Anthropic Says Mythos Is Too Dangerous for the Public. It Just Gave 150 More Organisations Access.

Artificial intelligence is reshaping vulnerability research, and Anthropic’s Mythos model sits at the forefront. By automating the discovery of zero‑day flaws across operating systems and browsers, Mythos can generate exploit chains faster than any human red‑team. This capability has attracted a curated cohort of tech giants and security firms, expanding the user base to about 200 entities worldwide. The promise is clear: give defenders the same AI‑powered insight attackers could wield, theoretically shrinking the window between discovery and remediation.

The reality, however, reveals a stark patch gap and heightened exposure risk. Despite uncovering over 10,000 high‑severity issues, only 14% have been fixed, reflecting the labor‑intensive validation process and the speed at which AI can weaponize vulnerabilities. An April incident where a small group of unauthorized users breached Mythos underscores the paradox of widening access: each new participant becomes a potential leak point. Moreover, Anthropic’s performance metrics remain unverified by third parties, leaving the security community to rely on self‑reported data amid an IPO‑driven rollout.

Industry competitors such as OpenAI and Google are racing to launch comparable AI security tools, intensifying pressure on standards and oversight. Regulators may soon demand independent audits and transparent disclosure practices to curb misuse. For enterprises, the decision to join Anthropic’s Project Glasswing hinges on balancing the defensive advantage of AI‑augmented pen testing against the risk of inadvertently amplifying offensive capabilities. As the market matures, the firms that can prove both efficacy and responsible governance are likely to set the benchmark for AI‑enabled cyber resilience.