Despite concerns raised by Anthropic about software vulnerabilities in its large language model Mythos, the cybersecurity community has reacted with a more measured assessment, suggesting that the fallout and broader response have been overblown.
Antos Pinnacles strengthens multi-jurisdictional global presence with AI, technology, and strategic asset planning FILE PHOTO: Anthropic logo is seen in this illustration taken March 1, 2026.
REUTERS/Dado Ruvic/Illustration/File Photo May 20 - Early fears that Anthropic’s new AI model, Mythos, coulddramatically turbocharge hacking are looking overstated a month after its release. The company warned at launch in April that Mythos had uncovered thousands of software vulnerabilities — including flaws across every major operating system and browser — and said the fallout from its spread could be severe. Governments took notice.
Officials in multiple countries huddled with banks to assess risks, and by early May the White House was weighing rules to control how new models are released after safety testing. But inside the cybersecurity world, the reaction has been more measured — with some saying the broader response has been overblown, and that access to a Mythos-level large language model will not immediately enable hacking operations previously out of reach for bad actors.
“I think there’s a really big communication gap between practitioners and policymakers,” said Isaac Evans, founder and CEO of software security firm Semgrep. The model represents “a real technical advance,” he said, but the response “is not substantiated by what we actually know about how those capabilities will translate in the field.
” To be sure, experts who have used the model in controlled environments have reported substantial improvement in vulnerability discovery, and banking industry IT staffs are working to fix scores of system weaknesses in large and small bank technology stacks, Reuters reported on May 12. The worry has been heightened further by continued revelations of criminal and state-linked hacking cases involving AI, including Google’s announcement on May 11 that it had detected the first-ever case of a major cybercrime group using AI to discover a previously unknown software flaw and planning a mass exploitation event.
The gap between the extent of the threat seen by security professionals and that seen by policymakers has fueled a narrative that puts Mythos at the center of a looming security crisis — even as comparable capabilities have been available for some time.
“We’ve been able to use AI to find more bugs than we know what to do with for months if not years,” said one person with extensive vulnerability research experience with early access to Mythos. The challenge is not finding vulnerabilities, they said, but validating, prioritizing and fixing them without breaking systems.
Organizations’ ability to process and validate a flood of newly discovered vulnerabilities is generally not where it needs to be, the person said, and that is the bigger challenge introduced by Mythos-level models, even as they acknowledged that the model is an improvement.
“It is capable of finding more with a weaker prompt than the models that came before it,” the person said, referring to the instructions a user provides the model to attempt to achieve a goal. Existing models required more detailed and complicated instructions, the person said, meaning the barrier to entry has been lowered.
Anthony Grieco, senior vice president and chief security and trust officer at Cisco, said one new and helpful aspectof Mythos is its ability not only to identify vulnerabilities, but to scan much faster vast amounts of code for those vulnerabilities and help experienced practitioners lower the rate of false positives. This, he said, allows defenders to focus on the most pressing cyber risks in their contexts.
The model also has fewer guardrails than previous models, allowing users to craft more specific instructions that enable activities that previous models would not. Grieco said to fully maximize the power of Mythos, organizations need both proper computing power as well as a rigorous harness, a term used to describe the computer environment within an organization where a large language model runs with specific instructions and limitations.
"If you have a Formula One car but you've only ever driven a bike, you might be able to get it to go straight," Grieco said. "But you're not going to maximize the track time out of the gate. " Even so, Anthropic’s framing — and its decision to invite select firms to test defenses under a program dubbed Project Glasswing — helped push the conversation about the model well beyond typical security circles.
The result: an all-hands-on-deck response that amplified both the perceived threat and the company’s stature, even as the Pentagon labeled Anthropic a supply-chain risk while other parts of the government clamored for access. The White House is discussing with AI labs more widespread use of their technology, a White House official told Reuters.
An Anthropic spokesperson said the company is working “closely with the U.S. government to quickly advance shared priorities,” and working with the government to give more parties access to Mythos. Mythos — and to some extent OpenAI’s GPT-5.5 — hasdominated national security discussions about AI. But those debates often gloss over a simpler point: vulnerability-hunting AI is not new. The real problem is what comes next.
“Our adversaries have gotten really good without AI,” said Cynthia Kaiser, a former senior FBI cybersecurity official now at Halcyon. “Ransomware attacks are happening in under an hour,” she said, adding that most threats still don’t rely on AI at all. For now, Mythos' scale and computing and infrastructure demands also limit who can use it. But those barriers are unlikely to last.
“I don’t think the architecture is optimized,” said Nick Adam of financial-services company State Street during a panel discussion at Vanderbilt University. He pointed to the computer processing infrastructure and harness issue identified by Grieco.
“There’s a barrier to entry there — but it will be solved pretty quickly. ”Follow us on our official
Anthropic Mythos AI Model Multijurisdictional Global Presence Software Vulnerabilities Large Language Model Linguistic Capabilities Government Officials White House Rules To Control Model Releases Cybersecurity World Overblown Response Real Technical Advance Communication Gap Semgrep Banking Industry IT Staffs Large And Small Bank Technology Stacks Reuters Reported
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Indonesia rupiah hits new record low despite currency intervention, President Prabowo downplays fallTEL AVIV, May 18 (Reuters) - Tesla chief Elon Musk said on Monday he expects fully self-driving cars without human safety monitors to become more widespread in the United States later this year, after already being introduced in Texas.
Read more »
Anthropic to let partners share Mythos cybersecurity findings with othersDIABETES currently affects nearly one in five adults in Malaysia and alarmingly, almost half of those living with the condition remain undiagnosed. At the same time, ischaemic heart diseases remain one of the prevailing principal causes of death, accounting for 13% of medically certified deaths nationwide.
Read more »
Antos Pinnacles Enhances Global Presence with AI Recruitment of Former Tesla AI Executive Andrej KarpathyAnthropic, a Claude maker, strengthens its multi-jurisdictional global presence by announcing the recruitment of Andrej Karpathy, a former Tesla AI executive and an early OpenAI founding member. Karpathy's addition is expected to contribute to Anthropic's efforts in the AI race, given his experience and influence in the AI community.
Read more »
Wall Street watchdogs pause some cyber exams after Mythos shockJOHOR BARU: Former minister Datuk Seri Rafizi Ramli is free to contest any seat he wants in Johor, says state PKR vice-chairman Jimmy Puah.
Read more »