The Harness Gap: Orchestration, Defensive Parity, and the Closing Window for Critical Infrastructure AI Governance

May 2026

By David Mussington, Ph.D., CISSP, DDN QTE,

ICIT Fellow, Co-Chair, ICIT FCEB Resilience Center

Governing powerful technologies under uncertainty requires making bets. The question

is not whether to bet. It is whether the bet you are making is calibrated to the actual

risk.

In early May 2026, Vice President JD Vance convened a call with the chief executives of

Anthropic, OpenAI, Google, Microsoft, and SpaceX. The precipitating event was

Anthropic's April release of its Claude Mythos Preview model — a system that had

demonstrated the ability to autonomously discover thousands of high- and critical severity software vulnerabilities, including previously unknown zero-days in production

code dating back decades. The administration, which had revoked the Biden AI safety

executive order within hours of taking office, was now contemplating a mandatory pre-release vetting regime modeled on the Food and Drug Administration's pre-market

approval process.

The policy instinct is understandable. Mythos represents a visible capability threshold

event, and visible threshold events demand a response. The Mythos Preview System Card

documented that the model autonomously discovered CVE-2026-4747 — a 17-year-old

FreeBSD NFS remote code execution flaw granting unauthenticated root access — and

chained exploit sequences across large codebases at rates no human security team can

match. On the Firefox 147 benchmark, Mythos Preview developed working exploits 181

times compared to just two for the previous generation model — a 90-fold improvement

in the span of months. That is not an incremental development. It is a threshold

crossing. The instinct to restrict the model that crossed it is not irrational. It is simply

aimed at the wrong target.

This paper argues that the policy response the threshold crossing has generated —

mandatory pre-release vetting of frontier models modeled on FDA pre-market approval

— is calibrated to the wrong chokepoint. The capability the vetting regime targets is not

monolithically located in the Mythos model. It is distributed across a four-layer pipeline,

and the first three of those layers are already closed — or closable with minimal

orchestration effort — using open-weight models available today without restriction.

Restricting Mythos does not close the pipeline. It governs a component that is not the

binding constraint. The pipeline runs without it.

VIEW AND DOWNLOAD THE WHITE PAPER

About ICIT

The Institute for Critical Infrastructure Technology (ICIT) is a nonprofit, nonpartisan, 501(c)3think tank with the mission of modernizing, securing, and making resilient critical infrastructure that provides for people’s foundational needs. ICIT takes no institutional positions on policy matters. Rather than advocate, ICIT is dedicated to being a resource for the organizations and communities that share our mission. By applying a people-centric lens to critical infrastructure research and decision making, our work ensures that modernization and security investments have a lasting, positive impact on society. Learn more at www.icitech.org.