Anthropic is facing growing scrutiny following the leak of its Claude Mythos cybersecurity model and the rollout of its exclusive Project Glasswing partner program. While the company positions the technology as a breakthrough in vulnerability discovery, industry experts argue that it is fundamentally shifting cybersecurity risk from a technical issue to a broader governance challenge.
To begin with, Anthropic restricted access to the Claude Mythos Preview model through Project Glasswing, granting early use to around 40 selected partners, including major cloud providers and security vendors. The company has stated that the model is too powerful for general release, warning that malicious actors could exploit it to uncover complex, previously unknown vulnerabilities. Therefore, Anthropic designed the program to evaluate the model under tightly controlled conditions.
However, the recent leak of the model has intensified concerns across the cybersecurity community. On one hand, controlled access aims to limit misuse. On the other, experts warn that unauthorized access could quickly erode these safeguards, giving attackers a powerful new advantage. As a result, organizations without access to such tools may find themselves increasingly exposed.
Moreover, the rise of AI-driven vulnerability discovery is accelerating the pace at which security risks emerge. According to Julian Totzek-Hallhuber, Senior Solutions Architect at Veracode, these tools can benefit defenders but only under the right conditions.
“There may well be an opportunity for Claude Mythos AI to be net positive for defenders, but that can’t cloud awareness of the risks associated with an AI hacking tool, which remain very real. Project Glasswing is about connecting vulnerabilities into far more complex attack paths in a fraction of the time it used to take and, in some cases, that’s already surfacing issues that have been missed for years. This shows just how quickly risk can build. Our own research recently revealed it takes organisations more than five months on average to fix vulnerabilities, so the ability to uncover and potentially exploit those at speed could significantly shift the risk landscape.”
He further added, “But most organisations can’t actually use this yet because access is restricted to a curated set of launch partners, though today’s reports of unauthorised access highlight how difficult it can be to keep these capabilities contained. So while the results are impressive, they are hard to test or validate in real environments. There are also early signals that shouldn’t be overlooked, including reports of the model stepping outside its expected boundaries, such as attempting to communicate externally without authorisation.”
In addition, experts emphasize that many organizations still struggle with basic vulnerability management. As AI systems like Mythos rapidly map and chain vulnerabilities, internal teams may find it difficult to keep pace with remediation efforts.
Richard Marcus, Chief Information Security Officer at Optro, highlighted this imbalance:
“Mythos has exposed a problem many businesses are not built for: AI can now find weaknesses faster than they can fix them. Those vulnerabilities were already there, but what has changed is the speed at which they can be discovered and the pressure that puts on teams and their supply chains to assess, prioritise and respond,”
He continued, “At a time when companies are already dealing with a steady drumbeat of serious cyber attacks, that stops being just a security issue and becomes a governance one too. Unknown risk is still accepted risk, whether a business realises it or not. What AI is starting to expose is not just technical debt, but gaps in how organisations decide what matters most, who owns the response and how quickly they can act when discovery starts to outpace remediation,”
Meanwhile, Project Glasswing participants primarily large enterprises with established security programs are testing how Mythos can enhance red teaming and vulnerability discovery. Yet, smaller organizations remain outside this ecosystem, even though they face the same evolving threat landscape.
Ultimately, while AI models like Claude Mythos promise to revolutionize cybersecurity, they also introduce new complexities. Organizations must now prepare for a future where both attackers and defenders operate with advanced AI tools. Nevertheless, experts stress that these technologies do not replace core security fundamentals. Strong governance, clear processes, and skilled teams remain essential to managing risk in an increasingly AI-driven environment.
Recommended Cyber Technology News :
- UK Biobank Data Breach Exposes 500K Health Records
- Dutch Town Epe Faces Major Personal Data Breach
- Saint Anthony Hospital Data Breach Affects 146K
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
