Sriram Krishnan highlights Anthropic’s Mythos as a double-edged sword for cybersecurity
The former White House AI adviser addressed the lifting of export controls on Anthropic's models while flagging the urgent need to protect critical systems from AI-powered exploitation.
Sriram Krishnan, the former senior White House AI policy adviser, appeared on CNBC on July 1, 2026, to discuss Anthropic’s Claude Mythos and its ability to find and exploit software vulnerabilities.
His message was blunt. Mythos is effective at discovering cyber weaknesses, and critical systems need protection. The statement came the same day that US export controls on Anthropic’s Mythos 5 and the more guarded Fable 5 variant were lifted, barely weeks after they were imposed.
From internal leak to export controls and back again
The model was leaked internally in late March 2026, showcasing what observers described as a step-change in autonomous vulnerability discovery. That leak immediately triggered national security concerns and drew scrutiny from White House officials.
Anthropic officially launched Claude Mythos Preview on April 7, 2026. Through a limited initiative called Project Glasswing, the company granted early access to roughly 50 trusted partners, including banks and security firms. The results were staggering: Mythos uncovered over 10,000 critical software vulnerabilities through that restricted program alone.
In mid-June 2026, the Trump administration slapped export controls on Mythos 5 and Fable 5 after reports surfaced of a jailbreak that bypassed the models’ security safeguards. Those controls lasted only a matter of weeks before being lifted around July 1, coinciding with Krishnan’s CNBC appearance.
The policy framework Krishnan left behind
Before departing the administration, Krishnan helped establish a 30-day government testing window for frontier AI models. The idea is straightforward: before a cutting-edge model goes live, the government gets a month to poke at it and assess national security implications.
That policy reflects the core tension Krishnan highlighted on air. Mythos isn’t just a threat vector. It’s also, potentially, a powerful defensive cybersecurity tool. When you can autonomously discover 10,000 severe vulnerabilities through a limited access program, the defensive applications are enormous. But the same capability that lets Mythos find vulnerabilities for defenders could, in the wrong hands, be used to exploit them.
What this means for investors
The lifting of export controls sends a clear signal about the current administration’s posture: innovation wins, at least for now. Anthropic’s Project Glasswing model, which limited access to vetted partners like banks and security firms, could become a template for how these tools get distributed commercially.
The regulatory volatility itself is worth monitoring. Export controls that appear and disappear within weeks create uncertainty for any company building products on top of these models. Investors should watch whether the 30-day testing window policy Krishnan helped create becomes a durable standard.