Schneier: Anthropic's Vulnerability-Detection Model Limited to 50 Orgs
What Happened
In a co-authored essay, Schneier and David Lie argue that restricting Mythos to a small group of large software vendors leaves critical infrastructure outside that footprint underprotected. They call for academic and broader access, noting LLMs perform best on training-similar code — meaning niche or legacy systems get worst coverage exactly where it's most needed.
My Take
Anthropic's gated rollout is defensible safety policy and indefensible market policy. Concentrating offensive-capable models in 50 orgs creates a two-tier security world where Fortune 500s get auto-patched and everyone else gets owned. The right model is academic access with strict use agreements — but Anthropic won't ship it because the legal exposure terrifies them. Expect a Senate hearing within six months once a hospital chain or municipal utility gets breached by a vuln Mythos could have flagged.
Read Original Source