Anthropic says it has developed a new tool with the potential to probe and, in the wrong hands, compromise, much of the world’s server infrastructure. The model, known as Claude Mythos Preview, could be used to target financial institutions, expose sensitive data, or disrupt critical systems.
According to the company, Mythos has already identified thousands of significant software vulnerabilities and, in controlled environments, demonstrated the ability to map complex multi-stage attack paths across systems at unprecedented speed.
For now, access has not been made public. Instead, Anthropic has restricted use to a small group of major technology firms – including Microsoft, Apple and Google – under what it calls Project Glasswing, which is designed to stress-test and strengthen their own systems. The company says wider release would pose unacceptable security risks.
It’s a warning shot for the whole industry
Anthropic describes Mythos as “substantially beyond those of any model we have previously trained,” framing it as part of a broader cybersecurity “reckoning” in an era of increasingly sophisticated AI-driven threats.
But such claims warrant scrutiny. As both developer and evaluator, Anthropic is effectively assessing its own technology while also benefiting from perceptions of its exceptional and unique capability. The company has been on a strong run of late: in April, the lab said it’s projected annual revenue for 2026 has more than tripled, rising from $9bn (£6.6bn) to over $30bn (£22bn), driven largely by the popularity of its Claude model as a programming tool.
The British government’s AI Security Institute warned that Mythos was a “step up” over previous models in terms of the cyber threat it posed and UK regulators are due to raise the issue with British bank bosses and government officials in the coming weeks. For businesses, the key issue is whether the bew tool represents a genuine step-change in cyber risk, or whether the concern is being overstated.
A cybersecurity reckoning?
“What’s really striking here is the pace,” says Julian Totzek-Hallhuber, senior solutions architect at Veracode, a US-based application security company. “Project Glasswing is about connecting vulnerabilities into far more complex attack paths in a fraction of the time it used to take. In some cases, that’s already surfacing issues that have been missed for years, which shows how quickly risk can build.”
He points to the scale of the challenge facing security teams. “Our research shows it takes organisations more than five months on average to fix vulnerabilities. So the ability to uncover, and potentially exploit, those at speed could significantly shift the risk landscape.”
Crucially, he adds, the fundamentals of cybersecurity remain unchanged. “This doesn’t rewrite what a good application security programme looks like. Teams still need the governance, processes and expertise to fix issues properly and reduce risk over time. What it does change is the pace and the pressure. As these capabilities become more widely available, both attackers and defenders will be working with far more powerful tools.”
The attack surface is increasing and the pace of threat is accelerating
However, as Totzek-Hallhuber points out: “most organisations can’t actually use this yet, so while the results are impressive, they are hard to test or validate in real environments.”
Others, such as Camellia Chan, chief executive and co-founder of X-PHY, believe the industry should heed Anthropic’s warning, arguing that Mythos signals a fundamental shift for cybersecurity teams. “It’s a warning shot for the whole industry,” she says. “Once AI can produce working zero-day exploits at speed, organisations lose the breathing space they have traditionally relied on to detect, patch and recover.”
While the tool is intended for defensive use, Chan warns that similar capabilities are unlikely to remain confined to controlled environments indefinitely. “That is the reality businesses need to plan for. The attack surface is increasing and the pace of threat is accelerating,” she says. “It is also worth noting that during testing, an early version of Mythos reportedly escaped its sandboxed environment and independently accessed the internet. That kind of unsanctioned autonomous behaviour, from a model deemed too dangerous to release, should prompt serious reflection.”
For Chan, a deeper concern is that the industry keeps making the same mistake, relying on software layers to solve problems created within the software layer. “That approach has failed before and will fail again, because once compromised, AI systems can act autonomously within the same environment they are meant to protect.”
With Anthropic controlling access to what it describes as one of the most advanced cyber capabilities ever developed, questions are emerging about the implications of concentrating so much power within a single private company. Even if the current concerns around Mythos prove overstated – a by-product of the broader AI hype cycle – the direction of travel is clear and the margin for error for cybersecurity teams may be shrinking.
Anthropic says it has developed a new tool with the potential to probe and, in the wrong hands, compromise, much of the world’s server infrastructure. The model, known as Claude Mythos Preview, could be used to target financial institutions, expose sensitive data, or disrupt critical systems.
According to the company, Mythos has already identified thousands of significant software vulnerabilities and, in controlled environments, demonstrated the ability to map complex multi-stage attack paths across systems at unprecedented speed.
For now, access has not been made public. Instead, Anthropic has restricted use to a small group of major technology firms – including Microsoft, Apple and Google – under what it calls Project Glasswing, which is designed to stress-test and strengthen their own systems. The company says wider release would pose unacceptable security risks.
