Does Mythos change cyber risk on Chinese hardware?
yes, says Mieke Eoyang
Three reminders:
We’re hiring for video talent! Learn more here.
We’re running an AI + nukes contest with a $20k prize pool. Deadline is July 24th.
We’re always looking for new contributors to the substack! Learn more here.
A guest post by Mieke Eoyang is a visiting professor at Carnegie Mellon University’s Institute of Security and Technology (CMIST), and the former Deputy Assistant Secretary of Defense for Cyber Policy.
As frontier AI labs race to release the next generation of models that meet or exceed the capabilities of Anthropic’s Mythos, we need to contend with what these powerful tools mean for the world. These models, whether Anthropic’s Mythos/Fable, Open AI’s GPT 5.6, or Z.ai’s GLM 5.2, the latest generation of models have demonstrated tremendous capability to identify previously unknown cyber vulnerabilities.
Though most of the popular focus has been on new hacking vectors, these models also give developers and manufacturers a way to address their tech debt through an avalanche of vulnerability identification and patching. On the other side of the “Patch Apocalypse”, Mythos-class models should change the way we think about cyber risk from Chinese-made tech products, and supply chain risk generally.
The conventional wisdom is that Chinese- made technology products pose a higher national security risk. The fears break down into two scenarios: a) the Chinese government installs secret back doors into the products allowing them to spy or brick products at their time and place of choosing, or b) the superior knowledge of how those products are built will allow them to build or later-install such back doors at their time and place of choosing.
Given the ability of these Mythos-class models to identify the vulnerabilities, could a Chinese developer really create a hidden back door in a product that’s released into the wild that would not be identified by the later scrutiny of these models? Creating a
hidden back door is not easy. Even in the pre-LLM days, attempting to prevent a backdoor from discovery was difficult. For example, in 2013 researchers identified flaws in an encryption algorithm proposed by the NSA. NIST quietly began recommending against using the encryption standard in the wake of the Snowden disclosures, and the resulting uproar led to the development of PGP. The resulting reputational hit on trust and subsequent products haunts the NSA to this day.
These Mythos class models supercharge the discovery process, dramatically increasing the chances that defenders would be able to find an engineered-in back door before the attacker could make use of their hidden portal. As one prominent NSA-er said to me once: Conducting cyber operations will break your heart when the night before you go to execute, your target will have patched your way in. With these models, attackers can’t count on retaining access from unboxing to exploitation, as the speed of identification and patching increases. [Jordan’s take: it’s still unclear whether Mythos 2027 can create new exploits Mythos 2026 wouldn’t be able to find. Perhaps the calculus is different if you’re still regularly applying Chinese software patches.]
Even if governments compel or coerce manufacturers into providing that access, doing so would have clear reputational consequences to the ongoing competitiveness of the company. Once a Mythos-class model finds that vulnerability, if a manufacturer or supplier refuses to address it to maintain government access, the trust in that product and company will be gone forever. Customers will want assurances that a company has a transparent and open process for identifying and patching discovered vulnerabilities found by anyone. Indeed, for enterprises, running Mythos-class models against their own technology stack should become standard practice for risk management against cyber attacks. Likewise, Mythos-class models’ ability to find vulnerabilities in a wide range of technology products, undermines the argument that the original manufacturer’s knowledge of the product gives it superior ability to exploit a vulnerability later.
Chinese products, like US products, and European products, all have vulnerabilities due to the decades and decades of software and hardware development that didn’t prioritize security. And even with the best, most security conscious engineering, there will always be some vulnerability left slightly ajar some unforeseen vulnerability. If these models enable you to identify (and address) any vulnerability that might be out there, then what is the difference, from a security perspective, of Chinese-origin products, relative to US ones?
The US will have to rethink whether security-based import bans on Chinese products, like EVs, drones, and routers, will continue to make sense in the wake of Mythos-class models. Companies around the world will be able to test the security of US and Chinese products for potential vulnerabilities. If a company has just as much insight into the security of a Chinese product as a European or US one, then it may return to making decisions on cost, performance, and availability, rather than national origin of the manufacturer.
[Jordan: many of these bans justified on paper for cyber reasons double as industrial policy programs. The US should try to nurture a manufacturing industry that isn’t reliant on China for strategic industries, and the powers of the FCC + BIS are more effective than tariffs or industrial subsidies on protecting industries in the current moment. Even if drones, humanoids, telecom equipment or routers have verifiably unhackable software, the military implications of not having an industrial base you can scale up in a crisis, or just the leverage in non-wartime negotiations from an adversary having the ability to threaten to cut off supply, are a big deal.]
As my CMU colleagues have written, empowering America’s AI revolution requires a more careful examination of cyber risk in the subcomponents that power the data centers that enable frontier lab development and model usage. If Mythos-class models give vendors the ability to review the vulnerabilities of foreign-made battery management systems or other smart devices that manage power flows, then they can review devices on producer-by-producer basis, rather than banning all Chinese-made products.
That doesn’t mean there should be a free-for-all on installing Chinese products. There are still adjustments that should be made to the Chinese cyber ecosystem as a result of the deployment of these models in the months to come. As Mythos-class models change our thinking about latent cyber vulnerability and supply chain risk, it should also change our thinking about what security and trust look like. In this post-Mythos world, China is going to need to change its approach to cybersecurity to remain globally relevant as a technology producer.
Once Mythos-class models are widely available, the question is not whether a product has a vulnerability, but what has it done to address the vulnerabilities that have been discovered. China’s discouraging of a robust cybersecurity ecosystem, as well as its requirements to disclose vulnerabilities to the government first run contrary to a world where customer trust is based in a manufacturer’s maintaining a transparent process for ingesting and repairing identified vulnerability. Customers and independent researchers alike will be finding these flaws as a result of their own analysis. Vulnerability discovery will take place not just between US and Chinese researchers, but also from users in India, Europe, and throughout the global south. Remaining globally competitive will mean addressing the security concerns of everyone.
US companies are well attuned to this dynamic, having developed bug bounties, vulnerability disclosure policies, and regular cycles of security updates. Chinese companies have not yet engaged in this type of public-facing security architecture. But as Mythos-class models are used to identify vulnerability, customers will demand that Chinese developers also address flaws and a failure to do so in an open way will undermine trust, ultimately resulting in a lack of market share.
Likewise, the US will have to adjust its policy posture. Going forward, broad import bans based on fears of latent exploitation and national origin–as the US FCC has proposed–will drive up costs to companies and consumers for no appreciable benefit to security. Mythos-class models enable a more sophisticated analysis of supply chain risk than just national origins of technology products. And there are certainly benefits that come from a more diversified technology supply chain, or a reinvigoration of a domestic supplier base. It just means that we need to be more specific about how and when to wave the security rationale against a particular technology type. A more sophisticated analysis will allow suppliers more time to evaluate the need for alternative sources for their subcomponents, to balance risk and benefit in a more nuanced way, and ideally deliver best value to their customers.


Sorry, a nit:
According to this article,
"NIST quietly began recommending against using the encryption standard in the wake of the Snowden disclosures, and the resulting uproar led to the development of PGP."
No. PGP was invented in the 1990s by a dude named Zimmermann. Phil Zimmermann is somewhat of a heroic figure amongst the digerati. The Snowden revelations and resulting brouhaha didn't happen until the 2010s.
Snowden and the WikiLeaks dude are likewise seen in heroic light by most digerati over a certain age.
TIA
Otherwise, keep up the good work.
Regards,
~SS