By Riki Parikh
In April, artificial intelligence company Anthropic released the most capable AI model ever built: Claude Mythos Preview.
It is so powerful that Anthropic will not allow the general public to use it. Experts suggest that it could collapse America’s cybersecurity infrastructure, putting Americans’ data, finances and national security at risk.
Weeks later, Congress has still done little to address the Mythos problem. Capitol Hill is no closer to passing legislative solutions to the problems associated with advanced AI.
The White House’s current focus on pre-deployment testing of public-facing AI products may seem productive, but it fails to address the significant risks emerging inside frontier AI labs.
According to a recent report from Model Evaluation and Threat Research, the internal AI models developed by the leading AI companies have the plausible “means, motive and opportunity” to run autonomously without human knowledge or permission.
There are now 44 documented incidents of AI agents cheating, overreaching and actively deceiving their operators.
We are living through a live test of America’s preparation to respond to the most powerful AI technology in human history. Washington is failing that test. The federal government has not put into place even the most basic AI safeguards, and if superintelligence is on the horizon, then we are at risk of a catastrophic event.
Goldman Sachs CEO David Solomon said he is “hyper-aware” of the threat posed by AI. More recently, J.P. Morgan’s Jamie Dimon described the Mythos problem as “very heightened risk.”
They are right. Mythos Preview can spot weaknesses in virtually every computer on earth, already uncovering thousands of vulnerabilities across all major operating systems and web browsers. Anthropic’s head of safety testing, Logan Graham, said other frontier AI companies will reach similar capability within six to 18 months.
After realizing the danger Mythos posed, Anthropic briefed senior federal officials before going public and restricted access to a vetted group of more than 50 critical infrastructure partners through Project Glasswing rather than releasing the model to the general public.
The White House, once notified, convened quickly and across multiple agencies.
Fortunately, Anthropic acted responsibly in this instance, but its actions were not required by law. We should not have to keep relying on these AI companies, which build and profit from these systems, to do the right thing.
We have to answer a fundamental question: If AI this powerful is going to exist in private hands, then what is the proper role for the federal government? Industry insiders argue that strong private stewardship is preferable to expanding federal authority over a commercial technology.
Many others are less inclined to trust Silicon Valley to act ethically. Whether looking at content moderation or the crisis of social media addiction, we have seen numerous examples of Big Tech failing to serve the public interest.
Regardless, the federal tool kit matters, yet it is nearly empty. No agency holds pre-deployment review authority. No statute defines what “too dangerous to release” actually means.
The latest emergency meetings are useful coordinating mechanisms, but they are not decision-makers in themselves, because no decision-making body exists.
Congressional action is needed, and the most direct legislative response is currently drafted. The Artificial Intelligence Risk Evaluation Act, introduced by Sens. Josh Hawley and Richard Blumenthal, would establish a mandatory pre-deployment evaluation program at the Department of Energy for advanced AI systems, with civil penalties of at least $1 million per day for noncompliance.
The bill defines “scheming behavior” as behavior by an AI system that deceives its designers, hides capabilities or subverts oversight mechanisms. It also uses language that maps almost directly onto the concealment and sandbox-escape behaviors Anthropic documented in the Mythos Preview system card.
This is a step in the right direction, but a drafted bill alone is not enough.
A narrower alternative is for Project Glasswing to serve as a statutory model for future AI releases, requiring advance government notice before frontier models are deployed and mandating defender access for vetted partners. As the AI Policy Network’s Peter Wildeford noted, “Less responsible companies could be constrained by these requirements.”
We can discuss and debate the specific legislation at hand, but inaction is unacceptable. When AI is this potent, securing it is our greatest priority. The strength of America’s legislative framework for secure AI must match the urgency of the moment and the capability of Mythos-level technology (or worse). Otherwise, the consequences could be existential.
Riki Parikh serves as policy director at The Alliance for Secure AI.