Cybersecurity Looks Like Proof of Work Now

Anthropic’s Mythos model has sparked a fresh debate in cybersecurity by demonstrating a tangible edge over its peers. In a controlled evaluation by the AI Security Institute, Mythos tackled "The Last Ones," a 32‑step corporate network attack simulation that typically requires 20 hours of human effort. Across ten runs, each consuming 100 million tokens—about $12,500 per attempt—Mythos succeeded three times, while models like Opus 4.6 and GPT‑5.4 fell short. The report highlighted a linear relationship between token spend and exploit discovery, with no sign of diminishing returns at the tested budget ceiling.

The economics of this capability echo the proof‑of‑work model that underpins many cryptocurrencies: success hinges on raw computational—or token—investment rather than cleverness. For defenders, the equation flips; they must out‑spend potential attackers to uncover vulnerabilities before they are weaponized. This creates a new budgeting imperative where security teams allocate substantial token resources to continuous, automated red‑team exercises. The lack of diminishing returns suggests that, at least for now, throwing more tokens yields proportionally more exploit findings, making token spend a decisive factor in risk mitigation strategies.

Practically, the shift could accelerate three‑phase development pipelines: rapid feature creation, AI‑assisted code review, and token‑driven hardening. Open‑source software, long championed for its transparency, may benefit from token‑funded audits that scale with usage popularity, aligning with Linus’s law extended to token economics. Companies might invest in dedicated AI security budgets, treating token consumption as a measurable security metric, while the broader industry watches for cost‑efficiency breakthroughs that could eventually introduce diminishing returns and reshape the token‑spending arms race.