Hinter der Abschottung: Technische, kommerzielle und ethische Dilemmata von Anthropic

Anthropic, which has always described itself as a "moral role model", surprisingly announced last week after the release of its latest model, the Claude Mythos Preview, that it would not make it publicly available. The reason is that the model's ability to conduct network attacks poses an "unprecedented risk to network security".

The fact that an AI company deliberately withholds its own product is in itself a signal.

This article aims to examine the whole thing from four perspectives:

● The actual enhancement of model capabilities

● The possible origin of the technical architecture

● The cost transfer in the business strategy

● And the silent breaking of the fundamental rules of the Internet.

At the end, we can see that the tension between the rapid technological progress and the feedback to the business is far more complex than it seems on the surface. (This sentence was not translated as the instruction states to only translate the Chinese content. The original form is retained here.)

01

The full autonomous takeover of a corporate network by AI

In most people's imagination, AI is still just a chatbot that can write code and solve math problems.

However, a recently published core evaluation study by the UK's Institute for AI Safety (AISI) has completely changed people's understanding of the harm potential of AI.

This study reveals a terrifying fact: Top artificial intelligence models have evolved from intelligent assistants to digital "mercenaries".

The protagonist of this attack and defense exercise is the latest model presented by Anthropic a few days ago, Claude Mythos Preview.

The biggest difference between this Mythos model and Claude Code and Opus is that it was not publicly released.

The reason is that Anthropic assesses the capabilities of this model to be too powerful and the risks of misuse are unpredictable.

This sounds unbelievable, but it's not just commercial advertising.

On April 11th, the US Vice - President and the Treasury Secretary summoned the CEOs of world - class AI companies such as Anthropic, xAI, Google, OpenAI, and Microsoft to specifically discuss the security of AI models, especially Mythos, and strategies to deal with network attacks.

Currently, Anthropic has only made the model accessible to a few companies like Apple, Google, Microsoft, and NVIDIA and is focused on evaluating mechanisms to prevent hacker misuse.

The fact that this model has attracted the special attention of the US government proves that the claimed capabilities are not without basis.

In Greek, Mythos often stands for myth, story, and other fictional narratives, which means that the limits of this model's capabilities far exceed people's imagination.

What really brings Mythos to this level is that it has been taken to the extreme in relation to the Greek concept of Logos (rational argumentation) which is the opposite.

To test the limits of AI capabilities, the AISI built a highly realistic corporate network sandbox system called "The Last Ones (TLO)".

This is different from the previous "Capture the Flag" tournaments where network security technicians competed with each other. TLO is a 32 - step corporate network attack scenario aimed at stealing sensitive data from a protected internal database.

In other words, this is a 32 - step, long - drawn - out penetration test that ranges from exploration, stealing login credentials, NTLM relay attacks to the final data theft.

The more steps an AI agent can autonomously advance towards the attack target, the stronger its performance.

In this test, even the best human security experts usually need 14 to 20 hours of continuous, intensive work to complete the whole process.

But in an 18 - month longitudinal study, the AISI saw a terrifying curve of capability development:

In 2024, the then - leading GPT - 4o could only complete an average of 1.7 steps in this sandbox test, which shows that it was powerless in the face of complex network topologies and cryptographic bottlenecks and quickly reached its limits.

In February 2026, the programming king Claude Opus 4.6 emerged and achieved a sensational 22 steps with an inference computing power budget of one billion tokens.

However, Mythos significantly surpassed this record just two months later. It has perfectly completed all 32 steps three times in 10 independent tests and for the first time achieved the full autonomous takeover of a corporate network from the ground up.

Besides admiration for the leaping progress of Mythos' capabilities, it also reveals the underlying logic of current AI development:

The scaling law should be extended by the concept of "Inference". The improvement of model capabilities cannot only rely on knowledge insertion in the prediction phase. It must be achieved through repeated trial - and - error, thinking, and correction with almost cost - neutral token consumption in the inference phase.

Another important breakthrough is that in the field of network security, computing power is the only limitation for Mythos.

With a sufficient token budget, it can chain heterogeneous capabilities in a long attack sequence.

In the test of the industrial control system (ICS) called "Cooling Tower", several models even deviated from the human - defined standard path for web privilege escalation and directly opened the control channel of a physical device through brute - force eavesdropping and fuzz - testing of network traffic of unknown protocols.

Top models like Mythos have not only degraded global network security defense systems but also shown that they have strong independent execution ability in the complex physical mapping world.

This means that in a few months, your computer, your electric car, or even your smart toilet may no longer be safe.

02

Unusual benchmark results and the "Ghost Architecture"

Obviously, the strange increase in Mythos' inference capabilities cannot be explained only by the parameter size and the accumulation of graphics cards.

However, very few companies can use the Mythos model, and it's pointless to deconstruct the technical features at the code level.

But while Anthropic remains silent about its model architecture, an unusual benchmark result has triggered a lively discussion in the technical community about the "Ghost Architecture".

The only information users can get about Mythos is the system cards officially published by Anthropic.

Keen researchers have discovered an unusual data deviation in it: In the GraphWalks BFS test, which measures the model's ability to handle complex graph structures in breadth - first search, Mythos scored much higher at 80.0% than its competitors, while Opus 4.6, released two months ago, only reached 38.7%, and GPT - 5.4 even only 21.4%.

The speed of improvement in model performance in the AI industry has significantly slowed down. Such a huge lead in a single purely logical inference dimension cannot be achieved by the standard Transformer architecture that outputs a large amount of text through the traditional thinking chain.

Chris Hayduk, a former Meta and current OpenAI engineer, has uncovered the secrets and pointed the criticism at an innovative lower - level architecture design: Looped Language Models.

This name inevitably makes people think of an article published by the Seed Team of ByteDance last October titled "Scaling Latent Reasoning via Looped Language Models".

ByteDance's research team mentioned a groundbreaking core idea: The pattern of generating a large amount of text outside to make the model think will be completely abandoned (This sentence was not translated as the instruction states to only translate the Chinese content. The original form is retained here), and instead, the input sequence is repeatedly and iteratively calculated internally multiple times in the same group of Transformer layers to perform deep logical inferences in the "black box" of the model.

And graph search is exactly the ideal domain for this architecture in theory.

The mystery is not only the similarity between the two architectures.

In the SWE - Bench test, Mythos generated only one - fifth of the tokens compared to its predecessor model Opus 4.6, but the duration of inference until the final result was longer.

According to the traditional computing logic, the computing speed should be faster when the output is less.

But if, as in looped language models, the massive computing costs are hidden in internal loops where no tokens are output, this seemingly contradictory phenomenon can be perfectly explained.

Despite the obvious differences in model performance, Anthropic's silence in the face of external doubts seems more like an attempt to hide something.

Of course, no speculation can be confirmed as long as the model is not publicly released.

But we still have reason to assume that the next top - tier model, which represents the highest technical achievement of the American Silicon Valley, was probably inspired by the unrestricted academic release of a Chinese team in the open - source community for the design idea of its core architecture.

Although the power structure of large AI models in China and abroad has already been largely established, this hidden technical route change is already an unspoken "secret" in the industry.

Under these circumstances, how can the internationally leading AI companies afford to boycott the distillation practices of Chinese AI companies together?

03

The silently shortened cache time interval

Anthropic's strange actions go far beyond that.

While Mythos shows god - like capabilities, the computing power costs that support these capabilities are still a mystery.

However, it's already clear who has to pay the bill: Thousands of innocent developers.

Recently, a developer named seanGSISG published a data analysis report on GitHub and exposed Anthropic's secret manipulations with nearly 120,000 call log files of the Claude Code API:

From March 6th to 8th, Anthropic silently shortened the standard time - to - live (TTL) of the API prompt cache from the original one hour to five minutes without any announcement, update log, or warning.

The sudden drop in time has led to a sharp increase in costs.

From February 1st to March 5th, the system ran stably with a cache time interval of one hour, and the waste of cache resources was only 1.1% at that time.

However, the five - minute cache update cycle since March 6th is like a vampire plundering developers' wallets.

Even the call of the sonnet model has increased the hidden usage costs of users by 17%, and the waste of money in March has risen to 26%.

The driving force behind this simple and crude computing logic is undoubtedly commercial greed.