Anthropic’s Mythos AI finds thousands of flaws, stirs misuse fears

Anthropic’s Mythos AI quickly became more than another model release. The company pitched it as a defensive cybersecurity tool, but the same system that found thousands of major vulnerabilities across major operating systems and web browsers also intensified fears that attackers could use it to move faster than defenders.

The model arrived through a controlled program called Project Glasswing, which limited access to major technology firms including Amazon, Microsoft, Nvidia and Apple, along with more than 40 other organizations that build or maintain critical software infrastructure. That narrow rollout signaled Anthropic’s effort to keep broad public access restricted while putting the system in the hands of large, well-resourced partners. Anthropic said the model’s ability to find software flaws at scale could, if misused, pose serious risks to economies, public safety and national security.

That warning is why banks and regulators are uneasy. Mythos is designed to search for weaknesses in code and systems, a capability that can help defenders harden networks and expose hidden bugs before criminals do. But experts worry the same advanced coding abilities and autonomous functions could also help attackers identify and exploit unknown flaws faster than companies can patch them, especially in banking, where old systems and tangled connections remain common.

The concern spread quickly beyond the tech sector. U.S. software stocks fell on April 9 after the model’s April 7 launch revived fears that new AI systems will pressure traditional software firms. In Washington, the White House has spoken with Anthropic chief executive Dario Amodei about collaboration, cybersecurity and safety. The Pentagon has given Anthropic a formal supply-chain risk designation, and the Treasury secretary and Federal Reserve chair met bank chief executives to brief them on the model’s potential risks.

The response has also crossed the Atlantic. Britain has held talks with banks and cybersecurity officials, and banks are now in close contact with European regulators. Mythos has become a test case for a hard question now facing government and finance leaders: how to welcome AI systems that can defend networks without opening the door to tools that can also widen systemic risk.