America must guard against China’s own Mythos

Stay informed with free updates

The writer is senior fellow for China and emerging technologies at the Council on Foreign Relations, and former US National Security Council deputy senior director for technology and national security

April 2026 marked a turning point in artificial intelligence: America’s leading AI companies developed models so powerful that they decided not to immediately release them to the public. These systems are the most capable cyberweapons ever built, and AI leaders have warned for years that their arrival would reshape national security. That moment is here.

The consequences of losing the AI arms race are no longer theoretical. AI models are now the decisive offensive and defensive tools in cyber space, and American and allied cyber security depends on maximising the US lead over China in AI.

Anthropic’s newest model, Claude Mythos Preview, is the first AI model that can autonomously discover, chain together and exploit or patch software vulnerabilities more effectively than almost every human researcher, at unprecedented scale. Cyber security experts describe Mythos as a “watershed event in the history of cyber security”.

In AI-enabled cyber warfare, an adversary with superior AI capabilities could identify and exploit unknown vulnerabilities in any system to overwhelm US defences. But a defender that deploys a superior AI model first can find and patch those vulnerabilities before they are exploited.

Instead of releasing Mythos publicly, Anthropic is deploying it only to select US technology companies for the purpose of shoring up US cyber defences. OpenAI announced that its upcoming model, Spud, would similarly only be released to select cyber security partners. The White House, Treasury department and Federal Reserve have launched parallel efforts to harden US critical infrastructure against AI-enabled cyber attacks.

These efforts are urgent because China will develop a model as capable as Mythos soon. China’s best AI models currently lag behind leading US models by about seven months, potentially slightly more. Seven months is therefore the window to harden America’s entire digital infrastructure before Chinese cyber weapons surpass current US defences.

However, China’s AI ecosystem is built on the back of American technology. China’s leading AI companies develop their models using US chips, which are significantly better and produced in far greater quantity than their Chinese equivalents. These companies train their models on data generated by US models, conducting illicit “distillation attacks” that help them replicate US capabilities. And Chinese chipmakers rely on advanced chipmaking tools, which China can’t produce, made by the US, the Netherlands and Japan. In 2024, China purchased more deep ultraviolet lithography machines from ASML than every other country combined.

Without access to such US and allied technologies, China’s AI models would trail by years, not months.

The US can extend its lead, and buy time to shore up defences, by tightening export controls on all critical AI-enabling technology. Existing controls helped the US obtain its current seven-month lead, but they contain gaps and loopholes that must be closed. And because defences need to be updated with each new model release, this is a continuous effort, not a one-time push.

For the US to maximise its lead, it must halt all exports of AI chips to China, including less advanced models such as the Nvidia H200. It must curtail China’s AI chip smuggling networks — just one instance of which diverted $2.5bn of Nvidia servers to China via south-east Asia — by requiring export licences for large-scale orders globally. It must block Chinese companies from accessing export-controlled chips through the cloud, which is currently unrestricted. It must block China’s access to US AI models themselves, either via export or remote access. And it must halt exports of semiconductor manufacturing equipment capable of producing advanced chips, including foreign-made equipment relying on US technology.

This does not preclude co-operation with China on AI safety. During the cold war, the US blocked all American technology from assisting the Soviet nuclear programme, but eventually shared “permissive action link” technologies that prevented unauthorised launches. The same principle should apply here: maximise the US lead, while talking to Beijing about guardrails.

With these steps, the US lead could expand from seven months to 18 or more, buying critical time to deploy AI-based cyber defences nationwide. Every additional month means another bank, another hospital, another power grid secured before China — or another country using Chinese technology — develops the tools to break in. Washington should buy them as much time as it can.

#America #guard #Chinas #Mythos