Nathan Lambert, writing in Interconnects, argues that criticism of open-weight AI models following the announcement of what Lambert calls Claude Mythos — an Anthropic model Lambert describes as having stated cybersecurity capabilities — conflates separable risks and draws on faulty assumptions about who can access and deploy such systems.
TL;DR: Lambert contends that anti-open-weight arguments tied to Mythos’s cybersecurity claims make two compounding errors: treating the gap between open and closed model capability as static, and assuming that downloading weights is sufficient to replicate a model’s real-world effectiveness without the compute and tooling required to run it.
What it says
Lambert frames the backlash as a repeat of earlier cycles. He notes that open-weight models were discussed as dangerous when OpenAI withheld GPT-2 weights in 2019 and again at the GPT-4 release in 2023, and that both waves passed. He writes that the Mythos case is “admittedly more nuanced” than prior examples because cybersecurity threats are more concrete than the earlier focus on disinformation or biorisks, but argues the analysis still fails on two structural grounds.
The first is the assumption that the capability gap between open and closed models is fixed. Lambert has written separately that he expects near-frontier open-weight models to fall behind closed models in overall capability over time, and says the relevant question is not whether an open-weight model can match Mythos’s general ability, but how quickly open models can approach its specific cybersecurity skills — which he says are more likely to be learnable from public coding data than capabilities dependent on proprietary knowledge.
The second is the assumption that model weights alone confer capability. Lambert writes that frontier AI systems require, beyond trained weights, “complex tools and infrastructure to run them,” using Claude Code as an example. He estimates that serving a model of roughly “8 trillion parameters” — a figure Lambert presents as a rough heuristic for a Mythos-scale system — would require “on the order of 100 H100 GPUs,” costing approximately “$10,000 per day,” per Lambert’s analysis. He is explicit that these figures are not meant as policy inputs, only as illustration that serious deployment is expensive and not accessible to arbitrary actors who can download weights.
Lambert acknowledges that cybersecurity is a domain where the stakes of an open-weight release may eventually cross a moral threshold. He says open-weight image generation models have already passed a similar threshold by enabling non-consensual deepfakes. He lists three areas he says require further empirical work before conclusions can be drawn: measuring cybersecurity-relevant capabilities in open and closed models comparably, assessing the current state of infrastructure vulnerability, and determining how much hardening can be accomplished by organisations with private access to models before they are released.
He closes by arguing that full reliance on a single private company to determine the security of essential international infrastructure “is not a tenable equilibrium.”