A leading computer scientist is sounding an alarm about concentrated corporate power over critical infrastructure, as Anthropic's decision to restrict access to a powerful AI security tool has ignited a global debate about who decides which nations and companies can protect themselves against emerging cyber threats.
Yoshua Bengio, a Canadian computer scientist recognized as one of the Godfathers of AI, has directly challenged Anthropic's selective distribution of Claude Mythos, an AI model capable of identifying thousands of previously unknown "zero-day" vulnerabilities. The core problem, Bengio argues, is not the technology itself—but the concentration of decision-making power in a single private company.
"It doesn't make sense that private individuals are deciding the fate of infrastructure for everyone else," Bengio said in an interview with Fortune. "What about all the companies and all the countries that didn't get access?"
Mythos represents a critical tool for cybersecurity: it can identify vulnerabilities and strengthen systems against attack. Yet Anthropic has chosen to share it selectively with a small group of primarily US-based companies and government entities, citing the model's dual-use nature—the same technology that identifies weaknesses could also be weaponized to launch cyberattacks on critical infrastructure.
Who Remains Unprotected
The restricted rollout has left large parts of the global ecosystem without access to protections against emerging cyber risks. Several governments and institutions have sought access to evaluate vulnerabilities within their own systems. The Bank of England publicly stated that Anthropic had assured UK banks of near-term access. Yet discussions at the IMF and World Bank spring meetings revealed deep concern about the model's ability to expose weaknesses in global financial systems—particularly troubling because many regulators and companies outside the US have yet to evaluate its findings.
This asymmetry of access raises fundamental questions about equity and national security. Countries dependent on foreign technology providers face growing anxiety that access to critical tools could be influenced by national interests or policy shifts. The situation is feeding into a broader push for "AI sovereignty," as nations seek to reduce dependence on external technology providers.
The Governance Gap
Bengio's response calls for systemic change: greater international involvement in AI regulation and the establishment of an international authority to oversee the production and use of highly sophisticated AI technology. He argues that governments must impose strict rules on businesses to prevent misuse of advanced AI from affecting other nations' infrastructure.
"There needs to be an agency really in charge of overseeing these kinds of decisions," Bengio said. "As the power of AI continues to grow, this question of international commitment becomes pressing. There's no reason that it's going to limit itself to attacking US infrastructure or US citizens. So this has to be an international affair."
Bengio emphasized that any governance framework must include China, given the ongoing race between the US and China in developing advanced AI systems. Although he estimates Chinese models may lag behind US counterparts by a few months, he stressed that the gap does not significantly reduce associated risks.
The Broader Security Paradox
The debate extends beyond proprietary platforms. Bengio also cautioned about dangers posed by open-source AI models. While open-source technology has traditionally been seen as advantageous because of its transparency and collaborative security improvements, AI has become advanced enough to search open-source software for vulnerabilities—creating new risks even in supposedly transparent systems.
Meanwhile, the US government is moving to secure its own access. A memo from the White House Office of Management and Budget, obtained by Bloomberg, states that several federal departments—including the Department of Defence, the Treasury, and Homeland Security—will begin using a version of Mythos. This occurs even as Anthropic and the Pentagon remain in a legal dispute over earlier supply-chain risk designations.
Anthropic's justification for the controlled release centers on risk management: the company argues that managing dual-use risks requires limiting access to prevent misuse. Yet this approach transfers the burden of that risk management onto those excluded from the system.
Why This Matters:
As AI systems grow more powerful, decisions about their use and distribution have global consequences. When a single private company controls access to critical cybersecurity tools, it effectively determines which nations and organizations can defend themselves against emerging threats—a concentration of power over essential infrastructure that traditionally falls within the domain of democratic governance and international cooperation. The disparity in access to Mythos means that financial regulators, banks, and governments outside the US inner circle lack the tools to assess vulnerabilities in their own systems, creating asymmetric risk. Bengio's call for international AI governance reflects a broader center-left concern: that market mechanisms alone cannot adequately protect public goods or ensure equitable access to technologies that affect everyone's security. The question of who controls access to critical infrastructure protection is ultimately a question about democratic accountability and whether decisions with global consequences should rest with private entities or be subject to international oversight and rules.