Anthropic’s Mythos Sparked Cyber Panic, But Experts Say the Danger Predates It

ByNonce News Desk

CNBC reported Friday that the Mythos cybersecurity threat rattling banks, governments and tech firms is not as novel as widely assumed. Experts say older AI tools are already capable of doing the same damage.

Mythos Sent Institutions Scrambling

Anthropic’s Mythos model caused significant alarm after it reportedly identified thousands of previously unknown flaws buried inside global software infrastructure. Banks, technology companies and government agencies rushed to assess their exposure. Anthropic limited the rollout to a small group of American partners, including Apple, Amazon, JPMorgan Chase and Palo Alto Networks. That controlled release, known internally as Project Glasswing, was designed to give institutions time to harden their defenses before broader access. The Trump administration has since begun weighing new oversight frameworks for future high-capability model releases.

Older Models Can Reproduce the Results

Security researchers told CNBC the alarm, while understandable, may be misdirected. Ben Harris, CEO of cybersecurity firm watchTowr Labs, said teams across the industry have already replicated Mythos-style vulnerability discovery by coordinating multiple publicly available models. The technique, called orchestration, involves breaking code into smaller chunks and routing it through several tools simultaneously. Klaudia Kloc, CEO of cybersecurity firm Vidoc, said her team ran older Anthropic and OpenAI models against identical codebases and found the same flaws Mythos surfaced. She told CNBC current models have been capable of detecting zero-day vulnerabilities at scale for “a couple of months, if not a year.” A zero-day refers to an undisclosed software flaw that attackers can exploit before developers issue a patch. A third firm, AISLE, concluded that running cheaper models in parallel produced comparable results, suggesting coordination matters more than raw model capability.

The Widening Patch Gap

The deeper concern, researchers say, is structural. AI tools are compressing the time needed to find vulnerabilities, but companies still require days or weeks to issue patches. That mismatch is growing wider. Anthropic CEO Dario Amodei warned this week that AI-enabled attacks could dramatically increase ransomware damage to schools, hospitals and financial institutions. Weeks after Mythos launched, OpenAI CEO Sam Altman unveiled GPT-5.5-Cyber, a model purpose-built for cybersecurity work. OpenAI on Thursday extended limited access to vetted security teams. Researchers broadly agree that in the current moment, offensive capabilities are advancing faster than defensive ones.

Read Next: Fed Holds Rates Steady as Trade War Uncertainty Clouds Outlook

Similar Posts