TL;DR
Anthropic’s Claude Mythos Preview found thousands of zero-day vulnerabilities across major operating systems and browsers, prompting the Fed chair and Treasury secretary to convene bank CEOs. The company warns of a six-to-twelve month window before adversaries replicate the capability.
Anthropic built an AI model that found thousands of zero-day vulnerabilities in every major operating system and web browser. The Federal Reserve chair and the Treasury secretary called bank CEOs to discuss it. The company says there is a six-to-twelve month window to patch the flaws before adversaries build models that can do the same thing. The cybersecurity industry says the threat was already here. Both are right.
Claude Mythos Preview is the model. It is not yet publicly released. In controlled testing, it surpassed all but the most skilled humans at finding and exploiting software vulnerabilities, identifying flaws that had existed undetected for decades, including a 27-year-old bug in OpenBSD and a 17-year-old remote code execution flaw in FreeBSD. Anthropic CEO Dario Amodei described the current period as a “moment of danger” and warned of “some enormous increase in the amount of vulnerabilities, in the amount of breaches, in the financial damage that’s done from ransomware on schools, hospitals, not to mention banks.”
The discovery
Mozilla released Firefox 150 with fixes for 271 security vulnerabilities identified by Mythos in a single evaluation pass. The number is striking not because Firefox is unusually insecure but because no human team had found them. The vulnerabilities had accumulated across years of development, each one a potential entry point for an attacker with the right tools. Mythos found all 271 in one run.
The 💜 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!
The model’s capability raises a question that the cybersecurity industry has been theorising about for years and now must answer practically: what happens when the cost of finding vulnerabilities drops to near zero? The traditional economics of cybersecurity depend on the asymmetry between attackers, who must find one flaw, and defenders, who must secure all of them. Mythos collapses the cost on both sides. Defenders can now scan their entire codebase for flaws they never knew existed. Attackers, once they build or obtain equivalent models, can do the same.
The response
Anthropic chose a controlled rollout, which it calls Project Glasswing. Approximately 40 technology companies and institutions have initial access to Mythos to bolster their systems. The list does not include most central banks and governments. The asymmetry is intentional: give defenders a head start before the capability becomes widely available.
The response from financial regulators was immediate. Federal Reserve Chairman Jerome Powell and Treasury Secretary Scott Bessent convened a meeting with major US bank CEOs to discuss the cyber risks raised by Mythos. The IMF flagged AI-powered cyber threats to the global banking system. The concern is not that Mythos itself will be used to attack banks. It is that the capability Mythos demonstrates, automated discovery of vulnerabilities at superhuman speed, will be replicated by adversaries who are not bound by Anthropic’s responsible disclosure practices.
Anthropic shipped financial services agents the day after announcing its 1.5 billion dollar Wall Street joint venture, a sequence that illustrates the company’s dual positioning: it is simultaneously the entity warning banks about AI-powered cyber threats and the entity selling AI products to banks. The joint venture with Blackstone and Hellman and Friedman is anchored at approximately 300 million dollars from Anthropic and will deploy AI across private equity operations.
The race
Amodei’s six-to-twelve month window is a prediction about how long it will take Chinese AI companies to build models with equivalent vulnerability-discovery capabilities. The window is not about whether adversaries will develop the capability. It is about when. The controlled rollout of Mythos is designed to give the companies that receive early access enough time to patch their most critical flaws before the window closes.
OpenAI released GPT-5.4-Cyber for vetted security teams, scaling its Trusted Access programme in direct response to the Mythos disclosure. The competitive dynamic between Anthropic and OpenAI has extended from commercial AI products into cybersecurity, with both companies positioning themselves as defenders of the software infrastructure their own models could be used to compromise.
Researchers have already demonstrated that AI agents from Anthropic, Google, and Microsoft can be hijacked via prompt injection to steal API keys and tokens, and all three vendors paid bounties but skipped public disclosure. The irony is precise: the AI agents that companies deploy to improve security are themselves vulnerable to attacks that could compromise the systems they are meant to protect.
The tension
The cybersecurity community’s response to the Mythos disclosure has been a mixture of alarm and scepticism. Security researchers note that AI-assisted vulnerability discovery has been developing for years and that the capabilities Mythos demonstrates, while impressive in scale, are an acceleration of existing trends rather than a discontinuous leap. The threat of AI-powered cyberattacks was identified by the UK’s National Cyber Security Centre more than a year ago. What Mythos changes is not the existence of the threat but the specificity of the evidence.
Anthropic occupies an unusual position. It is a company whose business model depends on selling AI capabilities to enterprises, including banks, while simultaneously arguing that AI capabilities of the kind it is developing pose an existential threat to the cybersecurity of those same enterprises. The resolution of the contradiction is commercial: Anthropic’s pitch is that you need its AI to defend against AI of the kind it builds. The logic is circular but the threat is real.
The 271 Firefox vulnerabilities were real. The 27-year-old OpenBSD bug was real. The meeting between the Fed chair and bank CEOs was real. The question is not whether AI will transform cybersecurity. The question is whether the six-to-twelve months Amodei describes is enough time to patch decades of accumulated vulnerabilities across every operating system, browser, and financial platform in production, or whether the window is an estimate designed to create urgency for a problem that cannot be solved on any timeline. Mythos found the flaws. Fixing them is a human problem.
