Anthropic’s preview-only security model, Mythos, is pushing an uncomfortable idea into the foreground: cybersecurity may be starting to resemble proof of work, where the limiting factor isn’t ingenuity so much as willingness to spend compute. That framing lands at an interesting moment, because Mythos wasn’t released publicly—access has instead been limited to critical software makers, explicitly to give them time to harden systems before wider exposure.
AISI’s early evaluation: stronger cyber performance, measurable outcomes
A third-party assessment from the UK’s AI Security Institute broadly supports the claim that Mythos represents a step up over prior frontier models on cybersecurity tasks. The detail that stands out is AISI’s use of a specific benchmark: “The Last Ones”, described as a 32-step corporate network attack simulation that spans reconnaissance through full network takeover.
AISI estimates the scenario would require humans around 20 hours to complete. In AISI’s runs, Mythos was also the only model that managed to complete the full sequence—succeeding 3 times out of 10 attempts—while other tested models did not fully finish the task under the same conditions.
Token budgets as the new security budget line item
The more structural observation comes from how the evaluation was funded: AISI budgeted 100M tokens per attempt. The post cites a cost basis of $12,500 per Mythos attempt, totaling $125,000 across ten runs.
The unsettling part isn’t only the price tag—it’s that, according to AISI, increasing token budgets kept improving outcomes across the tested ranges, with no clear sign that returns were flattening out. If better results can be purchased simply by allocating more tokens, defensive security starts to look like an economic contest: spend more tokens finding exploits than an attacker is willing to spend exploiting them.
That’s the proof-of-work analogy: progress is gated by raw computational work and budget, not a clever shortcut.
Two implications: open source gravity and a new agentic workflow phase
The token-economics framing leads to two practical consequences.
First, open source software remains strategically important. The argument is less philosophical than financial: if widely used OSS can be continuously probed and hardened by organizations willing to spend significant token budgets, it may accumulate more security effort than many smaller, bespoke implementations can justify. (The post also flags the complexity here: popular OSS is also a higher-value target, which can motivate attackers to spend more.)
Second, for agentic coding, “hardening” starts to look like a distinct stage rather than an occasional audit. The post points to an emerging split where teams already separate “development” and “review,” sometimes using different models. It also notes Anthropic’s dedicated code review offering, priced at $15–$20 per review, as tooling that fits this workflow segmentation.
From there, a three-phase cycle is proposed:
- Development: feature work and iteration
- Review: refactoring, documentation, best-practice cleanup
- Hardening: autonomous exploit discovery until budget limits are reached
In other words: humans bottleneck development, but money bottlenecks hardening—and that difference may force security into its own continuous, budgeted pipeline.
