Mounting fears that Anthropic’s new model, Mythos, could lead to a dramatic rise in hacking may have been overstated, according to a series of new reports. At its launch in April, the company showcased the model’s ability to uncover thousands of software vulnerabilities and flaws across major operating systems and browsers, warning that the fallout from widespread adoption could be severe.
Governments quickly took notice, with officials across multiple countries meeting with banks and financial institutions to assess the risks. By early May, the White House had begun enforcing rules governing how new AI models are released following safety testing.
Practitioners Report Measured Risks
The gap between the level of threat perceived by security professionals and that seen by policymakers has fueled a narrative placing Mythos at the center of a looming cybersecurity crisis.
“We’ve been able to use AI to find more bugs than we know what to do with for months, if not years,” said one person with extensive vulnerability research experience and early access to Mythos. According to the source, the real challenge is no longer discovering vulnerabilities, but validating, prioritizing, and fixing them without disrupting critical systems. They noted that organizations are often unprepared to process the growing volume of vulnerabilities uncovered by advanced AI systems — a challenge that models like Mythos are accelerating, even as they improve detection capabilities.
The person added that Mythos can uncover vulnerabilities using far simpler prompts than earlier models required, lowering the technical barrier to entry. Previous systems depended on highly detailed and complex instructions, whereas Mythos can produce stronger results with minimal guidance.
Cisco executive Anthony Grieco said one of Mythos’s most valuable advances is its ability not only to identify vulnerabilities, but also to rapidly scan massive codebases while reducing false positives. This enables security teams to focus more effectively on the most critical cyber risks in their environments. Grieco also noted that the model operates with fewer guardrails than previous generations, allowing experienced users to craft more precise instructions and perform activities that earlier models restricted.
Project Glasswing Tests Defences
Grieco said that to fully maximize the power of Mythos, organizations need both substantial computing power and a rigorous “harness” — a term used to describe the controlled computing environment in which a large language model operates with specific instructions and limitations.
An invitation extended to select firms to test their defenses under a program dubbed Project Glasswing helped push the conversation around the model far beyond traditional security circles. The all-hands-on-deck response amplified both the perceived threat and the company’s stature, even as the Pentagon reportedly labeled Anthropic a supply-chain risk while other parts of the government sought access to the technology.
A White House official told Reuters that the administration is in discussions with AI labs about broader use of their technology.
Mythos and OpenAI’s GPT-5.t have dominated national security discussions around artificial intelligence. However, many of these debates overlook a simpler point about existing vulnerabilities.
“Our adversaries have become highly effective even without AI,” said Cynthia Kaiser, a former senior FBI cybersecurity official now with Halcyon. “Ransomware attacks are happening in under an hour,” she noted, emphasizing that most cyber threats today still do not rely on artificial intelligence.
For now, the scale of Mythos — along with its significant computing and infrastructure requirements — limits access to only a small group of organizations. However, experts believe those barriers are temporary.
“I don’t think the architecture is optimized,” said Nick Adam of State Street during a panel discussion at Vanderbilt University. Referring to infrastructure and processing limitations previously highlighted by security experts, Adam added, “There’s a barrier to entry there — but it will be solved pretty quickly.”
