Is Claude’s New Mythos LLM Really Too Dangerous to Launch?


Claude Mythos Preview, which is Anthropic’s “most capable” model yet for coding and agentic tasks, was announced on April 7, making headlines for its potentially unprecedented ability to point out cybersecurity vulnerabilities – and also exploit them. 

But government officials in the United States, Canada, and the United Kingdom have recently met with banking officials to discuss what threats Claude Mythos Preview poses to the industry. Cybersecurity experts warn that the new AI model could empower malicious actors to pose severe challenges to banks and other financial institutions, which integrate state-of-the-art tools with decades-old legacy software. 

‘Undiscovered Vulnerabilities and Complexities’

Chief executive of enterprise AI security firm Guardrail Technologies, TJ Marlin, told Reuters that Mythos Preview can “look across a very complex architecture, including this legacy infrastructure where, frankly, these undiscovered vulnerabilities and complexities are now accessible and threat factors”.

The banking world is also tightly connected, with several companies using the same software to perform tasks such as onboarding customers, running customer checks, and processing transactions.

San Francisco-based consultant who previously worked at the Office of the Comptroller of the Currency, Naresh Raheja said: “Because it’s a very specialized industry and heavily regulated, there’s a lot of IT interconnections. Many banks use the same vendors and the same solutions.”

READ MORE: 10 Lessons for Admins Using Claude Code to Build Salesforce Flows

The US Treasury has said that Donald Trump’s administration was pushing financial institutions “to understand and anticipate a wide range of market developments”. Further meetings around the issue have been planned, the institution said. 

Anthropic has said Claude Mythos Preview will not be made generally available, instead announcing Project Glasswing – inviting major tech companies, cybersecurity vendors, and JPMorgan Chase, among others, to privately evaluate the model and prepare accordingly.

When announcing Project Glasswing, Anthropic said that Claude Mythos Preview has the ability to identify and exploit previously unknown vulnerabilities in every major computer operating system and every major web browser. 

“We formed Project Glasswing because of capabilities we’ve observed in a new frontier model trained by Anthropic that we believe could reshape cybersecurity,” Anthropic said in the Project Glasswing announcement. 

“Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser. Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely. 

“The fallout – for economies, public safety, and national security – could be severe. Project Glasswing is an urgent attempt to put these capabilities to work for defensive purposes.”

The company adds that, as part of Project Glasswing, partners will use Mythos Preview as part of their defensive security work, and Anthropic will share what they learn so “the whole industry can benefit”. 

READ MORE: Salesforce Stock Drops 8% as Claude Makes Investors Scared of AI Security Threats

Anthropic has also extended access to a group of more than 40 additional organizations that build or maintain software infrastructure so they can use the model to scan and secure both first-party and open-source systems. 

The AI creator is committing up to $100M in usage credits for Mythos Preview across these efforts, as well as $4M in direct donations to open-source security organizations.

In an April 12 strategy briefing, a Cloud Security Alliance coalition of cybersecurity executives and former government officials warned that Mythos represents “a step change” in the trajectory of capable AI models, which “lowers the cost and ⁠skill floor for discovering and exploiting vulnerabilities faster than organizations can patch them.”

Cofounder of cybersecurity firm TLPBLACK, Costin Raiu, said that the banking industry uses legacy technology systems initially released decades ago, which have been updated many times. Raiu said that a model like Mythos would “have a field day finding exploits” in certain systems.

READ MORE: Anthropic’s New Claude Cowork Partnerships Boost Salesforce Stock 4%

Final Thoughts

The field of cybersecurity appears to now be entering something of a golden age of AI – to perhaps put it quite insensitively. New technologies that can identify risks can be used by institutions to strengthen their defenses – but, by the same token, malicious actors can use them to exploit vulnerabilities. 

It is definitely worrisome that banking, tech, and government institutions appear to be taking this pause to really consider the implications of this new technology. Of course, we should always retain a touch of skepticism against big tech when they tell us, “Woah, our new tool is so powerful it’s going to change the world forever!”. 

We’ve heard that before. But people are taking note, and perhaps we can only hope that the dangers presented by this new technology are largely bluster. Or, perhaps, for meaningful measures to be taken to keep this tech from falling into the wrong hands.

Leave a Reply

Your email address will not be published. Required fields are marked *