The Mythos Deferral

The letter was never written as one document.

Six regulators drafted it, across three continents, over roughly ten days. But when you stack the public statements side by side, from the European Central Bank, the Federal Reserve Bank of New York, the Bank of England, the UK National Cyber Security Centre, the Canadian Centre for Cyber Security, and the European Commission’s DG Connect, the paragraphs compose into something like this:

Dear Anthropic,

We write to express our sincere appreciation for your decision to defer the deployment of Claude Mythos pending further consultation with our authorities. Your willingness to self-impose a staged rollout, and to engage with regulators in advance of release, reflects the responsible stewardship our institutions value. We look forward to continued dialogue.

With gratitude and affection.

No modern regulator has ever publicly thanked a frontier technology vendor for postponing a product release. The closest historical parallel, the EPA thanking DuPont in 1988 for voluntarily ceasing CFC production, happened only after the Montreal Protocol gave the EPA the authority it thanked DuPont for respecting. Here, no Montreal Protocol exists. No statute applies. No Senate has ratified anything. Just the thank-you.

Six regulators in ten days. Every one of them used some variant of “grateful.” Anthropic’s own corporate summary of the coordination used “grateful” twice.

No modern regulator has ever publicly thanked a frontier technology vendor for postponing a product release.

Anyone who has read a little nineteenth-century history recognizes the form. In 1815, at the Congress of Vienna, the great powers of Europe invented a new governance technology. They coordinated the continental order through letters, congresses, and polite restraint, without a binding treaty. They called it the Concert of Europe. It worked, more or less, for a century. Then it didn’t, catastrophically.

The Mythos deferral is the AI-policy community’s reinvention of the Concert. The letter on top of this essay is its Congress of Vienna.

Companion, not continuation

Three weeks ago I argued that democratizing offensive AI capability is good. The Monks and the Machine made the capability argument. This piece makes the governance argument.

Offensive cyber capability is getting democratized. A governance vehicle is getting normalized alongside it. The first piece celebrated the direction of travel. This one names the vehicle we’re using to manage the direction, and argues we should be clear-eyed about it before calling it a solution.

Because “coordinated multilateral regulatory endorsement of a voluntary vendor deferral” was not a governance system that existed two months ago. A new thing got canonized this week. The press has taken it for granted. I would like to name it while it is still name-able.

What the thank-you note admits

Every thank-you note is a confession. The gift it acknowledges is the gift the giver did not have to give. Acknowledged here is the deferred product launch. In the text of their acknowledgments, the regulators confessed the three capacities they lack to control this technology.

None of the signatories have the technical capacity, the infrastructure, to independently evaluate a frontier model of Mythos’s scale and character. The Bank of England cannot stand up a red team capable of adversarial evaluation of the model’s cyber capability uplift. The ECB cannot pressure-test its banking-sector risk. DG Connect has no AI evaluation authority structurally comparable to the UK’s AI Safety Institute, and the AISI has existed for less than two years and evaluates on vendor-provided access. The regulator is, functionally, asking the vendor to grade its own work and then thanking the vendor for the grade.

None of the signatories have the legal capacity to control a frontier model of Mythos’s scale and character. The EU AI Act, the statute most often cited as the fastest-moving AI law in the world, was first proposed by the European Commission in April 2021. It entered into force in August 2024. Its implementing phases roll out through 2027. The thank-you note took ten days. The Act is what formal AI regulation looks like in the EU. The note is what informal coordination looks like when the Act has nothing in its obligations section that maps to a US-trained frontier model deployed via US-based cloud infrastructure into eurozone banks under a voluntary deferral framework. US bank regulators, for their part, have no statute that compels pre-release AI consultation at all. On April 7, Treasury Secretary Bessent and Federal Reserve Chair Powell convened the largest US bank CEOs in part to discuss Mythos. That was a convening. It had no enforcement tail. Convenings do not ship regulation.

None of the signatories have the jurisdictional capacity to oversee a frontier model of Mythos’s scale and character. The six regulators who signed the imagined letter govern, together, roughly eight percent of the world’s population and maybe fifty percent of the world’s AI capital. Their reach over Mistral, Qwen, DeepSeek, the UAE’s Falcon program, or a state-backed Chinese frontier lab is approximately zero. None of those labs participated in the Mythos chorus. None sent a deferral statement. None received a thank-you note. The regime the signatories just canonized works for the vendors inside the room. It has no mechanism for the vendors outside the room.

Meanwhile, in a room somewhere off the 101 near San Francisco where the actual coordination is happening, Project Glasswing launched on April 8 with AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan, Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and roughly forty others, backed by a $100M Anthropic credit commitment. The signatories of the thank-you note are not in that room.

I wrote last December about the governance of the offensive cyber enterprise: private firms operating at the edge of state capability, where the commercial logic writes the rules the state cannot. The thank-you note is that same pattern, generalized to frontier AI.

Three capacity gaps, named plainly. The name for this kind of governance, when it has worked, is the Concert. When it has not worked, the name is the same.

The Concert, fairly described

Kissinger’s A World Restored, written in 1957 about the period between 1812 and 1822, remains the canonical English-language account of how the great powers assembled the order that followed Napoleon. The working principle was elegant, aristocratic, and alien to modern ears. The victors of a continental war did not impose a peace through treaty. They coordinated one through correspondence. Metternich and Castlereagh wrote letters. Congresses convened in Aix-la-Chapelle, Troppau, Laibach, and Verona. Restraint was polite. Obligation was unwritten. Enforcement ran on reputation.

It worked. For about thirty years, the peace held. The coordination accommodated a genuinely difficult coalition of monarchies and constitutional systems, each with different interests and different theological commitments about what an international order was supposed to look like. The Concert metabolized the 1830 revolutions in France, Belgium, and Poland without collapsing into continental war. That is a real achievement. Informal coordination on dual-use capability of the gravest kind (fielded armies) managed to produce three decades of non-catastrophic outcomes.

Then the coordination began accommodating less well. Nationalism and unification broke the coalition. Bismarck’s Germany, consolidated through three wars between 1864 and 1871, was a new kind of actor the Concert had not been designed to handle. A willing non-cooperator, rational but unsentimental about the informal mechanism, eventually exposed its structural limits. The Concert persisted for another forty years after Bismarck, through diminishing returns, until one assassination in Sarajevo in June 1914 triggered a cascade it had no structural resistance to.

Informal multilateral coordination on dual-use capability has a characteristic trajectory. It works. Then it accommodates less well. Then it fails catastrophically against a non-cooperator. The half-life of the mechanism is a function of how long the cooperating parties remain genuinely aligned on the substantive thing being coordinated.

A polite letter has always been what power sends when it has run out of other instruments.

The case for the letter, fairly stated

Informal multilateral coordination is a real governance mode with a real track record. Formal rulemaking cannot keep pace with dual-use technology that changes every training run. The Montreal Protocol began as voluntary industry commitments and produced a functioning ozone regime that the ratification phase later locked in. The Basel Accords have coordinated global banking supervision for forty years through non-binding agreements that central banks then incorporated into domestic rule. The US AI Voluntary Commitments from July 2023 produced faster alignment across frontier labs than any formal process could. Hard law and soft law are substitutes with different comparative advantages, and soft law frequently iterates faster and produces equivalent compliance when the shared interest is real.

The thank-you note is the Montreal Protocol arriving on a compressed timeline, before the Protocol’s formal equivalent exists to ratify it. Anthropic had the technical knowledge. The regulators did not. Coordination through voluntary deferral around that asymmetry is a rational mechanism design. Call this subsidiarity. Give me a harder steelman.

Here is the harder steelman. The favorable cases all shared a structural feature the Mythos case lacks. Montreal had parts per billion of chlorofluorocarbons. Basel had Tier 1 capital ratios. The IAEA has fissile material mass and enrichment percentages. Each regime governed a measurable, scientifically-consensus-backed phenomenon. The soft-law mechanism coordinated around an underlying metric that was not negotiable, because physics had fixed it.

“Claude Mythos is safe enough for EU banks” has no metric.

“Claude Mythos is safe enough for EU banks” has no metric.

The thank-you note traded Anthropic’s private assessment of its own model’s risk profile for the regulators’ public endorsement of that assessment. That is not coordination around a measurable phenomenon. Corporate discretion replaces public authority in the technologies that most directly bear on public safety. The version of soft-law governance that worked (Montreal, Basel, the IAEA) and the version we have (Mythos) are not the same version.

They share a name. They do not share a mechanism.

What gets built to catch what falls

The Concert of Europe was a real governance regime. It was also, from the moment it began, always doomed to fail. The thing that ended it was the arrival of a party the informal mechanism had no structural way to accommodate: an unaffiliated, unsentimental, rational actor whose interests nobody in Aix-la-Chapelle had modeled. The mechanism ended on a Sunday in June 1914, in a city none of its architects had thought much about.

The Mythos regime is governance. It is also, from the moment it began, always going to end. A frontier lab that does not want to be thanked will end it. Maybe that lab is Chinese. Maybe it is Emirati, or Saudi, or a sovereign program from a country nobody in the signatory chorus currently anticipates. Maybe it is a US-based release from an actor that cannot be courteously disciplined, because courtesy is not in the weights or in the board’s interest. Maybe that company’s name is OpenAI. Whichever it is, the moment it arrives, the signatories will discover what their predecessors at Ballhausplatz discovered in July 1914: the informal mechanism has no fallback.

Which is fine, as long as we’re using the interval to build the fallback. The Concert’s century of non-catastrophic coordination among rivalrous great powers is not nothing. If the Mythos regime buys us three years of stability while the EU AI Act matures, while the US builds a functioning AI Safety Institute, while the G7 Hiroshima Process hardens into something with teeth, the regime will have earned its keep. Soft law into hard law. Voluntary into statutory. The Montreal Protocol, on AI time.

We built a governance regime out of a word we usually send with flowers. The risk is the informal mechanism feels like the answer. The institutional work never happens because coordination through thank-you notes looks a lot like working governance right up until it doesn’t. That’s the thing to watch for.