The maker kept the model in-house. Three governance questions for your boardroom.
Anthropic held its most capable model back, by choice. Three AI governance questions every board should answer, drawn from its own 244-page system card.

An experienced mountain guide can put clients in greater danger than an inexperienced one. Not because the experienced guide is less careful, but because they are hired for harder climbing routes. They take their clients to the most difficult parts of those routes, to places where an inexperienced guide would hesitate. The greater the skill, the greater the exposure to risk.
That comparison appears word for word in the system card that Anthropic published on 7 April 2026 about its then-new frontier model, Claude Mythos Preview. The document runs to 244 pages. And its message is as uncomfortable as it is clear: a more capable AI model can, precisely because of its capabilities, cause harm on a scale that earlier models could not reach. Not through malice. Through over-eagerness.
On the basis of its own research, Anthropic chose not to make Mythos generally available. No generally available API, no consumer product, no broad rollout. Only a limited group of partners and critical-software organisations, under strict conditions, with access focused on defensive cybersecurity work.
For a Belgian or Dutch boardroom that deals with AI policy, this document is relevant on several levels. Not because your organisation is likely to work with Mythos Preview itself, but because the way Anthropic handles this model sets an example for the kind of governance that the EU AI Act expects from your organisation.
No legal requirement, a voluntary choice
The most important detail in the document sits in a footnote on page 12. There, Anthropic states explicitly that the decision not to release Mythos does not stem from its own Responsible Scaling Policy. No internal rule forced them to it. Anthropic presents the restriction as a voluntary release decision.
They chose not to.
This detail shifts the narrative. We are not looking at an organisation that meets compliance requirements because it has to. We are looking at an organisation that takes responsibility beyond its own rules. And that is exactly the kind of governance culture that the spirit of the EU AI Act aims at. Compliance as a floor, not a ceiling.
1. Pre-deployment review is not a luxury
Before the release of Mythos, Anthropic introduced a new procedure that did not exist for earlier models. Before the model became available internally for agentic tools, it was blocked for 24 hours. During that period, a cross-functional team from alignment, interpretability and security ran about a dozen parallel assessment tracks: red-teaming, behaviour monitoring, replaying earlier prompts, and targeted tests of whether the model tried to obtain model weights or cryptographic keys.
Only after that team gave the green light was the model rolled out internally.
This deserves emphasis. This refers specifically to the internal use of the model by Anthropic's own developers. The people who had built the model themselves. Anthropic considered it wise to let its own people work with this model only after an independent test team had verified how it behaved.
This draws a direct parallel with your own organisation. Which AI tools are running today on your employees' desks? Who reviewed those tools before they went into operational use? What procedure is in place if a supplier adds a new AI feature to an existing tool tomorrow, and that feature becomes active without warning? Who has the mandate to say "hold on, let us test this first"?
For most SMEs and local authorities, the answer to that last question is: nobody. AI tools arrive through individual employees, through supplier updates, through browser extensions. Nobody reviews them in a structured way before they become part of the workflow. A 24-hour review like the one Anthropic ran is an outsized effort for your organisation. But the minimal version, even for an organisation of fifty people, is a short assessment checklist for every new AI tool and a designated person with the authority to say "no, not like this".
2. The makers acknowledge uncertainty about their own judgement
A second passage from the Mythos document is especially relevant for decision-makers. In its own summary, Anthropic writes that its judgements about model capabilities increasingly rest on subjective assessment rather than on easily interpretable empirical results. And immediately after that: they are not convinced they have identified every problem along this line.
This is not an outside critic. This is the builder itself, saying: our measuring instruments lag behind our models, and we are not sure we have spotted every gap.
That admission is valuable for your boardroom for two reasons.
First, it dismantles the assumption that AI suppliers will automatically know what is safe. One of the leading AI labs says itself that its yardstick falls short. That means blindly trusting supplier claims is not a defensible governance stance. Your own judgement, backed by internal documentation and a structured approach, is not excessive caution but a minimum.
Second, it gives you a language for your own board reports. If the builder itself makes uncertainty explicit, your organisation may do so too. AI policy does not have to claim that it has mapped every risk. It may, and must, be honest about what is still unknown. An AI incident procedure that says explicitly "we know we will miss things, which is why we have built in this feedback loop" is more credible than a procedure that promises to cover every risk.
3. The capability gap is growing, and policy built on yesterday does not work
The third governance lesson lies in the timing. Mythos is a frontier model. What Mythos can do today, the widely available models your employees use today cannot. But the pattern of the past five years is that frontier capabilities largely filter down into the widely available models within twelve to eighteen months.
That means AI policy based on what publicly available models can do today is structurally behind what they can do tomorrow. Not because the models grow faster than policy, but because policy is usually drawn up reactively: after an incident, after a supplier update, after an internal complaint. Reactive policy comes too late when the capability curve is steeper than the governance curve.
What the Mythos document shows here is that even Anthropic, with all its resources and internal expertise, is sometimes surprised by what its own models can do. The document states in so many words that they were not aware of the level of risk that earlier versions of Mythos represented at the moment they first deployed them internally.
This calls for a different approach to AI governance: not policy based on what AI does today, but policy that describes a process for how new capabilities are assessed as soon as they appear. With a fixed cadence of re-evaluation. With clear triggers (a major supplier update, a new AI feature in an existing product, a new type of incident in your own sector). With someone responsible for keeping that cadence.
Three questions for your boardroom
On the basis of what the Mythos document shows, these are the three questions that every leadership team should be able to answer this week:
1. Who within our organisation has the mandate to say "stop, test it first" before a new AI tool or a new AI feature goes into operational use?
2. How do we honestly document what we do and do not know about the risks of the AI tools we use today? And does that documentation have a fixed review date?
3. What process have we set up to reassess, six or twelve months from now, whether our current AI policy still fits what our tools can do by then?
If the answer to any of these three questions is "we have not sorted that yet", you know where your next step lies.
In closing
This kind of governance conversation is exactly the heart of what AIAdopt offers. Our microtraining for managers covers the kind of decision-making this article deals with. Our AI Adoption Scan helps organisations map their current AI use.
And as proof that we practise what we teach: AIAdopt has had its own AI Usage Policy, AI Tool Inventory and AI Incident Procedure operational since 21 April 2026, drawn up to support our EU AI Pact pledge. We wear the glasses we teach our clients to wear.
The full Mythos system card is publicly available on anthropic.com. It is not cheerful reading, but it is one of the most honest documents the AI industry has produced so far. And that alone is reason to take it seriously.
In a follow-up article we leave the boardroom and look at what capable AI gets wrong in practice when the instructions are too loose. Not in the abstract, but through the concrete incidents that Anthropic openly describes in that same document.
Want to know where your organisation stands?
Download our free EU AI Act Compliance Checklist or view our AI literacy training.