The AI That Broke Everything — And Forced a US-China Summit

When President Trump stepped off Air Force One last Thursday after the first US presidential visit to China since 2017, reporters expected to hear about tariffs. Instead, he told them he and Xi Jinping had discussed "possibly working together for guardrails" on artificial intelligence. He couldn't name the guardrails, couldn't name a timeline, and couldn't name a counterpart on the Chinese side. But something had clearly changed. The question worth asking is: what finally moved this issue from think-tank papers to an Oval-to-Zhongnanhai conversation?

The answer, more than anything else, is a model called Mythos.

What Anthropic's Mythos Actually Did

Mythos is not a chatbot. It's Anthropic's most capable reasoning model, built for autonomous multi-step tasks — and in its preview run, it turned that capability toward vulnerability research. The results were staggering. In hours, Mythos identified and exploited a 17-year-old remote code execution vulnerability in FreeBSD (CVE-2026-4747) and a 27-year-old flaw in OpenBSD, one of the most security-hardened operating systems on the planet — the kind used to run firewalls and critical infrastructure. An earlier Anthropic model found roughly 20 Firefox vulnerabilities; Mythos found nearly 300. Across all surveyed software, the total count ran into the tens of thousands.

The vulnerabilities Mythos uncovered weren't just old — they were unpatched. Over 99% of what the model discovered had no fix available. And Mythos didn't stop at discovery: it autonomously built and chained exploits, compressing weeks of expert penetration testing into hours. Former US national cyber director Kemba Walden said publicly that "Mythos can hack nearly anything and we aren't ready." That's not a think piece title. That's a former senior official's on-record assessment.

The Controlled Release That Couldn't Stay Quiet

Anthropic's response was Project Glasswing: a controlled distribution program that gave 11 founding partners and 40 additional organizations early access to Mythos specifically to let defenders scan and patch critical systems before attackers could exploit the same findings. The idea was to use the offensive capability in service of defense — let the model race ahead of the bad actors on behalf of the good ones.

It was a reasonable approach. It also couldn't contain the story. The sheer scale of what Mythos found — tens of thousands of vulnerabilities, in software underpinning hospitals, power grids, financial systems — leaked into the policy world fast. Operational technology providers excluded from the Glasswing rollout were, per Nextgov, feeling "annoyance." Security researchers were debating whether Anthropic had crossed a line by building something this capable. And governments, whose critical infrastructure sat squarely in the blast radius, started paying attention in a way they hadn't before.

Why This Is Different From Every Other AI Safety Scare

The standard AI safety discourse runs on hypotheticals: what might a sufficiently advanced model do? Mythos replaced that frame with evidence. It didn't theorize about hacking critical infrastructure — it found real, exploitable, unpatched vulnerabilities in the actual software running real infrastructure, at a scale no human team could match. The threat became empirical.

That shift matters enormously for geopolitics. For years, US-China AI dialogue — including forums under the Biden administration — stalled because neither side had a specific, shared technical problem to anchor coordination. China's representatives, US officials noted, often used those sessions to gather intelligence rather than engage on safety. Now there's a concrete frame: what happens if a Mythos-class model, operating without Glasswing-style constraints, gets into the hands of a non-state actor — or a state that sees asymmetric infrastructure disruption as a military option? Treasury Secretary Scott Bessent framed the talks precisely this way: the goal is "best practices for AI to make sure nonstate actors don't get a hold of these models."

A Geopolitical Threshold Just Got Crossed

The Trump-Xi AI conversation isn't a treaty. It doesn't even have a named channel yet — White House officials said "what that channel looks like and its formality is yet to be determined." And there's real reason for skepticism: China's track record in these dialogues is not encouraging, and Trump's description of "the guardrails that we talk about all the time" revealed he has no specific mechanism in mind.

But something structurally important happened anyway. Frontier AI has entered the same category of geopolitical concern as chips, nuclear safeguards, and defense systems. The conversation that policy analysts have been trying to force for years — a bilateral US-China channel specifically for AI risk coordination — now has a presidential mandate, however vague. That's a different baseline than existed three months ago.

What to Watch

Anthropic's Glasswing program will expand. More models at this capability level will ship, from more labs. The 99% unpatched rate Mythos exposed is a timer. The interesting question isn't whether AI changes the cybersecurity landscape — Mythos already answered that. The question is whether the defensive deployment of these models can outpace the offensive risk they represent, and whether the geopolitical infrastructure for coordination can be built fast enough to matter. Two governments are at least now saying the right words. The gap between words and working guardrails, in AI as in every prior arms control context, is where everything either gets built or falls apart.