Anthropic Mythos Cybersecurity Model Triggers Global Alarm From Finance Ministers

When Anthropic published its assessment of Claude Mythos Preview on April 7, the findings were blunt: the model is "strikingly capable at computer security tasks" and can find zero‑day vulnerabilities in every major operating system and every major web browser. That is not marketing language — it is Anthropic's own red team describing what the model actually does.

Mythos Preview identified bugs that are often 10 to 20+ years old. The oldest: a 27‑year‑old vulnerability in OpenBSD's TCP SACK implementation, dating back to code written in 1998. Anthropic's engineers — people with no formal security training — asked Mythos to find remote code execution vulnerabilities overnight, and it delivered. The cost for the specific run that found the OpenBSD bug was under $50, though the total across 1,000 runs that produced dozens of findings was approximately $20,000.

The jump from Anthropic's previous model, Opus 4.6, to Mythos Preview is not incremental. According to Anthropic's own technical report, Opus 4.6 managed to create 2 working Firefox JavaScript exploits out of several hundred attempts. Mythos Preview produced 181 working exploits plus 29 register controls. On OSS‑Fuzz tier 5 challenges (full control‑flow hijack), Opus 4.6 scored zero. Mythos scored 10 on fully patched targets.

These capabilities emerged as a downstream consequence of general improvements in code, reasoning, and autonomy — they were not the result of explicit cybersecurity training. That distinction matters: it means future models from any lab could develop similar capabilities as a side effect of getting better at coding, whether anyone intends it or not.

Anthropic's own validation found that in 89% of 198 manually reviewed vulnerability reports, expert contractors agreed with Mythos's severity assessment exactly. In 98% of cases, assessments were within one severity level. If those results hold, Anthropic estimates there are 1,000+ additional critical‑severity vulnerabilities and thousands more high‑severity ones that Mythos has identified but that remain unpatched.

Anthropic chose not to release Mythos Preview publicly. Instead, the company launched Project Glasswing, which grants access to select organizations for defensive cybersecurity purposes only. According to the BBC, participants include Amazon Web Services, CrowdStrike, Microsoft, and Nvidia. Anthropic describes Glasswing as an effort to "secure the world's most critical software" and give defenders a head start before these capabilities proliferate more widely.

The model uses SHA‑3 cryptographic commitments to prove possession of vulnerabilities without revealing them, with commitments disclosed after a 90+45 day responsible disclosure window. Fewer than 1% of Mythos's findings have been patched so far, according to Anthropic's report.

The controlled access model suffered a significant breach. On April 21, Reuters reported that a small group of unauthorized users gained access to Mythos through one of Anthropic's third‑party vendor environments. The group accessed the model on the same day Anthropic announced Project Glasswing and has been using it regularly since then — not for cybersecurity purposes.

An Anthropic spokesperson confirmed to Reuters: "We're investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third‑party vendor environments." The breach was not a direct hack of Anthropic's systems but rather exploited shared accounts and API keys in a vendor's environment, a pattern that underscores the difficulty of controlling access to powerful models once they are distributed beyond a single organization.

The global reaction has been swift. Canadian Finance Minister François‑Philippe Champagne told the BBC that Mythos was discussed extensively at the IMF meeting in Washington DC, calling it "serious enough to warrant the attention of all the finance ministers." He contrasted the known threat of the Strait of Hormuz with the unknown nature of Mythos: "The difference is that the Strait of Hormuz — we know where it is and we know how large it is... the issue that we're facing with Anthropic is that it's the unknown, unknown."

India's Finance Minister Nirmala Sitharaman went further, telling the ET Awards for Corporate Excellence that the Mythos threat is "as big as a threat of war", according to The Economic Times. India has formed a dedicated panel under SBI Chairman C S Setty to address emerging cyber threats, and the industry body Nasscom has written to Anthropic requesting Indian companies be granted access.

Bank of England Governor Andrew Bailey also addressed Mythos in a public speech, noting that cyber risk is a perpetual threat to the financial system. Yahoo Finance reports that banks are scrambling to get permissioned on Mythos to understand what they are up against.

Not everyone is convinced the alarm is proportional. The UK's AI Security Institute has published the only independent report into Mythos's cybersecurity capabilities. Their researchers found it was a powerful tool able to find many security holes in undefended environments. The BBC characterized the AISI's findings as suggesting Mythos was not dramatically better than Claude's predecessor, Opus 4. However, the AISI's own published data tells a different story: they found Mythos was the first model to solve their 32‑step "The Last Ones" challenge and described it as "substantially more capable at cyber offence than any model we have previously assessed," succeeding on expert‑level CTF challenges 73% of the time.

Some cybersecurity experts question whether the concern exceeds the evidence, especially given that the model has not been widely tested by the industry. Critics also note that AI companies have a commercial incentive to hype their models' capabilities — OpenAI made similar claims when it chose to stagger the release of GPT‑2 in 2019, citing safety concerns. The Wire China argues that regardless of whether the threat matches the hype, the asymmetry between attack and defense in cybersecurity means that even a moderately capable model in the wrong hands could cause outsized damage.

For builders, the practical takeaway is clear: defensive cybersecurity tools are advancing as fast as offensive ones, and Mythos‑like capabilities will likely be standard within a year or two. The companies that get early access through Project Glasswing will have a significant advantage in hardening their systems before these tools become widespread.

In mid‑April, Anthropic released a new version of its Claude Opus model that allows Mythos's cyber capabilities to be tested in less powerful systems, giving the broader security community a way to evaluate the threat profile without accessing the full model. The company has also committed to responsible disclosure of all vulnerabilities found, with SHA‑3 cryptographic commitments ensuring transparency without premature exposure.

According to Anthropic's technical report, the long‑term outlook favors defenders — "the side that can get the most out of these tools" — but the transitional period "may be tumultuous." Project Glasswing is Anthropic's attempt to give defenders that head start. Whether it succeeds depends on how quickly the vulnerabilities it has found get patched, and whether the third‑party access model can be secured against future breaches.