Anthropic said it has built an AI system, “Claude Mythos Preview,” with an unusual claim: the model is too dangerous to release widely because it excels at both finding and exploiting software vulnerabilities. The company has documented bugs in major browsers, operating systems and even the Linux kernel, and is initially sharing the tool with large technology companies to harden critical infrastructure before potential adversaries obtain comparable capabilities.
Security leaders at Cisco and Palo Alto Networks warned of a step-change in threat velocity and sophistication if such systems proliferate. The stakes extend beyond digital networks to hospitals, transportation and finance, where recent cyber incidents have disrupted services and, in rare cases, contributed to loss of life. Some officials are taking notice: U.S. financial regulators have reportedly convened Wall Street executives to game out the risks of AI-accelerated cyberattacks.
Politics could complicate the response. The Trump administration has barred federal use of Anthropic’s technology amid broader criticism of the company, raising doubts about public–private cooperation to secure government systems. While Anthropic may be incentivized to overstate Mythos’s prowess, early evidence and competitor interest suggest the hazard is real—and that the window to strengthen defenses could close quickly if less cautious actors release similarly capable models.
Related articles:
NIST Artificial Intelligence Risk Management Framework
Guidelines for Secure AI System Development (NCSC/CISA)
CISA Stop Ransomware resource hub
The Untold Story of NotPetya, the Most Devastating Cyberattack in History
