Business Today flags Claude Mythos risk

Anthropic’s Claude Mythos is not just another chatbot launch. In April, the company said the model could identify and exploit previously unknown software flaws across major operating systems and web browsers. (anthropic.com) (red.anthropic.com) Anthropic announced Claude Mythos Preview on April 7, 2026 and said it was “strikingly capable” at computer security tasks. The company said it would not broadly release the model and instead created Project Glasswing for a limited set of defensive partners. (red.anthropic.com) (anthropic.com) The basic issue is simple: a model that writes code can also inspect code, spot weak points and sometimes build the exploit needed to break in. Anthropic said Mythos could identify and then exploit zero-day vulnerabilities in every major operating system and every major web browser during testing. (red.anthropic.com) A zero-day is a bug the vendor does not know about yet, which means there is no patch waiting on the other side. Anthropic said many of the flaws Mythos found were 10 or 20 years old, and the oldest disclosed example was a now-patched 27-year-old OpenBSD bug. (red.anthropic.com) Anthropic has shared only a small slice of the evidence in public because most of the vulnerabilities it says it found are still unpatched. The company said more than 99% of the vulnerabilities it uncovered had not yet been patched when it published its technical post. (red.anthropic.com) Instead of a general release, Anthropic said Project Glasswing would give selected organizations access to use Mythos for defensive work on foundational systems. Anthropic said it committed up to $100 million in usage credits and $4 million in direct donations to open-source security groups. (anthropic.com) NBC News reported that launch partners included companies such as Microsoft, Nvidia and Cisco, and that Anthropic extended access to over 50 tech organizations. Anthropic said those partners would use Mythos to find and fix weaknesses in software that makes up a large share of the world’s shared attack surface. (nbcnews.com) (anthropic.com) The British AI Security Institute said Mythos represents a step up over earlier frontier models in a cyber landscape that was already improving quickly. Its evaluation adds outside support to Anthropic’s claim that the model marks a higher-risk category than ordinary coding assistants. (aisi.gov.uk) Not everyone accepted Anthropic’s framing at face value. The Register and other outlets noted that many technical details remain undisclosed, which makes it hard for outsiders to measure exactly how much of the public alarm reflects verified capability and how much reflects company-controlled evidence. (theregister.com) (securityweek.com) Then the story shifted from what Mythos could do to who could reach it. TechCrunch, Bloomberg and other outlets reported that Anthropic was investigating claims that unauthorized users accessed Mythos through a third-party contractor environment after the model’s launch. (techcrunch.com) (theregister.com) Anthropic said it was investigating the report and said there was no evidence Anthropic’s own systems were affected beyond the vendor environment. That response put access control, vendor security and model-governance questions at the center of the Mythos discussion. (theregister.com) (siliconangle.com) That is why Business Today’s explainer lands on a real pressure point. Claude Mythos is being treated less like a product launch and more like a security event, with the model itself now part of the threat surface. (businesstoday.in) (anthropic.com)