Yoshua Bengio, a Canadian computer scientist recognized as one of the Godfathers of AI, has challenged Anthropic's restricted distribution model for Claude Mythos, arguing that concentrating control of critical infrastructure protection in a single private company creates unacceptable governance risks and leaves vast portions of the global economy vulnerable.
Bengio's concern centers on a fundamental question of institutional authority: who decides access to technologies that affect everyone's security? In an interview with Fortune, he stated: "It doesn't make sense that private individuals are deciding the fate of infrastructure for everyone else. What about all the companies and all the countries that didn't get access?"
The Technology and Its Dual-Use Challenge
Mythos is an AI model capable of identifying thousands of previously unknown "zero-day" vulnerabilities—security flaws that attackers can exploit before developers can patch them. Anthropic has justified its controlled rollout by citing the model's dual-use nature: it can strengthen cybersecurity defenses but could also enable cyberattacks on critical infrastructure.
Currently, access is limited to a small group of primarily US-based companies and government entities. The Bank of England has publicly stated that Anthropic assured UK banks of near-term access, while discussions at IMF and World Bank spring meetings highlighted concerns about the model's ability to expose weaknesses in global financial systems—particularly troubling given that many regulators and companies outside the US have not yet evaluated its findings.
The White House Office of Management and Budget has confirmed that several federal departments, including the Department of Defence, Treasury, and Homeland Security, will begin using a version of Mythos, according to a memo obtained by Bloomberg. This expansion occurs despite ongoing legal disputes between Anthropic and the Pentagon over earlier supply-chain risk designations.
Governance Versus Market Control
Bengio's core argument reflects a classical concern about concentrated private power over public infrastructure. He is calling for greater international involvement in AI regulation and has proposed establishing an international authority to oversee the production and use of highly sophisticated AI technology.
"There needs to be an agency really in charge of overseeing these kinds of decisions," Bengio said. "As the power of AI continues to grow, this question of international commitment becomes pressing. There's no reason that it's going to limit itself to attacking US infrastructure or US citizens. So this has to be an international affair."
He emphasized that governments should impose strict rules and regulations on businesses to prevent misuse of advanced AI technology from affecting other nations' infrastructure.
The Broader Security Architecture
Bengio also cautioned against overreliance on open-source AI models, noting that advanced AI systems have become sophisticated enough to search open-source software for vulnerabilities. This compounds the challenge facing organizations without privileged access to proprietary security tools.
His analysis extends to geopolitical dimensions. Bengio stressed the importance of including China in any global AI governance framework, given the ongoing race between the US and China in developing advanced AI systems. Although he estimates Chinese models may lag behind US counterparts by a few months, he emphasized that the gap does not significantly reduce associated risks.
The debate has fueled broader concerns about "AI sovereignty," as countries seek to reduce dependence on foreign technology providers. Geopolitical tensions and fears that access to critical technologies could be influenced by national interests or policy shifts have amplified these concerns.
Why This Matters:
The Mythos access debate raises fundamental questions about institutional governance in the age of advanced technology. When a single private company controls distribution of tools essential to national cybersecurity, it creates asymmetric dependencies that undermine both market competition and national sovereignty. Countries and companies excluded from access face genuine security disadvantages—they cannot evaluate vulnerabilities in their own systems using the most advanced tools available. This creates pressure for government intervention, either through regulatory mandates or direct access demands, which could further concentrate power rather than distribute it. The tension between Anthropic's liability concerns and legitimate global security needs suggests that neither pure private control nor ad hoc government access represents a sustainable solution. The question of how to balance innovation incentives with equitable access to critical security infrastructure will likely define AI governance frameworks for years to come.