Global banks, technology companies, and government agencies rushed last month to assess the risks linked to Mythos, Anthropic’s powerful AI model that reportedly uncovered thousands of hidden vulnerabilities across global software systems. However, cybersecurity researchers now argue that the alarming capabilities attributed to Mythos are not unique. According to industry experts, existing AI models from companies like Anthropic and OpenAI are already capable of discovering similar vulnerabilities through advanced orchestration techniques.
Ben Harris, CEO of cybersecurity firm watchTowr, explained that researchers across the industry have successfully replicated Mythos-like results using publicly available AI systems. By coordinating multiple models and workflows, security teams are achieving vulnerability detection results that closely mirror those linked to Mythos. This revelation has intensified concerns that AI-powered cyber threats may already be far more advanced than many organizations realize.
The release of Mythos sparked widespread anxiety among policymakers and corporate leaders because of its reported ability to automate vulnerability discovery at scale. Anthropic restricted access to the model, allowing only select U.S. organizations such as Apple, Amazon, JPMorgan Chase, and Palo Alto Networks to use it under a controlled initiative called Project Glasswing. The company said the limited rollout was intended to help critical institutions strengthen their defenses before the technology became more widely accessible.
The concerns have even prompted discussions within the Trump administration about introducing additional oversight for future advanced AI models. At the same time, competition between Anthropic and OpenAI has intensified as both firms race toward expected public offerings. Shortly after Mythos gained attention, OpenAI introduced GPT-5.5-Cyber, a specialized cybersecurity-focused AI model now available to vetted security teams.
Anthropic CEO Dario Amodei warned that AI-driven cyberattacks could dramatically increase the number of software vulnerabilities, data breaches, and ransomware incidents targeting schools, hospitals, and financial institutions. Yet many cybersecurity professionals argue that these threats have been building for months. Klaudia Kloc, CEO of cybersecurity company Vidoc, stated that current AI systems are already powerful enough to detect zero-day vulnerabilities at large scale, calling the situation “scary enough” even without Mythos.
Zero-day vulnerabilities refer to software flaws unknown to developers and security teams, giving attackers an opportunity to exploit them before fixes are available. Researchers at Vidoc tested older OpenAI and Anthropic models against the same code bases used in Mythos demonstrations and found that they could identify many of the same vulnerabilities. Their experiments relied on orchestration, a process where AI workflows divide code into smaller sections while multiple models analyze and verify results together.
Cybersecurity startup Aisle reached similar conclusions, suggesting that coordinated groups of smaller AI models can often outperform a single advanced system when searching for vulnerabilities. Founder Stanislav Fort compared the process to using “a thousand adequate detectives” instead of relying on one brilliant investigator. This indicates that the scale and coordination of AI systems may matter more than access to a single cutting-edge model.
Anthropic has acknowledged that earlier AI models were already capable of discovering significant vulnerabilities. The company previously revealed that Claude Opus 4.6 identified more than 500 high-severity vulnerabilities in open-source software. Amodei emphasized that Mythos mainly increased the scale and automation of vulnerability detection rather than introducing a completely new capability.
What makes Mythos particularly concerning is its reported ability to generate working exploits with minimal human assistance. According to Anthropic, the model can automate tasks that previously required highly skilled cybersecurity researchers. Still, experts argue that sophisticated hacking groups linked to countries such as North Korea, China, and Russia already possess these capabilities regardless of whether they have access to Mythos.
The growing fear surrounding AI-enabled hacking has caused what Harris described as “hysteria” among banks, insurers, regulators, and major corporations. Organizations are already struggling to patch vulnerabilities quickly enough to keep up with attackers. Even before advanced AI tools emerged, hackers could exploit newly discovered flaws within hours while companies often needed days or weeks to release fixes.
AI is now lowering the barrier to entry for cybercriminals. Previously, only a limited number of elite experts had the skills and time required to uncover obscure software weaknesses. Today, accessible AI systems allow a much wider group of attackers to identify and exploit vulnerabilities more efficiently. As a result, companies may face increased attack volumes, while systems that once attracted little attention from hackers could now become targets.
Cybersecurity experts also warn that offensive AI capabilities are advancing faster than defensive tools. JPMorgan CEO Jamie Dimon recently noted that although AI could eventually strengthen cyber defenses, it is currently making organizations more vulnerable. Justin Herring, former cybersecurity official for New York’s financial regulator, explained that businesses now face a growing number of vulnerabilities without having equally effective AI-powered solutions to repair them quickly.
Some experts also criticized Anthropic’s decision to restrict Mythos access to a small group of organizations. While the limited release gave select companies a valuable head start in patching vulnerabilities, many researchers believe broader collaboration could accelerate the development of defensive technologies. Pavel Gurvich, CEO of cybersecurity startup Tenzai, argued that limiting access risks creating divisions between organizations with advanced AI capabilities and those without them.
Meanwhile, cybersecurity startups worldwide are racing to build AI-powered defense systems capable of countering increasingly automated cyber threats. Ben Seri, co-founder of Zafran Security, described the current situation as a difficult balancing act where the industry is trying to solve emerging problems before the technology becomes universally available.
FAQS
What is Mythos?
Mythos is an advanced AI model developed by Anthropic that reportedly discovered thousands of previously unknown software vulnerabilities across global systems.
Why are cybersecurity experts concerned about Mythos?
Experts fear that AI models like Mythos could automate vulnerability discovery and exploit development, making cyberattacks faster, cheaper, and more widespread.
What are zero-day vulnerabilities?
Zero-day vulnerabilities are software flaws unknown to developers or security teams, leaving systems exposed until a security patch is released.
Can existing AI models already perform similar tasks?
Yes. Researchers say current models from Anthropic and OpenAI can already detect many of the same vulnerabilities using orchestration techniques.
What is orchestration in AI cybersecurity?
Orchestration involves coordinating multiple AI models and workflows to analyze software code, cross-check findings, and improve vulnerability detection.
Why did Anthropic limit access to Mythos?
Anthropic restricted access to reduce the risk of the technology being misused by cybercriminals or hostile governments.
How could AI impact future cyberattacks?
AI could significantly increase the speed and scale of attacks by helping hackers identify weaknesses and create exploits more efficiently.
Are companies prepared for AI-powered cyber threats?
Many organizations are still struggling to patch vulnerabilities quickly, and experts believe defensive capabilities are currently lagging behind offensive AI advancements.
Conclusion
The debate surrounding Mythos highlights a critical reality in modern cybersecurity: the dangerous capabilities many fear are no longer theoretical. Existing AI models already possess the power to uncover software vulnerabilities at large scale, and cybercriminals are likely exploring these tools aggressively. While advanced models like Mythos may accelerate automation and efficiency, the broader challenge lies in how quickly organizations can adapt their defenses.
Governments, banks, and technology companies now face mounting pressure to improve vulnerability management, strengthen cyber resilience, and develop AI-powered defense systems before attackers gain an overwhelming advantage. The future of cybersecurity will likely depend not only on controlling access to advanced AI models but also on ensuring that defensive innovation keeps pace with offensive capabilities.
