Why Anthropic Is Sounding the Alarm on the Next Generation of AI

MNZGamerX

Registered Member
Joined
Dec 12, 2023
Messages
1,835
Reaction score
2,008
Reputation
1,103.2
Country of Origin
Country of Residence
Anthropic is urging its rivals to pursue an unprecedented regime of AI arms control. The explosive advances in the company’s technology illustrate why that effort may be imperative even as it will be difficult to achieve.

Why-Anthropic-Is-Sounding-the-Alarm-on-the-Next-Generation-of-AI-Council-on-Foreign-Relations-...png


Gordon M. Goldstein
CFR Expert
Adjunct Senior Fellow

Published
June 18, 2026 3:07 p.m.

The ascending artificial intelligence (AI) giant Anthropic is no longer simply a global technology power. Its cutting-edge AI models are increasingly central to U.S. national security. Four recent episodes illustrate this growing reality.

In April, Anthropic withheld the release of its model Mythos Preview, which self-created the most powerful cyber weapon in history, capable of finding more than ten thousand software vulnerabilities in computer networks believed to be highly secure. Earlier this month it was reported that the company had embedded half a dozen “forward deployed engineers” with the National Security Agency to conduct offensive AI cyber operations, presumably against China and Iran. Late last Friday afternoon, the Commerce Department ordered Anthropic to cut off access for all foreign nationals to its two most recent “frontier” models, citing undefined national security concerns. The dramatic dispute with the company, now playing out in the press, is yet another twist in Anthropic’s seemingly tortured relationship with the U.S. national security establishment.

But arguably the most important development came on June 4, when Anthropic issued a significant report on the pace of the AI race titled, “When AI builds itself: Our progress toward recursive self-improvement, and its implications.”

Composed using breezy and sometimes casual prose that obscures its remarkable thesis, the company warned that the next AI breakthrough—perhaps two years away—could create an advanced model so powerful that it evades human control entirely. Anthropic urged its rivals and partners to come together and embark on an unprecedented effort to build a viable multilateral regime of AI arms control.

“Recursive self-improvement” is the anodyne term used by computer scientists to describe the next paradigm of AI. When it arrives, AI will have the capability to perfect and propagate itself, creating future iterations of ever more dynamic models that can prioritize their own survival and potentially self-exfiltrate across the Internet to computer networks around the globe. “If it were possible to effectively slow the development of this technology to give ourselves more time to deal with its immense implications, we think that would likely be a good thing,” Anthropic stated in its report.

Anthropic is absolutely right to issue a warning. But the company has understated both the risks of the new technology and the extraordinary barriers to controlling what promises to be a revolutionary next paradigm in AI.

Acceleration without limits​

Anthropic’s report clearly outlines that the progress to recursive self-improvement is accelerating at an astonishing rate. In the second quarter of 2026, the typical engineer at Anthropic produced eight times as much code per day as they did just two years earlier. Eighty percent of the code Anthropic generates today is created by AI models, not human engineers.

These developments have occurred because the models that the Anthropic lab is creating have dramatically increased in speed. By April, the latest iteration of its Claude model could run its operating code fifty-two times faster than just eleven months earlier. The autonomous capabilities of its new models are perpetually growing. “The length of tasks that they can reliably complete on their own has been doubling roughly every four months,” Anthropic reports.
AI with the capacity for recursive self-improvement may be a game-changer for global security. The implicit risks of this technology should alarm even the most optimistic observer of the AI transition—and serve as a wakeup call for the public.

AI attackers may be massively empowered. Although Anthropic does not discuss it in its report, an autonomous self-improving AI technology could simulate and design unique biological weapons and lethal chemical agents that no human has ever discovered or even contemplated. Future cyber weapons could have the capacity to autonomously generate, assign, and mutate “zero-day” attacks in real time, executing complex network infiltration at an unprecedented scale and speed. A recursive self-modifying AI cyber weapon could design a way to penetrate elaborately defended military networks and breach command-and-control operations.

Human oversight of AI models may be fatally weakened. The next generation of AI is designed to operate autonomously, without human direction, commands, or guidance. “Alignment” is the term computer scientists use as a semantic proxy—a misleading and deficient proxy—to describe the operational control of advanced AI models. “How the alignment problems get solved—or not—in this future is something we are the least certain about,” Anthropic concedes. The company offers a stark warning: “The rare occurrences of misalignment present in today’s models could compound as the models build their successors, growing more frequent but less understood until we lose control of them.”

Computational speed will be revolutionized. Although Anthropic does not discuss it in its report, the timeline of AI technology innovation, already dramatically accelerated by access to mass produced next-generation AI chips, will increase exponentially. The innovation timeline will be compressed from months to literally seconds because of AI’s capacity to continuously modify and perfect its own code. The speed of advanced model development will be instantaneous.
AI may communicate in an opaque language. Although Anthropic does not discuss it in its report, recursive self-improvement may allow AI to communicate with other AI models in ways incomprehensible to human operators. Because the system will dynamically and continuously rewrite its own algorithms, the resulting architecture may be mathematically illegible, preventing human operators from understanding, monitoring, and influencing the models’ behavior.

Why the AI race can’t slow down​

Anthropic is proposing an extremely complex process of AI arms control. “A meaningful slowdown or pause,” Anthropic concludes, “would require multiple well-resourced labs at or near the frontier, in multiple countries, agreeing to stop under the same conditions. It would also require that each can verify that the others have actually stopped.”

The company explicitly acknowledges four great challenges to the proposition of AI arms control—and there is a fifth that they did not.
Time is the enemy of action. Anthropic notes that “the world has built verification regimes for other complex technologies,” such as “the Intermediate Range Nuclear Forces Treaty…but those regimes took decades to build both the infrastructure and the trust. We don’t have that long.”

The history of arms control is an inadequate model for the future. “Due to the unique characteristics of AI systems…this arms control problem is much more challenging than with other technologies,” Anthropic explains. “Training runs are far easier to conceal than missile silos, their inputs are general purpose, and the incentive to defect quietly is enormous, because whoever continues while others pause could inherit the lead.”

Verification mechanisms would need to account for the totality of actors in the global AI race. These systems of verification, the company argues, “would enable frontier AI developers to verify that others globally have stopped or slowed, and that a bad actor could not use the auspices of a coordinated slowdown to jump ahead in secret.”

Chip designers and manufacturers are essential to implementing a coordinated development pause. “In this world,” Anthropic asserts, “the pace of progress in AI development becomes determined entirely by the availability of compute.”

Total available computing capacity from AI chips across all major designers has grown by more than 300 percent per year since 2022. Nvidia, AMD, and Intel lead the global market. With $165 billion in annual revenue, TSMC of Taiwan dominates the overall semiconductor manufacturing, including the fabrication of custom AI processors. Without controlling the AI industry supply chain, including monitoring with the deployment of physical verification mechanisms, enforcing a pause in advanced AI model development would be infeasible.

China is unlikely to play ball. Anthropic is silent on perhaps the single greatest barrier to AI arms control. The word “China” never appears in Anthropic’s analysis of managing the recursive self-improvement transition. The company barely acknowledges the broader geopolitical environment, a major driver of the current AI competition.

The United States appears to be ahead in developing advanced AI models, overshadowing Chinese AI labs such as DeepSeek, Alibaba Qwen, and ByteDance Seed. But that advantage may be evanescent because it is primarily based on the greater access U.S. AI companies presently have to industrial “compute” capacity, a lead China is determined to erase. Without Beijing, a global AI development pause will be out of reach. China has expressed some interest in security safeguards, but largely to dull the U.S. edge in the global AI race.

Will explosive growth spark a collective response?​

Just a few years ago AI scientists regarded recursive self-improvement as an intriguing but hypothetical breakthrough. The locus of expert opinion has shifted, reflecting the spectacular advances in new AI models, which are pumped into the world on average every four months. When AI can refine, perfect, and replicate itself—and models can communicate in an opaque mathematical language while evading termination by self-exfiltrating across global computer networks—fundamental human control over the technology could evaporate.

Anthropic, alone among its rivals so far, has persuasively demonstrated through its own explosive growth and very recent history that this next paradigm of AI may arrive quickly. Logic suggests that two choices await. Industry leaders can be passive, allowing the future to unfold without attempting to shape it. Or alternatively a collective effort—even one confronting steep odds—can be catalyzed to attempt something coherent to prepare for a very dangerous tomorrow. Anthropic seems to be committed to the latter path. As the company would say, pursuing this mission, despite its severe challenges, seems “likely to be a good thing.”
 
AI ‘months away’ from taking down governments – intelligence group

Five Eyes cyber agencies have warned that frontier models could soon transform offensive hacking capabilities

Published 22 Jun, 2026

6a39622d85f54035f916456d.jpg

Advanced artificial intelligence models could soon give hackers the ability to cripple governments, businesses, and critical systems, cyber agencies from the Five Eyes intelligence group have warned.

In a rare joint statement published on Monday, cyber security leaders from Australia, the US, the UK, Canada, and New Zealand said frontier AI models are developing faster than expected and are “anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities.”

“The timeline is not years, it is months,”
the agencies said, adding that “cyber risk can no longer be treated as a purely technical issue. This is a core business risk and leadership responsibility.”

The statement said AI will help improve cyber defense over time, but is also lowering the barrier for malicious actors, increasing the speed and complexity of attacks, while shrinking the window between vulnerability discovery and exploitation.

The agencies urged organizations to strengthen their digital defenses, update outdated software more quickly, limit access to sensitive systems, and prepare for cyberattacks before they happen.

While the Five Eyes statement did not name any single model or company, the recent debate over AI security has centered on US developer Anthropic, which has faced scrutiny over its latest and most advanced systems.

Earlier this year, the company said one of its flagship models, Mythos, was too powerful to be released to the general public and limited access to a small group of trusted organizations. The company later introduced Fable 5, a more restricted version of the technology, but both models were subsequently taken offline after the US government ordered that foreign citizens be barred from using them, citing national security concerns.

The developments come amid broader warnings from researchers, technology leaders, and security officials that AI capabilities are advancing faster than governments and institutions can adapt.

Experts have increasingly cautioned that systems designed to boost productivity and strengthen cyber defenses could also be used to automate attacks, lower barriers for malicious actors, and amplify the impact of small groups.

 
N.S.A. Lost Access to Powerful A.I. Model Amid Anthropic Dispute

A recent episode underscored the Trump administration’s increasing reliance on advanced A.I. systems for cybersecurity even as it battles a leading U.S. developer.

23dc-nsa-photo-hqtg-superJumbo.webp

Published June 23, 2026

The National Security Agency has lost access to a powerful A.I. model developed by Anthropic amid the Trump administration’s brawl with the start-up, U.S. officials said, depriving the intelligence agency of a tool that has impressed and alarmed its analysts with how good it is at finding software weaknesses.

This month the Trump administration imposed export controls on Anthropic, citing national security concerns. That action forced Anthropic to pull back the release of its most advanced models, known as Mythos 5 and Fable 5.

The N.S.A.’s cybersecurity analysts had been testing versions of Anthropic’s tools when the latest models were unplugged.

The controlled tests proved impressive even within the halls of the N.S.A., a secretive fortress outside Washington that specializes in developing digital espionage techniques against foreign adversaries and protecting U.S. networks from cyberattacks.

The power of Anthropic’s tools, and their importance to the N.S.A., were highlighted in a congressional hearing this month that underscored the administration’s increasing reliance on the most advanced A.I. systems for cybersecurity even as it battles a leading U.S. developer.

During the session, Senator Mark Warner, the top Democrat on the Intelligence Committee, said that the N.S.A. chief, Gen. Joshua Rudd, had informed him that Mythos “broke into almost all of our classified systems, not in weeks, but in hours.” The comments attracted considerable attention after The Economist cited them in a report.

But Mr. Warner’s statement — about highly technical issues — was oversimplified, the officials said, and set off rampant speculation on social media that the latest A.I. offerings were even more earth-shattering for cybersecurity than realized. Some concluded that sophisticated A.I. models were now able to quickly compromise the classified networks that should be among the most secure on the planet.

In reality, the tests involved “red teams” of N.S.A. analysts who were using Mythos in a highly tailored environment that would be extremely unlikely for an adversary to replicate, officials said. The red teams began their tests within classified N.S.A. systems designed to be accessible only from certain computers and completely cut off from the broader internet.

The tests found that Mythos was able to identify cybersecurity flaws within that classified network quickly, but it did not actually break into those systems, the officials said.

Red-teaming is a common practice in the field of cybersecurity to stress-test computer systems in order to identify and fix vulnerabilities. Technology companies big and small, as well as government agencies, routinely engage internal and external red teams to improve their digital defenses.

Still, even though the N.S.A. did not experience the doomsday scenario some had feared, analysts at the spy agency were stunned by how capable Mythos appeared to be in controlled test settings, which exceeded already lofty expectations.

A White House official, speaking on the condition of anonymity, said that the administration had taken action to protect classified systems from cyberthreats. The official said the government was continuing to use advanced A.I. models to mitigate vulnerabilities but did not say which technology was being used.

On Monday, cybersecurity agencies from the United States, Britain, Canada, Australia and New Zealand — an alliance known as the Five Eyes — issued an unusual public statement warning that artificial intelligence was “rapidly transforming cyberrisk.”

The statement called on businesses to urgently invest in adopting A.I. to protect their networks before it was too late.

“Frontier A.I. models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cybercapabilities,” the alliance said. It added, in a turn of phrase echoing Mr. Warner’s statement: “The timeline is not years, it is months.”

Anthropic first came into major conflict with the Trump administration this year over a $200 million Defense Department contract for A.I. use in classified systems. In a feud that became extraordinarily public, the two sides disagreed over the parameters for how A.I. technology should be used in war.

Defense Secretary Pete Hegseth decided in February to label Anthropic a “supply chain risk,” declaring the company a danger to national security. It was the first time the label had been used against an American company. Anthropic has sued the government over the designation.

In April, Anthropic unveiled Mythos, a new A.I. model. Mythos was so powerful at identifying security software vulnerabilities that Anthropic said it could pose an existential risk to digital technology — a view endorsed by some independent security experts but met with skepticism from others. The start-up would hold back the model, it added, except to a select few organizations and companies.

The N.S.A. was among the first organizations to be granted access, putting it in an unusual position of testing a product that the Pentagon deemed a risk to national security. The agency continued testing Anthropic’s latest products until the export control directive was issued this month.

Some administration officials have in recent weeks been looking for an off-ramp in the Pentagon dispute, according to U.S. officials and others familiar with the matter, and are trying to resolve the export control issue as well.

The White House and intelligence officials had pushed forward a classified contract between Anthropic and the N.S.A., which would allow the spy agency to use the company’s technology for a variety of purposes, including intelligence analysis and detecting new computer vulnerabilities.

That contract has not been finalized, and some Pentagon officials want the N.S.A. to find a way to work with other models.

 
Pete Hegseth Called Anthropic a ‘National Security Risk.’ Now CISA Is Using It.

July 14, 2026
By: Peter Suciu

Pete-Hegseth-Called-Anthropic-a-‘National-Security-Risk-’-Now-CISA-Is-Using-It-The-National-In...png

CISA is one of around 100 organizations approved to use Anthropic’s Mythos model, which is far better than human penetration testers at detecting and exploiting software bugs.

The United States Cybersecurity and Infrastructure Security Agency (CISA) is now using artificial intelligence (AI) developer Anthropic’s Mythos platform to “audit government software”—a seeming rebuke of the Pentagon, which classified the company as a “national security risk” in February and attempted to institute controls on its use by government agencies.

CISA’s Attack Surface Evaluation team has been employing the model to audit source code and identify flaws that could be exploited by cybercriminals or nation-state actors, Reuters first reported last week.

The initiative is apparently part of a pilot program to evaluate whether AI can accelerate software security reviews across government systems. According to the Reuters report, Mythos successfully identified multiple vulnerabilities during testing, although specifics on the number of vulnerabilities, severity, or affected software were not disclosed.

What to Know About Claude Mythos

The Claude Mythos platform is an extremely advanced large language model (LLM) that hasn’t been released to the general public due to concerns that its software engineering capabilities could be too dangerous. The software has already been used to identify thousands of zero-day vulnerabilities in every major operating system and web browser, including decades-old bugs.

As the AI can spot even the most subtle bugs, it has the capability to self-correct any coding mistakes, giving it clear commercial applications. The main risk is that in the wrong hands, it could also autonomously execute exploits at scale and speed that far exceed any human capabilities.

“Software code review and analysis are nothing new. Realistically, most issues found are not exploitable without very specific conditions being met (i.e., the vulnerable function needs to actually be invoked and exposed to the attacker in order to be abused),” explained Chris Traynor, penetration tester at Black Hills Information Security (BHIS) and instructor at Antisyphon.

Traynor told The National Interest via email that he believes that AI vulnerability scanning will likely find many new and novel issues that were simply too complex to identify with legacy tools before.

“But added complexity can cause limitations in exploitability,” Traynor said. “AI scanning will likely produce a lot of unactionable output very quickly that will need to be reviewed by experts to find the real risks.”

AI Is Far Better Than Humans at Finding Bugs—for Better and Worse

Software bugs are virtually inevitable and incredibly common in development. Complex systems require thousands of lines of code, and anything from minor typos to miscommunications to logical missteps can lead to bugs. This introduces unpredictable variables.

Code also doesn’t exist in a bubble, nor is it created in one. Changes in operating systems, web browsers, and third-party services can break functioning software, often without warning.

More worrisome is that such software bugs serve as the foundation for almost all exploits in cybersecurity. A bug has the potential to create unintended weaknesses, such as how a program handles data or permissions. Many software vulnerabilities can go unnoticed, often hidden for years.

The danger is that AI can find those quickly. It is an extremely useful, but essentially neutral, tool: a developer or “white hat” penetration tester can use AI to help patch faulty code, or a “black hat” hacker can use it for nefarious purposes.

“AI finding vulnerabilities in federal code at scale is interesting, but the harder question is what happens after the finding. A vulnerability that exists in a library no one calls, behind a network segment no one reaches, is not the same problem as one sitting in a critical authentication path,” said Seemant Sehgal, founder and CEO of cybersecurity provider BreachLock.

“Without validating exploitability and reachability, every finding lands with the same weight, and that creates its own kind of risk,” Sehgal told The National Interest. “The real test of this program is whether the output helps prioritize action or just expands the backlog.”

The US Government Has a Mercurial Approach to AI

The federal government is already using AI extensively, deploying more than 3,600 distinct AI programs across its agencies. But the Trump administration is less clear about how it believes AI should be used in security matters.

“The federal government can’t seem to decide what it thinks about AI in general, or Mythos in particular,” Bronwen Aker, AI research and strategy analyst at BHIS, told The National Interest. “One week Anthropic is a supply-chain risk, the next week CISA is handing Mythos the keys to scan federal code for vulnerabilities.”

The intra-government squabbles over Anthropic are by now a matter of public record. In February, the Pentagon called for Anthropic to be banned across the entirety of the federal government. Four months later, in June, the Department of Commerce instituted an export ban on two powerful Anthropic models, Fable and Mythos, leading Anthropic to shut both of them down.

Earlier this month, the Department of Commerce lifted the export ban, and Fable has been made available to the general public once more. Mythos had been strictly limited to just around 100 vetted US organizations focused on critical infrastructure and cybersecurity. That seems to include CISA, which is employing the platform in the software audit.

“That inconsistency would be bad enough to start with, but because it’s not clear what Mythos is actually scanning, it’s much, much worse,” Aker told The National Interest in an email.

It remains unclear if it is government-written code or software built by third-party contractors and vendors.

“In-house bugs are one problem,” warned Aker. “Vendor bugs running across federal systems are a supply chain problem, and the public has a right to know which one this is.”

AI-Generated Code Is Part of the Security Problem

Part of the problem is that at the same time AI scans for vulnerabilities in legacy code, it also generates new code on the other end—code with many of the same flaws in it as human-generated code. In other words, using AI to patch bugs is only solving half the problem.

Jacob Krell, senior director for secure AI solutions and cybersecurity at security provider Suzu Labs, observed that CISA pointing Mythos at government codebases should be seen as a smart move, but perhaps only the opening move in what could be a long game.

“I’ve seen federal systems running code that hasn’t had a serious security review in a decade, and a model like Mythos can cover that volume in hours instead of months,” Krell told The National Interest. “Every federal agency and contractor also has developers writing code with AI assistants, and those tools produce insecure output more often than secure output. Authorization flaws, hardcoded credentials, missing input validation, all shipping by default because the models optimize for ‘does it run’ and skip ‘is it safe.’”

The danger is that when combined, the result is akin to a treadmill that isn’t so easy to get off of. In this case, Mythos finds legacy bugs, teams patch them, but then AI coding tools introduce fresh vulnerabilities even as they fix the old ones.

That puts everything from power grids to water systems, which may be privately run, still squarely in the crosshairs of hackers.

Krell suggested that CISA can’t simply harden federal code and call it done.

“If the agency has a scanning tool this capable, the operators running critical infrastructure need access to it too, because those are the systems that actually keep the lights on,” he said. “I’d want CISA to pair this initiative with secure-generation standards for AI coding tools in federal development, and extend scanning access to critical infrastructure operators. We are draining the pool while the hose is still running.”

 

Users who are viewing this thread

Back
Top