Anthropic's Mythos sparks security alarm

Wall Street was not supposed to be talking about one artificial intelligence model in the same breath as bank stability, but that is what happened this week after Anthropic unveiled Claude Mythos Preview and then kept it behind tight access controls. Anthropic said the model is unusually strong at finding severe software flaws and strong enough that broad release could help attackers, not just defenders. (anthropic.com) Anthropic’s own research team said Mythos can find more high-severity bugs than earlier models and can even turn some known-but-not-yet-patched software flaws into working exploits. The company said more than 99 percent of the vulnerabilities it found are still unpatched, which is why it withheld technical details. (red.anthropic.com) That is the core fear in plain English: a bug finder is also a lock picker if you hand it to the wrong person. A model that can read millions of lines of code, spot the weak seam, and suggest the break-in steps lowers the skill needed for cyberattacks. (wired.com) Anthropic did not launch Mythos like a normal chatbot. It placed the model inside a restricted program called Project Glasswing and said selected partners would use it for defensive security work on critical software and infrastructure. (anthropic.com) Anthropic said more than 40 additional organizations that build or maintain critical software infrastructure were also given access to scan first-party code and open-source systems. The company framed that as a race to patch the digital plumbing before criminals get tools with the same reach. (anthropic.com) The political response jumped fast from Silicon Valley to Washington. Reuters reported on April 9 that Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened an urgent meeting with major bank chief executives to warn about cyber risks tied to the model. (reuters.com) That meeting matters because large banks sit on payment rails, treasury systems, and customer records that cannot go down for long without wider damage. If officials think a new model could make intrusion easier for less-skilled attackers, they do not need a confirmed attack to start contingency planning. (cnbc.com) Markets heard the same message and sold first. Bloomberg-covered trading moves, echoed across market reports, showed Cloudflare dropping nearly 12 percent, with other software and cybersecurity names falling as investors tried to price in a world where artificial intelligence can both defend networks and punch through them. (ndtvprofit.com) Not everyone in cybersecurity thinks Mythos changes everything overnight. Some analysts told CRN, Fast Company, and Wired that current frontier models already find many bugs, and that the bigger lesson is how much insecure code is already sitting in critical systems. (crn.com) Anthropic’s own system card says Mythos is its most capable frontier model yet, not a single-purpose hacking engine. That is why this story is spilling into finance and regulation: the same jump that makes a model better at coding and software analysis can also make it better at breaking software when the task is framed that way. (anthropic.com) The fight now is not over whether these models will be used in cybersecurity. The fight is over who gets them first, how tightly access is controlled, and whether patching critical systems can move faster than the people trying to break in. (anthropic.com)