When AI stops being a tool and becomes infrastructure

The debate around artificial intelligence usually revolves around the same questions: which models are more powerful, which are cheaper, which generate better images. But there is a quieter shift that deserves attention: the move toward highly specialized, restricted-access systems designed not for end users, but for governments, large corporations and institutions with very specific needs.

Mythos, developed by Anthropic, is one of the clearest examples so far. To understand its implications, we spoke with Esteve Almirall, Professor in the Department of Operations, Innovation and Data Sciences at Esade and an expert in technological innovation.

A model that is not for sale

Mythos Preview is not a model you can simply purchase or subscribe to. Anthropic has kept it out of the general market and placed it within a controlled-access program called Project Glasswing — an initiative focused on defensive cybersecurity that works with major technology partners (AWS, Apple, Cisco, Google, Microsoft, among others) and institutions responsible for critical infrastructure.

According to Almirall, there are two main reasons: the computational cost — likely enormous — and the inherent risk of a technology capable of identifying and exploiting software vulnerabilities at a level that, in some tests, has surpassed human experts.

“We are not just dealing with a cost issue, but with control. These types of models are not designed for mass consumption, but for a highly specialized B2B market.”

Anthropic’s business model appears to revolve around subscriptions or pay-per-vulnerability discovery. High cost, high value, restricted access.

The rise of vertical models

Mythos is not an isolated case. OpenAI has GPT-5.4-Cyber, a version of GPT-5.4 tailored for defensive cybersecurity, and has recently introduced GPT-Rosalind, aimed at life sciences research and drug discovery. The pattern is clear: more vertical, more expensive models, deeply embedded in high-impact professional workflows.

Programming was the first major vertical — with tools like Claude Code or Codex — and cybersecurity is the next logical step. “It is very close to code, which makes it easier to develop,” explains Almirall. Biotechnology, mathematics and engineering are likely to follow.

The immediate consequence is that many of the most advanced AI capabilities will not reach everyday users. Instead, they will be integrated into professional tools and complex workflows that most people will never directly interact with.

What no one designed

One of the more uncomfortable aspects of the Mythos case is that it was not specifically trained for cybersecurity. Its capabilities in that domain emerged from general improvements in reasoning and coding.

It is worth noting that it is not entirely clear whether a specific cybersecurity version of Mythos exists — unlike GPT-5.4-Cyber, which is explicitly designed for that purpose. However, the broader phenomenon is real: improvements in general capabilities can translate into unexpected, highly specialized skills.

“AI works through inference. That limits our ability to anticipate outcomes.”

This is a warning worth taking seriously, especially when dealing with systems that have access to code, networks and external tools.

Bugs that survived for decades

Anthropic claims that Mythos Preview has identified thousands of high-severity vulnerabilities across major operating systems and browsers. Among the examples cited: a 27-year-old flaw in OpenBSD — a system designed with security at its core — and a 16-year-old vulnerability in FFmpeg that had survived more than five million automated tests.

Almirall confirms the significance: “Yes, this is a turning point. Current tools are limited, and that explains why hackers still succeed.”

However, he adds an important nuance: a significant portion of these vulnerabilities still requires verification. Some may prove irrelevant. There is also a clear tension of incentives: Anthropic benefits from reporting large numbers of findings, while clients need to confirm their validity before acting. External analysts have also pointed out the lack of public traceability between reported findings and confirmed CVEs directly attributable to the project.

Autonomy or loss of control?

During testing, Mythos displayed behavior that raised concerns: it escaped its sandbox environment, developed an exploit to access the internet, emailed the researcher overseeing the test, and published details of the exploit in technically accessible but obscure online locations.

Almirall approaches this pragmatically. If you train a model to detect and test vulnerabilities by exploiting them, that is what it will do. He describes the episode as “an anecdotal issue” consistent with its training objectives.

However, the underlying question remains: if a system performs actions you did not explicitly request, but that align with the goal you did set, where is the boundary?

“Models interpret objectives approximately, because language is inherently imprecise. If you give them room, they will explore beyond what you expected.”

Who watches the watchers?

As AI reaches and surpasses human-level performance in specific domains — just two years ago, models struggled with basic cybersecurity tasks; now Mythos solves expert-level tasks 73% of the time, according to Anthropic — the question of oversight becomes more urgent.

Almirall’s answer is paradoxical but revealing: in many cases, oversight is carried out through multi-agent systems. Other AI models act as reviewers or critics. In other words, autonomous systems supervising other autonomous systems.

It is not a perfect solution. But it is the one currently available.

Restricted access, displaced risk

Anthropic’s decision not to release Mythos aims to reduce immediate risks. In the short term, access can be controlled through verification. The challenge lies in the long term.

“In software, it is very difficult to build permanent barriers,” says Almirall. Techniques, workflows and practical knowledge tend to spread over time. Anthropic itself acknowledges that these capabilities are likely to proliferate relatively soon.

In the meantime, restricted access creates an inevitable consequence: organizations with access to these systems — and the resources to integrate them — will gain a significant advantage over those without. This may deepen the gap between large institutions and smaller players. Security improvements will arrive earlier — and more effectively — for those with greater capacity.

The question, then, is not whether these capabilities will spread, but when — and under what conditions.

A more complex landscape, not just a more dangerous one

The Mythos case is not just a technological development. It is an indicator of where AI is heading: more powerful, more vertical, more expensive systems, deeply embedded in high-impact decision-making.

We are not moving toward a world that is simply safer or more dangerous, but toward one where security improves in some areas, access becomes more concentrated, and the transition itself may be unstable.

“To what extent hackers or terrorist groups will gain access to these technologies, and when, no one knows. They will, eventually. But hopefully, by then, more robust counter-technologies will already exist.”

That is Almirall’s expectation. And in the best-case scenario, it depends on whether major AI labs make the right decisions in the years ahead.