The real question about Anthropic’s new Claude Mythos Preview AI model is whether it (and future models like it) will be more helpful to defensive cybersecurity or to hackers. To find out, Fast Company asked a number of cybersecurity pros.
Claude Mythos, released in “preview” on April 9, is Anthropic’s biggest and most capable frontier AI model. Anthropic researchers say that during its training, the model showed a unique ability to find security vulnerabilities deep within software code, then create exploits to gain administrator-level access to software systems, including operating systems.
Because of this, Anthropic says, Mythos is too dangerous to release to the public. But because similar AI models are likely on the way, it announced an industry initiative called Project Glasswing, for which it’s giving cybersecurity researchers at various companies and institutions access to the Mythos model so they can harden widely deployed software against AI-assisted attacks.
“What Anthropic is showing . . . is how quickly AI is getting to a place where it can identify vulnerabilities at scale,” says Marcus Fowler, CEO of Darktrace Federal. “When AI can find vulnerabilities at a speed and depth that materially changes how quickly weaknesses can be identified, it fundamentally accelerates the discovery of issues across both new and existing systems.”
Dean Ball, a senior fellow at the Foundation for American Innovation and former senior policy adviser for artificial intelligence and emerging technology under President Donald Trump, says that by getting early access to Mythos, cybersecurity researchers will have an advantage in the ongoing cold war with hackers.
“When the dust settles, Mythos and the similarly capable models that will follow it will go down as major achievements in the history of cybersecurity,” Ball tweeted Thursday. “The hardening they will do to all important global software is a gift from American capitalism given freely to the world, at our great expense.”
But Ball acknowledges in a message to Fast Company that there may be a time clock on the advantage Mythos confers. There’s a constant struggle between defensive cybersecurity people and cybercriminals (hackers) to use the latest software to their advantage. “There is always an equilibrium between offense and defense, and Anthropic is attempting to give defense a leg up by keeping Mythos in limited availability for now,” Ball says.
He notes that the head start may last only 9 to 12 months before some AI lab open-sources a model similar to Mythos. But it could be much sooner if someone manages to steal the Mythos parameter weights. “This may have already happened, and it may be very hard to tell if it does,” Ball says.
In the meantime, Anthropic’s model could get exposure to, and experience with, a lot of software code from major commercial systems it’s never seen before. It’ll see new kinds of architecture and software flaws that could be exploited by attackers, and develop new patches for those. This will not only make Mythos more effective in the cybersecurity realm, but it could also benefit Anthropic’s Claude Code product by making it better at detecting bugs or potential security problems in the code it generates.
Not just next year’s model
Mythos may be more than an upgrade to the AI that hackers already use. In the Claude Mythos Preview system card, Anthropic researchers describe how the model scanned large open-source codebases, identified software bugs that had persisted for decades, and then developed sophisticated exploits to target them. Systems like Mythos could dramatically increase the speed and scale at which vulnerabilities are found and exploited.
“Frontier AI models like Claude Mythos represent a true inflection point for cybersecurity because they dramatically compress the time between identifying a vulnerability and exploiting it,” says Dan Schiappa, president of technology and services at Arctic Wolf. “Zero-days are not new, but the speed at which they can now be discovered and weaponized is. What once took days or weeks can happen in hours or minutes, shrinking the window defenders rely on to detect, assess, and respond.”
Once AI can produce working zero-day exploits at speed, as Mythos apparently can, organizations could “lose the breathing space they have traditionally relied on to detect, patch, and recover,” says X-PHY CEO Camellia Chan, noting that during testing, an early version of Mythos Preview escaped its sandboxed environment and independently accessed the internet.
That’s Mythos exhibiting unsanctioned autonomous behavior. “Any security architecture that assumes a bounded, predictable attacker needs to reckon with that,” Chan says.
Indeed, the AI-assisted cyberattacks of the future may take shapes that researchers haven’t seen before. “The most troubling capability to me is the claim that it is highly effective at reverse engineering binaries and identifying new exploits,” says Black Duck CEO Jason Schmitt. “That is breaking new ground in automated exploitation of arbitrary pieces of software, which DARPA has been funding research around for years.”
Scott Kuffer, chief product officer at Nucleus Security, says: “Organizations need to rethink how they prioritize and operationalize risk in environments that are dynamic and increasingly unpredictable.”
Detection is the easy part
Other experts point out that Project Glasswing focuses on locating security vulnerabilities, but doesn’t create tools for remediation.
“There’s a lot of defensive benefit here, but they’re missing an important—maybe the important—part,” says Drew Lohn, senior fellow at Georgetown University’s Center for Security and Emerging Technology (CSET). “They’re like, ‘We’re going to give defenders the opportunity to find the vulnerabilities first and we’re going to give them the tools to write the patches,’ but that was never the hard part.
“If AI helps find vulnerabilities, that’s good for attackers and for defenders,” Lohn adds. “If AI helps write exploits, that helps attackers maybe a little bit more than defenders. But then attackers, once they’ve got it written, can just fire it away, and defenders have to do a lot more work to make sure those patches get implemented.”
In an email, Chainguard CEO Dan Lorenc tells Fast Company that many organizations lack the resources to patch all the vulnerabilities that Project Glasswing exposes, writing that enterprises “aren’t ready for the influx of real vulnerabilities and patches they’re going to need to get out quickly.”
Darktrace’s Fowler provides more color, noting, “Many organizations can’t patch everything, whether it’s legacy systems, unmanaged devices, or environments where updates aren’t feasible. So while the window of vulnerability may get narrower, it doesn’t disappear entirely.”
Both Lohn and Fowler believe that if AI tools help reduce the number of software vulnerabilities (and therefore targets), hackers might try other kinds of targets: human targets.
“If I’m an attacker and I can’t easily break the code, I’m going to look for another path, and the most effective one is often the human,” Fowler says. “It’s someone already inside the environment, whether that’s a malicious insider, a compromised credential, or someone being incentivized or coerced. They already have access, and they can operate in ways that bypass controls inside the environment.”
AI systems like Mythos could also broaden the potential attack surface for hackers.
“While most cyber defense begins in the data center, this stands out as an existential threat that must be first addressed at the edge,” Viakoo Labs VP John Gallagher writes in an email. This could mean protecting power grids, water systems, self-driving car networks, industrial automation systems or smart home appliances. “Mythos is OS agnostic, but vulnerability remediation is not,” he writes. “There is no ‘Windows Update’ for a water pump or an IoT gateway.”
And speaking of critical software systems, it’s not always easy to install patches quickly, CSET’s Lohn points out. “The reason that there were so many vulnerabilities is because you can’t take these systems offline right away, or you have to be pretty darn sure that any update you make isn’t going to crash the system,” he says, recalling the disastrous CrowdStrike patch install that grounded airline, bank, and hospital systems in July 2024. “That’s the big concern: How long does it take to update? How sure can you be that your update didn’t break some other stuff?”
The AI is real, even if its impact is uncertain
In some online conversations this week, people questioned whether Mythos is really as capable, and therefore threatening, as Anthropic’s researchers say it is. It’s true that AI labs have in the past hyped their models by talking about how dangerous they are. But it seems far-fetched that Anthropic’s researchers would go to the trouble of faking the Mythos performance tests and then writing a 280-page system card about it. And all of Anthropic’s Glasswing partners would have to be in on the scam.
But whether Mythos ultimately helps software security more than it harms it is yet to be seen. Not everybody thinks it will.
BeyondTrust SVP Bradley Smith, for one, questions the narrative that Anthropic is really giving the good guys a head start, pointing out that hackers have been using AI tools for some time. They have experience with them, and will soon have access to far more powerful models.
“There is no head start,” Smith says. “There is only the decision to act or the decision to wait, and waiting has already cost the industry more than most leaders are willing to admit.”