Anthropic has unveiled Claude Mythos Preview, a powerful new AI model capable of identifying and exploiting thousands of high-severity vulnerabilities in every major operating system and web browser, prompting urgent warnings from U.S. officials about its potential to reshape cybersecurity threats.[1][5] More than 99 percent of these vulnerabilities remain unpatched, with many having evaded human detection and automated tests for decades, according to the company.[1][3] In response, Anthropic launched Project Glasswing, a collaborative initiative with tech giants including AWS, Google, Microsoft, Apple, Cisco, and CrowdStrike to deploy the model's capabilities defensively and secure critical software before broader AI proliferation heightens risks.[5]
The release has sparked alarm at the highest levels of government. Federal Reserve Chair Jerome Powell and Treasury Secretary Scott Bessent summoned leaders from major U.S. banks for an urgent meeting on April 7, warning that Mythos signals a new era of cybersecurity dangers to the financial system.[2] Officials fear hackers or foreign actors could misuse such tools to exploit weaknesses at unprecedented speed, turning months-long attack planning into minutes and amplifying threats to economies, public safety, and national security.[1][5] Anthropic has withheld a full public launch, opting instead for limited access to select cybersecurity and software firms to test and patch flaws, a move echoed in past concerns like OpenAI's 2019 delay of GPT-2.[1][3][4]
This development underscores a dual-edged sword in AI advancement: while Mythos excels at long-range tasks mimicking expert human security researchers, it could democratize hacking if mishandled.[4][5] Cybersecurity experts, including those at Bloomberg and VentureBeat events, emphasize the need for "zero trust" architectures for AI agents, isolating credentials from untrusted code to limit damage from intelligent but unpredictable systems.[3] Anthropic's ongoing talks with U.S. government officials highlight tensions over deployment, including disputes with the Trump administration on Pentagon use, amid calls for differential access that prioritizes vetted defenders.[1][5]
The stakes extend to broader infrastructure and industries. Project Glasswing partners like JPMorgan Chase and NVIDIA aim to give defenders a "durable advantage" in an AI-driven cyber arms race, where models like Mythos outpace traditional defenses.[5] Banks and financial institutions face immediate risks, as unpatched flaws could enable rapid exploits against payment systems or data centers.[2] What happens next remains fluid: Anthropic plans expanded collaboration to fix vulnerabilities, but experts debate benchmarks validating the model's claims and question whether regulations can enforce responsible access without stifling innovation.[1]
For the public and businesses, this means rethinking security at "machine speed." As AI tools proliferate—evident in related launches like agentic banking platforms or zero-trust architectures—the focus shifts from access control to action oversight, treating agents like "supremely intelligent teenagers" unbound by consequences.[3][4] While some researchers question the hype, the consensus from Washington to Silicon Valley is clear: securing software now is essential to avert fallout from AI's cyber potential.[1][5]