PYMNTS, CNBC, Anthropic, the Hill contributed to this report.
A new AI model is shaking up cybersecurity – and not in a quiet way.
Anthropic has rolled out a limited preview of its latest system, Claude Mythos, and the early results are catching people off guard. The model has already uncovered thousands of serious software vulnerabilities, some hiding in code for decades. That’s the impressive part. The unsettling part is how easily the same tech could be used to exploit those flaws.
Inside Washington, the reaction was swift. Officials scrambled to assess what this leap actually means. Meetings were pulled together across agencies. The sense, according to people familiar with the discussions, is that AI capability has jumped ahead faster than expected – and policymakers are now playing catch-up.
The model itself isn’t widely available. Anthropic is keeping it tightly controlled, sharing access with a select group of companies through a new initiative called Project Glasswing. Heavyweights like Google, Cisco and Palo Alto Networks are already testing it, using the system to scan for weaknesses in critical software.
And it’s fast. Really fast.
Mythos can sift through massive codebases, spot vulnerabilities, and even figure out how to exploit them – often without human input. In some cases, it has identified flaws that survived years of scrutiny and millions of automated tests. That kind of capability changes the equation. What used to take skilled experts weeks or months can now happen in minutes.
That’s where the concern kicks in.
“This time, the threat isn’t theoretical,” researchers behind the model warned.
Advanced AI tools are already operating at a level where they rival top human experts in finding security gaps. The barrier to entry is dropping, and with it, the effort needed to launch cyberattacks.
Banks are paying attention. JPMorgan Chase is among those testing the model. CEO Jamie Dimon didn’t sugarcoat it – AI is making cybersecurity harder right now, even if it might strengthen defenses later. The tools that help defenders are the same ones attackers can pick up.
“It shows a lot more vulnerabilities need to be fixed,” he said, pointing to the scale of the problem.
Government officials are treating it as a national security issue. Agencies like the Cybersecurity and Infrastructure Security Agency have been briefed, and new efforts are underway to map out risks to critical infrastructure. Treasury officials have even looped in Wall Street executives to talk through the fallout.
Still, not everyone is convinced the situation is as dramatic as it sounds. Some voices in the tech and policy world argue Anthropic has a habit of pairing product launches with worst-case warnings. They see a pattern – big claims, big headlines.
That skepticism hasn’t slowed the response.
Part of the tension comes from how quickly this space is moving. Just months ago, some policymakers believed AI development might be leveling off. That view is fading. The latest generation of models suggests the opposite: acceleration.
Project Glasswing is meant to get ahead of that curve. The idea is simple – put powerful tools in the hands of defenders first. Companies and developers use the model to find and fix vulnerabilities before attackers can exploit them. It’s a race, and nobody’s pretending it will be easy.
Because once tools like this spread more widely, control becomes harder.
Cybersecurity has always been a high-stakes game. What’s changing is the speed. The window between discovering a flaw and weaponizing it is shrinking fast. In some cases, it’s already down to hours.
For now, the technology is contained. Carefully managed. Shared with trusted partners.
The latest news in your social feeds
Subscribe to our social media platforms to stay tuned