls have structural limitations. First, they do not cover the models themselves, only the hardware. Nothing legally prevents an American model from being accessible from China via API — except a unilateral decision by the provider, like Anthropic's with Mythos.
Furthermore, China is developing its own hardware capabilities. The fact that Kimi K2.6 and GLM-5 run in self-host mode proves that China has sufficient infrastructure to deploy frontier-level models, even if this infrastructure is more expensive and less efficient than its American equivalents.
Anthropic, in its advocacy reported by Business Insider, is calling for a strengthening of these controls to maintain a 1- to 2-year advantage. The company specifically identifies loopholes in the current export regime — loopholes that allow China to partially circumvent the restrictions.
The problem is that export controls work like a dam: they slow down, but do not stop. China has proven that it can reach 97.3% of the US level with 23 times less capital. The cost-performance ratio favors those who are catching up.
Specialization vs generalization: the real divide
The comparison between Mythos and generalist models reveals a deep strategic divide. General benchmarks show a 2.7% gap between the United States and China. But in offensive cybersecurity, the gap is estimated at 6 to 12 months by Anthropic's CEO.
This divergence is explained by the nature of specialization. A model like TabPFN : le premier modèle foundation pour les données tabulaires shows that specialized foundation models can create disproportionate advantages relative to their size. Mythos applies this principle to cybersecurity: by focusing on a narrow domain, it achieves a level of performance that no generalist model can match.
China understands this. That is why it did not request access to GPT-5.5 or Claude Opus 4.7 — these models are accessible via API. It requested Mythos, precisely because this is the domain where the American advantage is greatest and the most difficult to catch up with.
This dynamic suggests that the future of the AI race will not be decided on general benchmarks, but on models specialized in strategic domains: cybersecurity, cryptography, weapons design, materials science. In each of these domains, a specialized foundation model can create a short-term, insurmountable strategic advantage.
What happens if China gets an equivalent of Mythos?
The question is not whether China will develop an equivalent of Mythos, but when. With a 6 to 12-month gap and growing resources, it is statistically probable that Beijing will have a comparable-level cybersecurity model by the end of 2027.
The implications are considerable. If two powers possess models capable of discovering tens of thousands of zero-day vulnerabilities, we enter an era of asymmetric cyber warfare. The attacker always has the advantage: it takes only a single unpatched vulnerability to penetrate a system. The defender must find them all and patch them all.
In this scenario, the speed of discovery becomes the key strategic indicator. Whoever's model finds the vulnerabilities first can exploit them before the patch is deployed. It is a race against time where each month of lead time translates to thousands of exploitable vulnerabilities.
Anthropic's refusal to grant access to Mythos only pushes back the deadline. It does not eliminate the threat. This is why the company is calling for a broader tightening of export controls — not to win the war, but to buy time.
❌ Common mistakes
Mistake 1 : Confusing Mythos with a generalist model
Mythos is not in the rankings for general or agentic LLMs. It is not Claude, it is not GPT. It is a cybersecurity-specialized model whose offensive and defensive capabilities have nothing to do with those of a chatbot. Comparing Mythos to Gemini 3.1 Pro makes no sense.
Mistake 2 : Thinking export controls are enough
Chip export controls are slowing China down, but not stopping it. The Stanford AI Index 2026 shows that the gap is already at 2.7% in general, despite 23× less capital. Relying solely on hardware restrictions is a strategic error.
Mistake 3 : Believing Anthropic's restraint is purely ethical
The decision not to release Mythos is as strategic as it is ethical. By keeping exclusive control of the model, Anthropic positions itself as an essential player in US national security. That is considerable power, and the company exercises it consciously.
Mistake 4 : Underestimating security incidents
Three incidents in one month, including unauthorized access. Considering that Mythos is "in good hands" because it is limited to 40 organizations is a mistake. The model itself is a target, and its security is a point of failure.
❓ Frequently Asked Questions
What exactly is Mythos?
It is an AI model from Anthropic specializing in cybersecurity, capable of discovering zero-day vulnerabilities in software code. It is limited to around 40 global organizations and is not publicly available.
Why does China want access to Mythos?
Because the model offers an estimated 6-12 month advantage in offensive and defensive cybersecurity. It is a major strategic asset that Beijing is seeking to obtain or replicate.
Does the NSA really use Mythos?
Yes. According to CoinAcademy, the NSA accesses the model operationally to detect critical vulnerabilities, despite legal tensions between the Pentagon and Anthropic.
What is the actual gap between US and Chinese models?
On general benchmarks, only 2.7% according to the Stanford AI Index 2026. But in specialized cybersecurity, the American advantage is estimated between 6 and 12 months.
Are the security incidents on Mythos serious?
Yes. Three incidents in one month, including unauthorized access, show that the world's most sensitive model is not sufficiently protected. This is a major paradox.
Could a model like GPT-5.5 replace Mythos?
Not directly. Generalist models do not reach Mythos's level of specialization in cybersecurity. But the boundary between the two categories is blurring with the evolution of agentic capabilities.
✅ Conclusion
Anthropic's refusal to grant China access to Mythos is not an isolated incident — it is the first act of a new phase of the AI cold war, where the models themselves become strategic weapons. With an overall gap narrowing to 2.7% and security incidents multiplying, the question is no longer whether this race will intensify, but at what cost. To follow the evolution of frontier models and their geopolitical implications, check out our comprehensive LLM comparison for 2026.