Claude Mythos – ‘AI super hacker’ makes Anthropic dare not commercialize

One late February evening in Bali (Indonesia), AI researcher Nicholas Carlini left a wedding, returned home, opened his laptop and started exploring. Anthropic’s PBC Anthropic Lab just sent him an internal demo of a new AI model called Claude Mythos.

Anthropic pays people like Carlini to test the security of Mythos, to see if hackers can exploit them for espionage, theft or sabotage. And in just a few hours, he went from one surprise to another. The veteran researcher discovered that Mythos has the ability to automatically create powerful hacking tools, including Linux – the open source foundation of most modern computer systems. Mythos even staged a digital bank robbery: bypassing security protocols and hacking into the network, breaking in and accessing online vaults.

“AI used to successfully crack systems, but now it can also carry out a robbery,” Carlini told Bloomberg. Every day, he and his colleagues continue to receive feedback from Mythos about serious and dangerous errors, including the type of errors usually discovered only by the world’s best hackers.

In parallel with Carlini’s tests, the “Frontier Red Team” (Frontier Red Team – specializing in evaluating Anthropic models, ensuring they do not harm humanity) also tested the simulation after receiving Mythos from the laboratory.

“After just a few hours, we knew it was different,” said Logan Graham, who runs Anthropic’s Frontier Red Team. “It can find and exploit vulnerabilities on its own.”

Graham immediately warned the Anthropic leadership team that new AI could pose a national security risk. He also emphasized that the product is too dangerous to bring to market.

In early March, Jared Kaplan, co-founder and Chief Scientific Officer of Anthropic, along with another co-founder, Sam McCandlish, presented Mythos to the board of directors. Both said the AI ​​is too risky to release widely, but could allow other companies, even competitors, to try it.

On April 7, after much consideration, Anthropic announced a new AI called “Mythos Preview”. Instead of commercializing, the company only granted access to 12 technology companies through Project Glasswing – an initiative described as “an effort to protect the world’s most important software”. Partner group includes Amazon Web Services, Apple, Microsoft, Google, Nvidia, Broadcom, CrowdStrike, Mozilla.

The 12 companies are part of a group of more than 40 organizations responsible for critical software, with the rest remaining anonymous. In a video released at the launch of Project Glasswing, Anthropic CEO Dario Amodei said the company had offered to cooperate with US government officials to “help defend against risks from these models”. Still following Axiosthe US National Security Agency (NSA) and some departments of the US government also started using Mythos Preview.

At the launch event, Anthropic said that in tests, Mythos has very high skills in cybersecurity and hacking tasks, even surpassing humans. In the CyberGym measurement – a test of an AI agent’s ability to find security vulnerabilities in real open source software projects, Mythos scored a record high of 83.1%. For comparison, Zhipu AI’s GLM 5.1 tool scored 68.7%, while Moonshot AI scored 41.3%.

“Mythos Preview has discovered thousands of critical vulnerabilities, including in major operating systems and web browsers,” Amodei stated. “At the rate AI is advancing, it won’t take long before such capabilities spread, possibly beyond the control of those committed to using them safely.”

Also according to this CEO, Mythos discovered serious vulnerabilities in the old system, including one that existed for 27 years, and proposed ways to exploit them. The company therefore chose a limited release, because if widely deployed, this AI “could change the balance of power between parties in cyberspace”. Meaning, defensive organizations will face faster, more accurate and less predictable attacks.

Mythos’s capabilities have also been proven in practice. This week, Mozilla, the developer behind Firefox, said the Firefox 150 browser release patched 271 vulnerabilities, all identified using early access to Anthropic’s Mythos Preview.

This possibility worries the cybersecurity world. “I’ve talked to technical leaders at some very large companies, they said they will have to mobilize thousands of engineers from every department to prevent AI from exploiting vulnerabilities in the next 6 months,” Bobby Holley, Firefox’s CTO, told Wired after announcing a vulnerability patch for Firefox on April 20. “So this will be a big challenge for the industry, especially small and open source projects.”

Ciaran Martin, former head of the UK National Cyber ​​Security Center, assessed the fact that Mythos can detect serious vulnerabilities much faster than other AI models as “really shocking”.

“Even things we know exist or don’t exist yet, Mythos still discovers them. It’s simply a super hacker,” Martin told BBC.

Meanwhile, according to New York Times, Government officials also expressed concern after Mythos appeared. The Governor of the Bank of England has publicly warned that Anthropic may have found a way to “disrupt the entire world of cyber risk”. The European Central Bank began quietly questioning banks about their defenses. Canadian Finance Minister François-Philippe Champagne even compared this threat to the closure of the Strait of Hormuz.

The UK is the only country other than the US that has a representative approaching Mythos. Claudia Plattner, President of Germany’s cybersecurity agency, said she met with Anthropic employees in San Francisco to get “insight” into how this AI works. She assessed that the new tool “shows a groundbreaking change in the nature of cyber threats”.

However, some experts say Mythos may be overblown. “We cannot yet be sure whether Mythos Preview can attack well-protected systems,” a researcher told BBC. “Therefore, in places with good cybersecurity, this model could theoretically be prevented.”

Nvidia CEO Jensen Huang didn’t mention Mythos directly, but at an event last week, he suggested that “overemphasizing the risks of AI may be a way for some companies to position themselves as uniquely capable of safely developing artificial intelligence.”

Some other experts assess that current AI models, including Mythos, are not yet conscious systems or capable of acting on their own like a real hacker. In other words, they are just data processing tools, supporting error detection, and cannot cause complex attacks in real environments.

According to Mr. Martin, it is important that organizations focus on ensuring basic cybersecurity foundations to avoid AI attacks. “For some, this is an apocalyptic event. But for others, it is just hype,” he added. “In the medium term, these tools can also be used to fix many of the Internet’s foundational vulnerabilities.”