Anthropic's 'Too Dangerous' AI Is Now Available to 150 Organizations. Should We Be Worried?

Is it just me, or does "too dangerous to release publicly" mean something different than it used to?

Last week, Anthropic announced it's giving 150 organizations access to Mythos, its AI model designed specifically to find and exploit cybersecurity vulnerabilities. This is the same model the company previously said was too risky to make widely available. Now the EU's cybersecurity agency, ENISA, is getting access too.

I initially thought this was Anthropic backing down from its safety stance. After reading more about it, I think the reality is messier, and honestly, more interesting.

The "Controlled Release" Argument

Here's what Anthropic seems to be doing: instead of releasing Mythos to everyone (which, fair, would be chaotic), they're picking who gets to use it. Government agencies. Security researchers. Organizations that presumably won't immediately use it to break into hospital networks.

The logic makes sense on paper. A tool that finds vulnerabilities is only as dangerous as who's wielding it. Give it to defenders, not attackers, and you've theoretically made the internet safer.

But 150 organizations is... a lot? I should know this better, but I couldn't find details on Anthropic's vetting process for these groups. Who decides which 150 make the cut? What's the criteria? The company didn't disclose specifics, at least not in anything I could find.

The Problem With "Trusted" Access

You might be wondering why this matters for robotics coverage. Here's the thing: embodied AI systems are increasingly networked. The humanoid in your warehouse talks to the cloud. The delivery robot pings servers constantly. If Mythos can find exploits in computer systems, it can presumably find exploits in robot control infrastructure.

And once you give 150 organizations access to something, you've created 150 potential leak points. Not because these organizations are malicious (I assume they're not), but because security is hard. People leave jobs. Credentials get compromised. Someone's intern downloads the wrong thing.

I'm not saying Anthropic is being reckless. I think they're genuinely trying to thread a needle here. But the needle keeps moving.

The EU angle is interesting. Bloomberg reported that ENISA is getting access, which suggests Anthropic is positioning this as a cooperation with regulators rather than a commercial rollout. That's a different vibe than "we're selling this to 150 customers." Whether it stays that way, tbh, remains unclear.

What This Tells Us About AI Safety Theater

I keep coming back to the phrase "too dangerous to release publicly." It sounds absolute. It sounds like a line in the sand. But apparently it meant "too dangerous to release publicly, unless you're one of the 150 groups we've approved, in which case here you go."

This isn't necessarily hypocrisy. It might just be how AI deployment actually works: not binary safe/unsafe decisions, but a spectrum of access controls and trust relationships. The problem is that Anthropic's original framing didn't leave room for that nuance.

I think we're going to see more of this. Companies announce something is too risky, then quietly expand access when the business case or regulatory pressure demands it. The "too dangerous" label becomes a negotiating position rather than a technical assessment.

For robotics specifically, this matters because the same pattern will play out with embodied AI capabilities. Some model will be "too risky" for general deployment in physical systems. Then it'll be available to "approved partners." Then the partner list will grow. Then someone will figure out how to jailbreak it anyway.

I don't have a clean conclusion here. Anthropic might be handling this exactly right, expanding access carefully while maintaining oversight. Or they might be discovering that "controlled release" is harder than it sounds. We don't know yet. But I'd feel better if they'd told us more about who those 150 organizations are and what guardrails exist beyond trust.