What is Claude Mythos and what risks does it pose?

Anthropic has sparked significant interest in the AI sector with its latest model, Claude Mythos, which claims to surpass human performance in certain hacking and cybersecurity tasks. This revelation has prompted scrutiny from regulators, lawmakers, and financial institutions, raising questions about its potential impact on digital infrastructure.

The company’s assertion that Mythos can identify and exploit hidden vulnerabilities in legacy systems has led to the creation of Project Glasswing, an initiative aimed at granting access to select tech firms. This allows them to evaluate the model’s capabilities and bolster their own defenses against it. However, some experts caution that Anthropic may be emphasizing its model’s strengths to highlight groundbreaking potential, making it challenging to separate genuine advancements from promotional claims.

Mythos, part of Anthropic’s broader Claude AI ecosystem, was first unveiled in early April as “Mythos Preview.” Security researchers noted that the model demonstrates exceptional skill in cybersecurity tasks, including uncovering long-dormant bugs in code that have existed for decades. One notable example is a flaw identified in a system that had remained undetected for 27 years. These findings have led to its distribution among 12 companies, including Amazon Web Services, Apple, Microsoft, Google, Nvidia, and Broadcom, as well as Crowdstrike, which previously caused a global outage in July 2024.

Expert Reactions and Concerns

Canadian finance minister François-Philippe Champagne recently highlighted the significance of Mythos during an International Monetary Fund meeting in Washington, D.C. He described it as an “unknown unknown,” suggesting its potential to disrupt financial systems. Similarly, Bank of England chief Andrew Bailey expressed concern, stating that the model’s capabilities could heighten the risk of cybercrime.

“Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser,” Anthropic stated on 7 April.

Ciaran Martin, former director of the UK’s National Cyber Security Centre, called the model’s ability to uncover critical weaknesses “a wake-up call.” He emphasized that even systems with known vulnerabilities could be compromised more swiftly by Mythos, raising alarms about its effectiveness as a tool for cyber attacks.

Despite its impressive capabilities, independent analysts have yet to fully assess Mythos. The UK’s AI Safety Institute noted that while the model is powerful, its greatest threat lies in poorly secured systems. Researchers remain uncertain whether it can breach well-defended networks, suggesting that robust cybersecurity measures could mitigate its risks.

Fear of AI’s disruptive potential is not new. As newer models emerge, they often come with ambitious promises of transformation. The challenge now is to discern whether Mythos represents a genuine leap in technology or an exaggerated claim, with its implications spanning both innovation and security concerns.