Earlier this week, US president Donald Trump signed an executive order on AI and cyber defence. It asks AI developers to voluntarily allow US government agencies to test their models for 30 days before release. And during last month’s Trump-Xi summit in Beijing, the US and China said they would reopen intergovernmental dialogue on AI safety, paused since 2024.
These major developments on safety come after the recent limited release of AI models with advanced cyber capabilities, especially Anthropic’s Claude Mythos Preview, which sparked global cybersecurity concerns.
These cyber-AI models could strengthen cyber defence. The networks and systems digital societies depend on are filled with holes. Models such as Mythos might autonomously fill these holes much quicker than human teams could.
But they also pose risks. In the wrong hands and with the right resources, powerful AI could be used to supercharge cyberattacks. Google recently reported that a criminal group used AI to find a flaw in their software. More cyber-criminal exploits are undoubtedly coming.
Who gets access?
Anthropic – which announced plans for an IPO in the US this week – claims Mythos can find and exploit undiscovered flaws, known as ‘zero-day’ vulnerabilities, in ‘every major operating system and every major web browser when directed by a user to do so’. This includes the digital infrastructure underpinning governments, companies and societies, which makes Mythos too unsafe to release to the public – yet.
Enter the Anthropic-led Project Glasswing, which grants access to Mythos to 12 partners – mainly US technology companies and banks – and over 40 other unnamed organizations to secure their critical systems. The US government and agencies have access too.
The UK’s AI Security Institute (a government directorate that researches advanced AI) also received access and shared a public evaluation in April of Mythos’s performance in simulated cyberattacks. In mid-May, Anthropic reportedly agreed to brief the Financial Stability Board (the world’s financial regulator, tasked with handling complex financial risks). And the EU has recently said Anthropic has offered Mythos access after talks.
OpenAI also provided a limited release of its cyber model, GPT-5.5-Cyber, shortly after Mythos. OpenAI has decided to grant access to the European Commission, and offered ‘trusted access’ to verified cybersecurity defenders.
But the rest of the world is excluded from access to these powerful capabilities. This has stoked concerns about a global gap, in which most governments, central banks and organizations could become dependent on US firms for cybersecurity. This gap matters for global cyber defence. Experts are split on the scale of the threat – and what to do about it.
Bracing for impact
Cyber incidents with global impacts are nothing new. Networks of interdependent systems – many urgently needing updates – mean a small attack can snowball into a bigger one. This becomes a major problem in critical sectors like healthcare.
The UK knows this well. In 2017, a hacking group’s bad code (known as a ‘worm’) disrupted hospitals across England as it accidentally wreaked havoc on over 200,000 computer systems globally until a young researcher found a kill switch. Just weeks later, more bad code – traced to a Russia-backed cybercriminal group – triggered the ‘most devastating cyberattack in history’, throwing companies and governments into meltdown.
Crises like these provide critical lessons for countries today: technical authority, trusted information and backchannels (between countries, and between states and companies) are essential. A well-navigated crisis might even generate promising governance changes, like new institutions, better public-private information-sharing and cross-border rapid response.
Crises have improved global cyber resilience, and old fears of an inevitable global cyber catastrophe are less prevalent. But with the advent of AI cyber capabilities, most decision-makers (except the select few with access to the most powerful models) lack the right data, tools or networks to prepare for the next potential crisis.
As the US-China AI race intensifies, regulators in the rest of the world understandably struggle to keep pace. Preventing them from understanding AI’s new cyber capabilities does little to address this uncertainty.
Locked out
Falling behind yet another leap in AI capabilities, middle powers must take a moment to assess their options for security. Two paths are apparent: alignment or coordination. Both are born from constraint, but only one leads to agency.
Middle powers could feasibly choose to align with either the US or China. Individual countries could offer up various incentives (including public data, energy resources, preferential treatment) to whichever US or Chinese AI company could grant them access to cutting-edge capabilities or support the build-out of their AI infrastructure.
Alignment has merit. After all, middle powers will not shatter superpower dominance in AI. The next Mythos or GPT-5.5 level of advancement in cyber capability is unlikely to come from outside the US or China. There is an argument for other countries to seek ‘protection’ through close access to US or Chinese technology.
For some countries, full alignment with one superpower is unacceptable, and a threat to sovereignty. For others, this bargain brings security and domestic benefits. For example, US OpenAI’s global initiative offers various incentives to partner countries, like nationwide chatbot access in the United Arab Emirates.
But picking sides does not provide an automatic shield to disruption. While alignment may provide benefits, it does not guarantee access to the most cutting-edge models in a crisis. The link between building out AI infrastructure and cyber defence is weak.
It will take years for cyber defence to catch up with evolving AI threats. And middle powers cannot pre-emptively regulate themselves out of an AI cyber crisis. They must explore other options.
Open a window
There is another path: coordination. The reaction to Mythos has opened a rare window for developing crisis-ready international policy. This window reflects the combination of policymaker awareness, a visible threat, companies open to collaborating, trusted technical authorities and public outcry. It is too good an opportunity for middle powers to miss.
This approach recognizes that middle powers can achieve more on AI and cybersecurity together than alone. It has three components, underpinned by information-sharing: institutions, interests and diplomacy.
Middle powers already have a loose institutional network for sharing information about AI risks. This network – which includes the EU, UK, Kenya, Japan and others – is not designed for political action. But like other technical governance forums, it creates a platform for coordination.
This network should be strengthened for international crisis response: to share information about threats, and to support cross-border rapid response teams. Cyber and intelligence agencies already produce joint international guidance. These connections should be leveraged for sharing best practices.
On paper, the US is part of this network. Federally and at a state level, US policymakers are worried about cyber-AI models. Yet tech companies have influence and some reportedly lobbied against an earlier version of Trump’s executive order, which allowed for a longer period of pre-release safety tests.