海角大神

Skip to footer

Anthropic鈥檚 new Mythos AI tool signals a new era for cyber risks and responses

|
Jacob Turcotte/Staff

When Anthropic detected last September that someone was using its artificial intelligence software in a highly sophisticated spy campaign, the company began investigating. What stood out about this cyberattack was how much the hackers, who Anthropic says were probably Chinese-sponsored, relied on AI.

Rather than advising the attackers, the company discovered, the AI technology actually carried out much of the attack itself.

Fast-forward to this past week, when the company said AI had made another huge leap in its cyberattack capabilities. The most advanced model to date, Claude Mythos Preview, not only had found thousands of severe vulnerabilities in common operating systems that humans had missed, but also had devised sophisticated ways to exploit those gaps.

Why We Wrote This

Tech leaders are scrambling to address risks after Anthropic found its new artificial intelligence tool can both find and exploit software flaws, highlighting a new era of security vulnerability.

The software was so powerful, the San Francisco-based company said, that it would not release it publicly, but rather, for the moment, would make it available to a newly formed consortium of some 40 key tech companies that could fix the vulnerabilities Mythos found.

In short, with AI, the long-standing arms race between hackers and cybersecurity firms is going nuclear. If what Anthropic has claimed about Mythos is true, then the race will be faster, more sophisticated, and bigger than ever before.

鈥淭his is kind of the beginning of the full-scale reckoning of the cyber risk posed by AIs,鈥 says Mantas Mazeika, research scientist at the Center for AI Safety, a nonprofit that advocates for standards to manage risks like misinformation, weaponization, and existential threats.

The twist is that this time, it鈥檚 the cybersecurity community that might have gained a step on the hackers.

鈥淚 view this as an opportunity to get ahead of the bad guys,鈥 says V.S. Subrahmanian, a computer scientist at Northwestern University. 鈥淲e have this capability now to identify the vulnerabilities that might exist in a system.鈥

Mission: defend or attack?

Anthropic built Mythos as a cutting-edge, general-purpose AI model. But what Anthropic found was that it had made a big leap in its ability to detect software bugs and, more importantly, how to use those bugs, sometimes in tandem, to attack systems. The company claims it found severe vulnerabilities in every major operating system and web browser, some of which had gone undetected for years.

For example:

  • An operating system called OpenBSD, used to run firewalls that protect computer systems, had a 27-year-old vulnerability that would let a hacker remotely crash any machine running the software.
  • It also discovered a 16-year-old flaw in the popular FFmpeg software, which codes and decodes video, that could help attackers crash devices or steal control of them.
  • On its own, Mythos combined several problems in Linux code to allow hackers to take control of a server. Linux runs most of the world鈥檚 servers, which in turn run companies鈥 and others鈥 networks.

鈥淎I models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities,鈥 the company warned in its introduction of Project Glasswing. The consortium is using Mythos to find and fix key flaws in its own software and systems.

Bhawika Chhabra/Reuters
Dario Amodei, CEO of Anthropic, addresses the gathering at the AI Impact Summit, in New Delhi, Feb. 19, 2026.

Part of Mythos鈥 advantage over humans is the speed with which it can operate.

To find software bugs, most major technology companies follow a cycle. They hire professionals who find a vulnerability in the system and figure out how to exploit it. Then those professionals alert the company, which figures out how to 鈥減atch鈥 it. Typically, that process takes months.

鈥淲hat we鈥檙e basically seeing these AI systems do now 鈥 if everything that they are saying in this announcement is accurate 鈥 is that time is compressed significantly,鈥 says Allie Mellen, an AI security operations analyst in Boston. 鈥淭he time between anyone 鈥 not just a white-hat hacker, but also a black-hat hacker, or a nation-state or a cyber criminal gang 鈥 being able to identify and exploit those vulnerabilities is incredibly small.鈥

Speed matters

That kind of speed means small companies are most at risk because they don鈥檛 have the resources that big companies do to spend what鈥檚 needed to fix flaws in their systems.

鈥淚s this a manageable threat? Not with the current software security practices that we have,鈥 says Katie Moussouris, founder of Luta Security, a cybersecurity firm in Seattle.

鈥淢y hope is that this will galvanize as much innovation on the AI defense end as it has on the AI offense end,鈥 she says. 鈥淲e do need to match that energy, or we are not going to be prepared for the tsunami of bugs and patches that are going to be coming out in the next year.鈥

Anthropic says it will not widely release this version to the public, in an effort to keep it out of the hands of hackers. Dr. Mellen calls Anthropic鈥檚 approach a 鈥渧ery positive step,鈥 and exactly what鈥檚 needed in the short term.

Down the road, though, 鈥渋t鈥檚 a different conversation,鈥 she says. 鈥淲e need to rethink the way that we are approaching the patching process and system.鈥

Finding gaps, blocking hackers

In her view, the solution is two-sided: (1) finding the vulnerabilities in existing software and (2) setting up processes for developing new software. That might mean using AI technologies like Mythos to spot vulnerabilities in advance, so new software is developed to be more hacker-resistant.

On the political end, several experts say a first step would be a dialogue among AI firms, cybersecurity companies, and industry and government officials.

AI technology is moving so fast, however, that there鈥檚 only a tight window to act or make revisions before AI鈥檚 capabilities spread beyond Anthropic鈥檚 latest development.

The company鈥檚 CEO, Dario Amodei, competitors are only six to 18 months behind. Some say China and others may be able to match Mythos鈥 capabilities sooner 鈥 perhaps in just a few months.

鈥淐hinese cyber capabilities are formidable and impressive, and they have probably hacked Anthropic long back,鈥 says Dr. Subrahmanian of Northwestern. 鈥淚 would suspect they have it already or have the ability to get it very soon.鈥

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
海角大神 was founded in 1908 to lift the standard of journalism and uplift humanity. We aim to 鈥渟peak the truth in love.鈥 Our goal is not to tell you what to think, but to give you the essential knowledge and understanding to come to your own intelligent conclusions. Join us in this mission by subscribing.

Give us your feedback

We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.

 
QR Code to Anthropic鈥檚 new Mythos AI tool signals a new era for cyber risks and responses
Read this article in
/Business/2026/0411/anthropic-mythos-ai-cyber-risk
QR Code to Subscription page
Start your subscription today
/subscribe