The Future of Cybersecurity: Anthropic's Mythos Revolution

Organizations with access to Mythos under Anthropic's Project Glasswing initiative told the Financial Times that a unified effort "across the public and private sectors" is essential to protect hospitals, banks, and utilities from the threats the model has exposed. Microsoft, one of the core partners, announced plans on April 22 to integrate Mythos into its Security Development Lifecycle, using it alongside its own open-source CTI-REALM benchmark to detect vulnerabilities earlier in its software development process. The company's April Patch Tuesday release addressed 167 security flaws — a figure that Rapid7 lead software engineer Adam Barnett called "a new record," noting it might be tempting to connect the spike to the Project Glasswing announcement a week prior. Mozilla, meanwhile, disclosed that its Firefox 150 release included fixes for 271 vulnerabilities identified with the help of Mythos.

Anthropic has said the model discovered more than 2,000 previously unknown vulnerabilities in just seven weeks of testing, including flaws in every major operating system and web browser — some dating back decades.

Anthropic initially released Mythos to about a dozen named partners — including Amazon, Apple, Google, Nvidia, JPMorgan Chase, and CrowdStrike — while granting access to roughly 40 additional organizations that build or maintain critical software infrastructure. Wall Street banks including Goldman Sachs, Citigroup, and Bank of America have also begun testing the model internally after Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened banking executives on April 8 to urge them to deploy Mythos against their own systems.

The concern has spread well beyond Washington. India's Finance Minister Nirmala Sitharaman met with bank leaders, the Reserve Bank of India, and technology officials to assess risks, while the European Central Bank began quietly probing banks about their defenses. Deutsche Bank's CEO said "everyone is trying to gain access to Mythos," and Anthropic confirmed plans to extend access to European and UK banks soon.

The model's power cuts both ways. Palo Alto Networks warned that capabilities like those in Mythos will soon spread beyond U.S. firms with built-in safeguards, potentially allowing hackers to "create autonomous attack agents unlike any the industry has encountered". Fortune reported that AI is now finding flaws far faster than companies can fix them, with one cybersecurity expert warning that "defenders are finding themselves in a race they're not yet equipped to win".

Anthropic has committed up to $100 million in usage credits and $4 million in direct donations to open-source security organizations as part of Project Glasswing, and says it does not plan to make Mythos generally available until new safeguards are in place.