A few hours before Anthropic announced the launch of its newest model, Claude Mythos Preview, on April 7, I had just completed a six-month analysis of AI-enabled cyberattacks. My research traced Chinese state-sponsored cyber campaigns against U.S. critical infrastructure and found that the barrier between nation-state-level hacking and everyone else was eroding far too fast.By the time I closed my laptop that afternoon, Mythos had shattered that barrier. This new model could theoretically autonomously exploit previously unknown vulnerabilities in virtually every major operating system and web browser on Earth, without human supervision. My threat model, seemingly alarmist at breakfast, was too conservative by dinner.For years, Anthropic’s CEO Dario Amodei has kept copies of Richard Rhodes’ The Making of the Atomic Bomb on the company’s coffee tables, pressing the book on employees and interviewers alike. His thesis was that the scientists who built the most transformative weapon in history also failed to control how it would be used.Mythos is Anthropic’s nuclear moment. Not in destructive equivalence, since no zero-day exploit has killed people at the scale of a nuclear weapon, but in the sense Amodei suggests: a weapon with a seismic destructive capability that its makers may be unable to control.The atomic bomb was not just a “bigger bomb.” Nuclear weapons transformed coercion logic, allowing any state with such weapons to coerce other states in a way that, historically, would only have been possible by defeating them in battle. Mythos promises nearly anyone a coercive power, which, until recently, was the domain of only the strongest governments. The model erases the “state actors” premise in the U.S. doctrine of persistent engagement, wherein rival states’ network penetrations are stabilized by U.S. counter-penetrations. It is a recipe for chaos and asymmetry in the wielding of cyber power.Like the atomic bomb, Mythos marks a step change that calls into question all prior cyber deterrence logic. The current U.S. response is not moving fast enough against this spiraling threat. This article is a case for why chaotic asymmetry is now inevitable, why defensive AI cannot close the gap in time, and two steps the U.S. government should take as the window of opportunity closes.The Mythos MomentGiven just 24 hours, Mythos autonomously identified and exploited a 17-year-old remote code execution vulnerability in FreeBSD, an important operating system favored in high-security server environments, granting unauthenticated root access to any machine running it. Unauthenticated root access means an attacker with no credentials or prior foothold gains complete administrative control over a system. Engineers at Anthropic with no formal security training asked the model to find remote code execution vulnerabilities overnight, and woke up the next morning to working exploits.Whereas prior Anthropic models converted known vulnerabilities into working exploits