Anthropic plans to make its Claude Mythos model available to all customers in the coming weeks, according to Reuters. The model has generated intense interest because it can identify software weaknesses, assess exploitation methods and work through attack paths that previously required highly specialised cybersecurity researchers.
Mythos was kept within Project Glasswing, a restricted defensive programme. Access was granted to a limited group of organisations including Amazon, Microsoft and Apple for cybersecurity work.
Anthropic believed defenders should receive advanced capabilities before attackers gained access to similar systems at scale. That policy made Mythos one of the most talked about AI systems in cybersecurity circles.
The upcoming release changes access from a select group of organisations to the company鈥檚 entire customer base. Cybersecurity professionals and AI companies are considering what this could mean once availability expands.
Reuters reported that Mythos can identify software weaknesses, evaluate exploitation possibilities and reason through attack paths that once required elite cybersecurity expertise. Those capabilities explain why the model has generated so much interest.
听
Why Has The Release Generated Conversation Among Experts?
听
Security specialists have spent months discussing the consequences of making advanced vulnerability research capabilities available to a much bigger group of users.
According to Reuters, Anthropic previously restricted access because it believed defenders could repair dangerous vulnerabilities before attackers obtained comparable technology. That philosophy guided the company鈥檚 handling of Mythos through Project Glasswing.
The upcoming release changes that arrangement. Many conversations now examine what happens when advanced cybersecurity capabilities become available to a much larger population.
Gil Geron, CEO of Orca Security, said the issue extends far beyond one product release.
鈥淭he security concerns surrounding Anthropic鈥檚 plans to publicly release Mythos aren鈥檛 really about this one release. They reflect a bigger shift. AI is no longer confined to models sitting in isolation. It is embedded directly into business operations, decision-making, and automation. That is where the real risk begins to scale.鈥
His comments place emphasis on how advanced AI systems interact with business environments, company data and automated workflows.
听
How Are Security Companies Reacting?
听
Many cybersecurity companies are talking about operational exposure and system access more than the model itself.
Geron said the biggest issues arise when AI systems gain access to infrastructure, company data and automated processes. He said, 鈥淎s AI capabilities advance, the advantage does not stay evenly distributed. Attackers are quicker to operationalise these tools and are not slowed down by governance, internal controls, or risk tolerance. That creates asymmetry where innovation moves fast, but defence lags behind. The gap is not only growing, it鈥檚 accelerating.
鈥淲hat organisations often miss is that model safety is only one layer of the problem. Risk is introduced through access, integration, and execution. Which systems the AI can touch, what data it can pull in, and how confidently its outputs are acted on. These are the real exposure points.鈥
That reaction puts emphasis on access permissions, connected systems and automated actions. Many cybersecurity teams view those areas as important sources of exposure.
Geron also said organisations need much deeper visibility into how AI systems operate across their environments.
鈥淲ithout continuous visibility into how AI is actually being used across the environment, that is a risk multiplier, not a safeguard.鈥
Those comments explain why a lot of the reaction extends past just software vulnerability research.
听
Has Anthropic Changed The Model Before Release?
听
Not everyone expects the version released to customers to match the version used within the restricted programme.
Mohammad Moahid, Co-Founder and Managing Partner of Zero To Agent, believes the public version may contain limitations added before release.
鈥淓ven though Mythos is widely reported to have been an internal name for the Opus 4.8 model. This has been fine-tuned and is no longer finding zero-day exploits amongst every single legacy architecture. On top of that Anthropic has gifted its selected organizations with the head start to patch any outstanding vulnerabilities. We believe that the released mythos model has been nerfed in its obedience to certain tasks that may be flagged as dangerous.鈥
His assessment is based on the possibility that Anthropic adjusted the model鈥檚 behaviour before making it available to all customers.
Selected organisations received time to patch vulnerabilities before broader access became available. That sequence formed an important element of Anthropic鈥檚 handling of Mythos.
The release will provide the first opportunity to see how those restrictions perform when Mythos reaches a much bigger audience. Anthropic鈥檚 experiment with controlled access is entering a very different chapter.
听
More Experts React To Anthropic鈥檚 Plans
听
AI experts have also reacted to the news鈥
听
Our Experts:
听
- Olli Krebs, SVP EMEA, Incode
- Dr. Dominik H枚rndlein, AI Strategy and Implementation Consultant, Hoerndlein Consulting
- Stephanie Herder, Executive Business Growth and Senior Lead Project & Process Management, Specific Group
- Promise Akwaowo, Process Automation Analyst, Royal Mail Group
- Andrellos Mitchell, BSW, MA, JD,Attorney, Legal And Policy Analyst, Publisher, The Mitchell Report
- Jonathan Beresford, Founder, MathsTutor
- Ben Rometsch, Co-Founder and Chief Technology Officer, Hoxton Mix
- Sheraz Ali, Founder, HARO Links Builder
- David Moosmann, Founder, LearnClash
听
Olli Krebs, SVP EMEA, Incode
听
听
鈥淎nthropic publicly releasing Mythos is significant because it shows that frontier AI cybersecurity is moving from being available to a small number of select companies to a capability that could reshape how the entire industry approaches cybersecurity.
鈥淭he positive story is that AI is becoming exceptionally good at understanding code, identifying patterns, and finding vulnerabilities at a scale humans simply cannot match. That gives defenders the potential to find and fix security issues much faster than before.
鈥淏ut the bigger story is that these capabilities work both ways. The same technology that helps security teams discover weaknesses can also help attackers accelerate reconnaissance, vulnerability discovery, and the adaptation of new attack methods. As these tools become more widely available, the speed of both attack and defence is likely to increase.
鈥淭his is an important moment because it highlights that cybersecurity can no longer be treated as a static problem. Organisations will need security systems that continuously evolve alongside AI-driven threats. It also reinforces why identity and trust are becoming increasingly important. As AI becomes more capable of acting on behalf of people, the industry will need stronger ways to verify who is real, who is authorised, and when a machine is operating without a human behind it.
鈥淢ythos is not just another AI release. It is a signal of where cybersecurity is heading next.鈥
听
Dr. Dominik H枚rndlein, AI Strategy and Implementation Consultant, Hoerndlein Consulting
听
听
鈥淭he wider release of Mythos will accelerate the patching of long-neglected vulnerabilities. But a powerful model alone won鈥檛 reshape the security landscape.
Mythos and the competitive landscape
Anthropic鈥檚 decision to move Mythos beyond Project Glasswing and into wider availability is a significant step 鈥 but it is worth tempering expectations. Anthropic is good in building anticipation, and Mythos is a perfect example where we see this ability play out. As an example, the company maximises press coverage through restricted access to create a fear-of-missing-out, followed by a timed public release to profit from the anticipation they have built up.
The model seems to be genuinely capable, but the idea that it represents a qualitative leap far beyond what competitors offer is almost certainly overstated. What Anthropic has is a brand narrative, not an unassailable technical moat.
What the release will actually change
鈥淲here Mythos will make a real difference is in the short-to-medium term clean-up of historic technical debt. Large parts of the internet run on open-source software maintained by one or two developers in their spare time. This is the reason why we face plenty of code with vulnerabilities 鈥 unpatched for years, sometimes decades.
鈥淎 model capable of autonomously scanning, hypothesising, and testing attack paths at machine speed will surface many of these bugs quickly. That is a valuable contribution, and the security community should welcome it.
鈥淚n the longer term, the speed of this iteration will force the industry to build patching and update pipelines that are themselves increasingly automated 鈥 the bottleneck will shift from finding vulnerabilities to closing them fast enough.鈥
The part the headlines always miss
鈥淏ut a powerful model is only one component of an effective security solution. The practical gain comes overwhelmingly from how that model is integrated into a broader ecosystem of tools: automated patching pipelines, zero-trust network architectures, dependency scanners, and rapid update cycles.
鈥淲ithout that surrounding infrastructure, even the best model produces findings that sit in a backlog. The true game-changer is not the model itself, but AI models like Mythos embedded in that broader ecosystem 鈥 because computers are simply much faster than any human IT security expert.鈥
听
More from Artificial Intelligence
- AI Is Now Better At Catching Fraudsters Than Human Analysts: Here鈥檚 Why That Matters
- World Environment Day 2026: How Tech Is Impacting Europe鈥檚 Climate Footprint
- Claude Is Surging Across Enterprise 鈥 Portal26 Just Made Governance Free
- How AI-First Agencies Are Reshaping UK Marketing In 2026
- Anthropic鈥檚 Claude Outage: Are Businesses Built Around AI Prepared For Failures?
- The Women Behind MENA鈥檚 Most Exciting AI Startups
- Why The Gulf Could Become The World鈥檚 Most Exciting Deployment Zone For Physical AI
- Is Quantum Computing The Next Wave After AI? Experts Share Their Insights
Stephanie Herder, Executive Business Growth and Senior Lead Project & Process Management, Specific Group
听
听
鈥淢ythos should not be made widely available simply because it may help defenders. A system that can find digital 鈥榰nlocked doors鈥 in minutes could expose hospitals and public services before fixes are ready. Attacks move at machine speed; repairs still take people, time and money.
鈥淯sed defensively under strict supervision, Mythos may help close dangerous gaps. What makes this harder to accept is that the public is being asked to trust controls it cannot yet properly assess. Anthropic has described supervised access, but too little is publicly known about how that supervision is enforced in practice. Reports of unauthorised access through a third-party environment only deepen the concern that AI capability is advancing faster than public accountability.鈥
听
Promise Akwaowo, Process Automation Analyst, Royal Mail Group
听
听
鈥淎nthropic鈥檚 planned public release of Mythos is significant because it moves AI capability from general productivity into a much more sensitive area: autonomous or semi-autonomous cybersecurity work.
鈥淔rom my perspective working across enterprise automation, AI-enabled delivery and governance-led digital transformation, the biggest issue is not simply whether Mythos can find vulnerabilities. The real question is whether organisations are ready to govern a tool that can accelerate both defensive and potentially harmful cyber activity.
鈥淔or the industry, Mythos could be extremely valuable if used responsibly. It could help security teams identify weaknesses faster, support overstretched engineering teams, and improve resilience across critical systems. However, a wider release also increases the risk that powerful technical capability becomes accessible to people or organisations without the right controls, maturity or accountability.
鈥淭his is where responsible AI governance becomes essential. Access to tools like Mythos should not be treated like access to a normal chatbot. Organisations will need clear usage policies, role-based access, audit trails, human approval points, monitoring, and escalation routes when the model identifies high-risk vulnerabilities. The human-in-the-loop should not be symbolic; it must be part of the operating model.
鈥淚n general, this release shows that AI governance can no longer sit only with data science or legal teams. Business analysts, product leaders, security teams and executives will need to work together to define where automation adds value, where it creates risk, and who remains accountable when AI systems act at speed.
鈥淢y view is that Mythos represents a turning point: the industry must move from asking 鈥渨hat can AI do?鈥 to 鈥渨hat should AI be allowed to do, under whose supervision, and with what evidence of control?鈥濃
听
Andrellos Mitchell, BSW, MA, JD,Attorney, Legal And Policy Analyst, Publisher, The Mitchell Report
听
听
鈥淎nthropic鈥檚 plans to publicly release Mythos are significant not because of the technology itself, but because of what it says about the future relationship between artificial intelligence and society.
鈥淭he AI industry has spent years promising that more powerful models will improve productivity, creativity, and innovation. Those benefits may well occur. However, every new generation of AI also raises new questions about trust, accountability, employment, education, misinformation, and public understanding.
鈥淔or the average person, the release of Mythos likely will not be remembered because of its technical specifications. It will be remembered as another step toward a world where AI becomes more deeply integrated into daily life, business, government, and decision-making.
鈥淭he larger issue is that technological development continues to move faster than public discussion about its consequences. As companies race to release increasingly advanced systems, policymakers, educators, employers, and ordinary citizens are struggling to keep pace.鈥
听
Jonathan Beresford, Founder, MathsTutor
听
听
鈥淢y view is that publicly releasing a system like Mythos would be a shift from frontier models as private lab capability to frontier models as ecosystem infrastructure. The upside is faster independent testing, more external research, and more practical innovation from teams who cannot train models at that scale themselves. The risk is that release changes the threat model: once a powerful model is broadly accessible, misuse is no longer theoretical and safety work has to move from controlled evaluation into monitoring, access design, rate limits, auditability, and clear downstream accountability.
鈥淔or the industry, the important question is not simply whether Mythos is powerful. It is whether Anthropic can make the release boring in the operational sense: documented limits, clear safety boundaries, strong abuse detection, and enough transparency for serious users to understand where the model should not be trusted.
鈥淚n education and edtech, this matters because powerful AI systems are tempting to treat as universal tutors. They are not. A good learning product still needs curriculum constraints, age-appropriate scaffolding, worked reasoning, and checks against confident wrong answers. Publicly available frontier models can accelerate useful tools, but only if builders wrap them in narrow, testable product design rather than letting the model become the product.鈥
听
Ben Rometsch, Co-Founder and Chief Technology Officer, Hoxton Mix
听
听
鈥淎s a CTO and software engineer, it鈥檚 almost impossible to overstate how much professional life changed towards the end of 2025.鈥
鈥淯p until 2026 we鈥檇 been writing code, line-by-line (by hand!) for over twenty-five years. In the last six months, I haven鈥檛 written one line. What happened? Anthropic, the makers of Claude, have a tool called 鈥淐laude Code鈥 that helps write code for you with the aid of their LLM models. On November 24th, Anthropic release the Opus 4.5 model. Prior to Opus 4.5, the backing models were weak, struggling to understand larger projects and more complex logic. Opus 4.5 changed everything; overnight, you could ask Claude Code to plan and execute large features, and the code it generated was *really* good.鈥
鈥淪ince then they have released Opus 4.6, 4.7 and just a few days ago 4.8. Each of these versions of Opus have gotten incrementally better. They are now so good we are running out of engineering work and asking our product team for more features. This never happened!鈥
鈥淭hen Anthropic announced Mythos.鈥
鈥淢ythos looks to be an even bigger leap than Opus 4.5 was. Given the revolution that we engineers experienced with the introduction of Opus, this announcement was absolutely huge. But there was a problem; a big problem.鈥
鈥淢ythos was so good at understanding code and the underlying systems that they run on, that Anthropic found hundreds of security vulnerabilities in large pieces of software infrastructure. If they had released Mythos to the general public at the time, it would have most likely taken down the entire internet. That鈥檚 not hyperbole. Core engineers of the Linux operations system (which powers most of the Internet) found dozens of security issues using Mythos, putting businesses at risk after being given private access to the tool.鈥
鈥淭he mind-bending thing for engineers is that Opus has already changed our world. I will most likely never write more than a few hundred lines of code by hand for the rest of my life. So to hear that, within six months, they are announcing something that is another step change, is beyond belief.鈥
听
Sheraz Ali, Founder, HARO Links Builder
听
听
鈥淲hile the world rejoices at Anthropic releasing their AI to detect software vulnerabilities in over 23,000 different applications, as a digital agency CEO, I see it through a more skeptical lens. This type of vulnerability scanner doesn鈥檛 benefit the good guys alone 鈥 it grants the attackers the same initial advantage. With the half of the internet consisting of open-source software and running on WordPress, security was never great, and both parties have access to the same technology while one is generally quicker than another.
鈥淜eeping their AI, named Mythos, under lock and key until now wasn鈥檛 an accidental choice made by Anthropic in their project called Glasswing. As reported, this machine is capable of writing cyber attacks in addition to finding vulnerabilities within software. The moment when this happens, the clock starts ticking, and small businesses that lack their own cybersecurity teams won鈥檛 be able to compete in that race. Already, Mozilla released an update of Firefox containing patches for 271 vulnerabilities detected by Mythos.
鈥淏ottom line: security is shifting from an IT concern to a matter of survival. Companies which respond to the public release of Mythos and promptly perform a vulnerability scan will seem savvy after six months. On the other hand, companies that ignore this information and get hacked in the meantime will probably be busy writing apology letters.鈥
听
David Moosmann, Founder, LearnClash
听
听
鈥淭he honest reaction from my desk: each Anthropic jump compresses my dev cycle in a way that鈥檚 hard to describe unless you ship every day. Opus 4 last year, about 5 retries per feature, and the code still limped after. Opus 4.7, mostly one-shots, maybe a cleanup pass. So if Mythos really sits another tier above 4.7 the way Anthropic is saying, the slow part of my day stops being 鈥渨ait for the model to get it right鈥 and starts being 鈥渄id I make the right architecture call?鈥. That鈥檚 a different bottleneck. A more interesting one, honestly.
鈥淭he security headline (Linux-kernel exploit chaining, 73% on expert tasks) is properly scary and will obviously run with most of the coverage. What I think matters more for the industry, though, is what wide Mythos access does to solo shipping. For texture on what solo shipping at this level looks like: LearnClash is 442 Dart files plus 168 TypeScript Cloud Functions, four languages, 17 feature modules. The pre-AI version of me would鈥檝e needed a five-person team for 12-18 months.鈥
