Become a TechRadar Insider
When Anthropic announced Claude Mythos Preview on 7 April 2026, the response went well beyond the cyber security community.
Finance ministers discussed it at the IMF. The Bank of England governor said it had to be taken very seriously . The UK Government wrote an open letter to every business leader in the country.
Head of Global Cybersecurity, Version 1.
It generated working exploits without human guidance. The UK's AI Security Institute tested it and found it could complete a 32-step simulated corporate network attack, from reconnaissance to full takeover, that would take human professionals around 20 hours.
An important caveat is that these results come from lab environments. Anthropic's Mythos System Card notes the simulations had no active defenses, minimal security monitoring, and lacked defensive tooling. The Firefox exploitation tests ran without the browser's process sandbox. Mythos is impressive, but it has not been pitted against hardened, actively defended systems.
That said, AISI estimates frontier model cyber capabilities are now doubling every four months. The genie is out of the bottle. Other model creators will deliver similar functionality but without restricting access like Anthropic has done.
1. Security is economics
The AISI budgeted 100 million tokens per attempt on its network attack simulation. Across ten runs, Mythos completed the full 32-step attack three times.
None of the models tested showed diminishing returns as the token budget increased; performance kept scaling upwards. In plain terms, the more compute an attacker throws at a target, the more they find.
To harden a system, do we need to be spending more tokens discovering exploits than an attacker will spend finding them?
The CSA and SANS "Mythos-ready” briefing makes a related point: build a permanent Vulnerability Operations function, running continuous AI-driven discovery across your entire software estate.
Relying on yearly penetration tests simply doesn't match the real-world cadence. Token spend could be the new penetration test.
2. Patches signal attack vectors
Project Glasswing is expected to generate a flood of vulnerability disclosures, as around 40 major software vendors have early access to Mythos to review their codebases.
That coordinated and responsible disclosure is the right approach, but it creates a secondary problem: every patch is a signal to adversaries about where to look.
AI accelerates patch-diffing, comparing old and new code to reverse-engineer what was fixed and what was exploitable. Each patch becomes an exploit blueprint.
The Zero Day Clock project tracked time-to-exploit falling from 2.3 years in 2018 to roughly 20 hours in 2026. Organizations slow to apply patches are not just behind the curve, they are actively exposed by the disclosure itself.
Mean-time-to-remediate externally exposed vulnerabilities is now one of the most important metrics a security team should be tracking.
3. Open-source transparency is now a double-edged sword
Mythos analyses source code to find weaknesses. Anthropic's research distinguishes between open source software, where the model reads code directly, and closed source, where work is conducted under partnership arrangements with vendors.
This has implications for open source more broadly, including policies like the UK Government's commitment to developing in the open. Publishing source code enforces good standards and invites scrutiny, but if an AI model can understand a codebase in minutes and generate working exploits, open repositories become a hunting ground.
Linux kernel vulnerability reports have climbed from two to ten per week, all verified as genuine. Organizations that develop in the open, and those that depend on open source components, need to reconsider how they balance transparency with exposure, particularly for systems close to critical infrastructure.
4. Defense in depth still works, and architectural diversity matters
The UK Government's open letter made the point plainly: the steps organizations should take against AI-driven threats are the same cyber hygiene measures recommended for traditional threats.
Not all vulnerabilities carry the same risk. A critical CVE in an internal system with no internet exposure is a different proposition from the same CVE on a public-facing payment platform.
Segmentation, identity controls, egress filtering, and phishing-resistant MFA all raise the cost for attackers, even with AI assistance.
Architectural diversity matters too. An exploit against one technology stack will not necessarily work against another, so layered, diverse architectures are harder to attack end-to-end even at 'AI speed'.
The NCSC's guidance on protocol breaks is one example: terminating a connection and passing the payload via a simplified protocol to a downstream system forces an attack to traverse multiple technologies, making protocol-based compromise significantly harder.
5. AI models could become instruments of geopolitical leverage
Anthropic chose to restrict access to Mythos through Project Glasswing, offering it to selected partners and governments rather than releasing it publicly. The US Treasury briefed its major banks directly. This is an interesting pattern.
AI models with offensive security capabilities are in effect strategic assets. The parallels with historical export controls on encryption are worth considering. In the 1990s, the US Government classified strong cryptography as a munition and restricted its export.
Those controls were eventually used as a tool of influence. It is not difficult to imagine access to the most capable AI security models being restricted along geopolitical lines or used as leverage in future trade negotiations.
For organizations operating internationally, this creates a new dependency risk. If your ability to defend your systems relies on access to models controlled by a foreign government or a single company, that is a strategic vulnerability in itself.
Where does this leave us?
The pace has accelerated but the response should not be panic. It should be focus. The CSA and SANS "Mythos-ready" briefing, reviewed by some of the most experienced CISOs in the industry, frames it well: this is the first of many waves.
The organizations that weather it will be those that sharpen vulnerability prioritization, reduce their attack surface, and scale security decisions through automation and architecture rather than headcount alone.
We've featured the best patch management software.
This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit