Anthropic has withheld its advanced AI model, Claude Mythos Preview, from public release because it can identify software vulnerabilities with alarming precision. The company announced last month that only a select group of organizations can use it to scan and fix their own systems. Cybersecurity experts now warn that this technology—and similar models already available—could transform both cyberattacks and defenses in unprecedented ways.
"This is a turning point," says Dr. Elena Torres, a cybersecurity researcher at the International Institute for Digital Security. "The same tools that can protect us can also be weaponized with terrifying efficiency."
Background
Anthropic's Mythos Preview is exceptionally skilled at finding security flaws in software. However, it is not alone. The UK's AI Security Institute found that OpenAI's GPT-5.5, which is widely accessible, achieves comparable results. Meanwhile, the company Aisle replicated Anthropic's published benchmarks using smaller, cheaper models.
Anthropic's decision to limit access also appears strategic. Running Mythos is extremely expensive, and the company may lack the infrastructure for widespread deployment. By hinting at extraordinary capabilities without full proof, Anthropic can boost its valuation while competitors amplify the narrative.
What This Means
Attackers will use AI like Mythos to automatically discover and exploit vulnerabilities in everything from ransomware campaigns to espionage and wartime control of critical systems. The result could be a more volatile and dangerous world. "We are entering an era where automated hacking becomes not just possible but routine," warns cybersecurity analyst Mark Chen of SecureFuture Labs.
But defenders are already fighting back. Mozilla used Mythos to uncover 271 vulnerabilities in Firefox, all of which have been patched. As AI systems mature, continuous automatic vulnerability detection and remediation could become standard in software development, leading to far more secure products.
The short-term outlook, however, remains grim. Many systems—from industrial controllers to outdated devices—cannot be patched, and others never receive updates. Moreover, finding and exploiting a bug is often easier than fixing it. Organizations must urgently adapt their security postures to this new reality.
"We have a short window to get ahead of this," says Dr. Torres. "The long-term promise of stronger defenses is real, but the immediate danger demands swift action."
Anthropic's Mythos may be a warning shot, but the arms race in AI-assisted cybersecurity has already begun.