People naturally fear the unknown — like an imagined monster lurking in a dark closet. In April, Anthropic revealed to the world that it had created an artificial intelligence (AI) model “so powerful that it was too dangerous to release widely.”[1] Overnight Mythos became a monster lurking in the closet. Journalists Paul Mozur and Adam Satariano explained, “[Mythos] set off a global scramble unlike anything yet seen in the A.I. era.”[2] They added, “Major A.I. breakthroughs are beginning to function less like product launches and more like weapons tests, and most nations want to understand how the technologies work and what protections are needed.” Mythos, however, is not an imaginary threat. It is very real. Why is the model so dangerous and feared? Because, as Mozur and Satariano report, “[Mythos] is uncannily capable of finding and exploiting hidden flaws in the software that runs the world’s banks, power grids and governments.”

Concerns Being Raised About Mythos

Mythos is like a nuclear weapon — nobody wants it to get into the wrong hands. However, tech journalist Tom Allen reports that Mythos proliferation has already begun. He explains, “A ‘small group’ of individuals have managed to access Anthropic’s Claude Mythos Preview.”[3] He adds, “The thing everyone warned about happened even faster than expected.” The area of greatest concern is the financial sector. The PYMNTS staff reports that, at recent International Monetary Fund (IMF) and World Bank meetings, “Regulators and central bankers focused on Anthropic’s new Claude Mythos Preview model and the possibility that advanced large language models could expose weak spots in banks’ cyber defenses. According to the Financial Times, the concern is no longer theoretical. Officials are treating it as an urgent financial stability issue.”[4]

Christine Lagarde, President of the European Central Bank, has stated, “The development we’ve seen with Anthropic and Mythos is a good example of a responsible company that is suddenly thinking, ‘ah, that could be really good’ — but if it falls in the wrong hands, it could be really bad.”[5] The Financial Times reported, “Some officials called for a coordinated international response to the threat from Mythos, which Anthropic said had ‘found thousands of high-severity vulnerabilities, including some in every major operating system and web browser.’ The company warned it would ‘not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely’. It added: ‘The fallout — for economies, public safety and national security — could be severe.’”[6]

As I noted at the beginning of this article, the threat Mythos poses is very real. Tech journalist Dev Kundaliya reports that during tests conducted by the UK's AI Security Institute (AISI), “The model attempted a full-scale corporate network breach involving 32 sequential steps, from reconnaissance to full system compromise. Across ten attempts, the system: 1) Completed an average of 22 steps; 2) Successfully executed the entire attack chain three times; and 3) Outperformed previous leading models by a significant margin. The AISI said the model's performance improved with greater computing resources, suggesting further gains are likely. Despite the results, the Institute stressed that the tests were conducted under controlled conditions, with explicit instructions and access provided to the system.”[7]

Some skeptics assert that Anthropic is limiting access to Mythos’ as a business strategy. Journalist Tim Fernholz explains, “Frontier labs may want to limit their releases to big organizations: It creates a flywheel for big enterprise contracts, while making it harder for competitors to copy their models using distillation, a technique that leverages frontier models to train new LLMs on the cheap.”[8] Journalists from The Economist agree that Anthropic “stands to benefit from the perception that its system is far more brilliant than anything to have come before it.”[9] They also believe that the company’s warnings should be taken seriously. The magazine concludes, “There are reasons to take Anthropic’s latest warnings seriously. The first is their gravity: Anthropic says that Mythos has already found severe vulnerabilities in ‘every major operating system and web browser,’ including one that had gone undetected for 27 years.”

Project Glasswing: Trying to Bottle the Mythos Genie

Regardless of the motives behind Anthropic’s release strategy, Mythos is a threat and Anthropic is trying to mitigate its potential damage. Allen reports, “Project Glasswing is Anthropic’s attempt to keep Claude Mythos Preview in a sandbox of sorts — because, as the developer itself admitted, the model can exploit vulnerabilities ‘in every major operating system and every major web browser when directed by a user to do so.’” According to The Economist, “Project Glasswing [is] an effort to help companies use Mythos to boost cyber-defenses before it is widely released.”

In May, Anthropic released an update on Project Glasswing’s progress. The report noted, “After one month, most partners have each found hundreds of critical- or high-severity vulnerabilities in their software. Collectively, they’ve found more than ten thousand. Several have told us that their rate of bug-finding has increased by more than a factor of ten.”[10] As a result, the report notes, “We’re now seeing that patched software is being rolled out much more quickly.”

The report also notes, “For the last few months, Anthropic has used Mythos Preview to scan more than 1,000 open-source projects, which collectively underpin much of the internet — and much of our own infrastructure. So far, Mythos Preview has found what it estimates are 6,202 high- or critical-severity vulnerabilities in these projects.” The report also observes, “Our process for triaging vulnerabilities is intensive. First, we or one of the external security firms we work with reproduce the issue that Mythos has found and re-assess its severity. Once we’ve confirmed that a vulnerability is real, we check for whether there are already fixes in place, and write a detailed report to the software’s maintainers. … The speed of AI progress means that models as capable as Mythos Preview will soon be developed by many different AI companies. At present, no company — including Anthropic — has developed safeguards strong enough to prevent such models from being misused and potentially causing severe harm.”

The report concluded, “On the far side of these risks, there’s an encouraging world available to us: one in which important code is hardened far better than it is today, and in which hacking is far less prevalent. There are many obstacles, but we’re nonetheless confident that Project Glasswing can help get us there.” The Economist notes, “Anthropic has plenty to gain from Project Glasswing. The lab will cover the first $100m of costs arising from the use of the model for the initiative. But eventually it will charge participants five times more to use Mythos than it does for its predecessor, Opus. That may be a price worth paying.”

Concluding Thoughts

Are the capabilities embedded in Mythos a concern? Beyond a doubt. Gregory Keshian, Chief Product Officer at Bitsight, insists that the creation of Mythos is a gamechanger. He writes, “This is a compression event, collapsing timelines, expanding attack surfaces, and forcing a rewrite of how organizations think about security operations, software development, risk, and ultimately, business survival.”[11] He calls this new concern about cybersecurity “The Mythos Effect.” On the other hand, some experts insist that organizations shouldn’t overreact. Kundaliya reports “many security researchers and software engineers” have demonstrated a more restrained reaction to Mythos.[12] For example, he cites Isaac Evans, chief executive of software security firm Semgrep, who argues “that concerns over its immediate impact on real-world hacking operations had outpaced the available evidence.” Mythos is not a monster hiding in the closet. It is, however, a very capable model that, in the wrong hands, could do monstrous things.

Footnotes

[1] Paul Mozur and Adam Satariano, “Anthropic’s New A.I. Model Sets Off Global Alarms,” The New York Times, 22 April 2026.

[2] Ibid.

[3] Tom Allen, “Unauthorised users already accessing Claude Mythos Preview,” Computing, 22 April 2026.

[4] Staff, “Financial Officials Sound Alarm About Anthropic’s Banking Risk,” PYMNTS, 17 April 2026.

[5] Martin Arnold, Sam Fleming, Claire Jones, and Akila Quinio, “Latest AI models could threaten world banking system, financial officials warn,” Financial Times, 17 April 2026.

[6] Ibid.

[7] Dev Kundaliya, “Claude Mythos Preview shows ‘unprecedented’ attack capability, warns AI Safety Institute,” Computing, 16 April 2026.

[8] Tim Fernholz, “Is Anthropic limiting the release of Mythos to protect the internet — or Anthropic?” TechCrunch, 9 April 2026.

[9] Staff, “How dangerous is Mythos, Anthropic’s new AI model?” The Economist, 8 April 2026.

[10] Staff, “Project Glasswing: An initial update,” Anthropic, 22 May 2026.

[11] Gregory Keshian, “The Mythos Effect and the End of ‘Business as Usual’ for Security Operations and Risk Management,” Bitsight Blog, 8 May 2026.

[12] Dev Kundaliya, “Experts downplay alarm over Anthropic's Mythos model,” Computing, 21 May 2026.