April 15, 2026
Pay-to-defend or pay-to-pretend?
Cybersecurity looks like proof of work now
Pay-to-win security? Fans say wallets beat hackers
TLDR: A new report says Anthropic’s secret Mythos model finds software holes as long as you keep paying for more AI compute, sparking a “proof‑of‑work” debate. Commenters split between “it’s pay-to-win cyber” and “that’s the wrong problem—fix fundamentals,” with bonus speculation that Mythos and Opus are the same model.
Anthropic’s secretive “Mythos” model just aced a third-party test, finishing a simulated 32-step corporate takeover in 3 out of 10 tries—if you feed it 100 million “tokens” (think: AI compute budget) at about $12.5k a run. The kicker? Analysts say there were no diminishing returns. Translation: keep paying, keep finding holes. Cue the internet yelling “crypto but for hacks.”
The top vibe is pure proof‑of‑work panic. One commenter summed it up as a pay-to-win arms race: spend more than the attacker or lose. Another dropped a classic Tony Hoare quote about software being either so simple it’s safe, or so complex you can’t see the danger—cue memes of “choose your fighter: Simple or Impossible.”
But the drama didn’t stop there. Conspiracy corner lit up with, “I’m starting to think Opus and Mythos are the same model,” blaming slick workflows more than magic model sauce. The pragmatists pushed back hard: “Most security isn’t bug-hunting,” argued one pro, calling the whole premise a category error. Think passwords, permissions, backups, and boring hygiene over flashy exploit bingo. Another suggested making code harder to reverse-engineer and, wild idea, writing better software from the start.
So is Mythos a game-changer or just a very expensive metal detector? The crowd’s split between “buy more tokens” and “fix your house first.” Either way, everyone agrees: the bill is coming due—and it’s steep.
Key Points
- •Anthropic withheld public release of its security-oriented LLM Mythos, limiting access to critical software makers to harden systems.
- •AISI’s third-party evaluation found Mythos outperformed peers on a complex 32-step corporate network attack simulation, completing it in 3/10 runs.
- •Each test used a 100M-token budget, costing about $12,500 per Mythos attempt; models showed continued progress with increased token budgets.
- •The article argues security may become a token-spend competition akin to proof-of-work: defenders must outspend attackers to find and fix exploits first.
- •Two takeaways: invest in securing open source dependencies with token-driven audits, and add a dedicated hardening phase to agentic coding workflows.