Operational Technology Providers Are Feeling ‘Annoyance’ at Exclusion From Anthropic’s Mythos Rollout, Sources Say

The debut of Anthropic's Mythos model under Project Glasswing marks a pivotal moment for AI‑augmented cybersecurity, yet its initial focus on tech and finance giants has sparked discontent among operational technology (OT) stakeholders. OT systems—found in water treatment, energy grids, and transportation—are notoriously difficult to patch due to legacy hardware and continuous uptime requirements. By sidelining these sectors, the rollout inadvertently leaves a high‑value attack surface exposed, especially as nation‑state actors, like Tehran‑backed groups, have already demonstrated the ability to compromise OT control systems.

Industry leaders are now lobbying for inclusion, with utilities such as American Water engaging the Office of the National Cyber Director to discuss AI‑driven threat mitigation. This dialogue reflects a broader trend: boardrooms and CEOs are elevating OT security on the agenda, often bypassing traditional CIO channels. The urgency is amplified by recent DARPA competitions that proved AI can autonomously identify and remediate vulnerabilities in open‑source code used by critical infrastructure, underscoring the technology's potential to accelerate patch cycles that were previously hampered by vendor lock‑in and operational constraints.

However, access to Mythos does not guarantee comprehensive protection. As former FBI cyber official Cynthia Kaiser notes, organizations must develop clear prioritization frameworks to address the most exploitable weaknesses first. The convergence of AI capabilities, regulatory scrutiny—highlighted by the Pentagon's supply‑chain risk label on Anthropic—and evolving threat landscapes suggests that the next phase will involve not just broader model distribution but also robust governance, testing protocols, and cross‑sector collaboration to safeguard the nation’s essential services.