A new AI entity called Mythos, made by Anthropic, is reportedly fantabulous at finding vulnerabilities in code, better than any artificial intelligence ever was before. The company is trying to make sure that the power will be used only to prevent cyberattacks, not facilitate them. To this end, it is carefully sharing Mythos with select organizations, including banks and browser makers. The beneficiaries of the access say that Mythos is working as claimed (Washington Post, April 24, 2026).
Almost a hundred engineers [at Mozilla] set aside other work to begin tackling a wave of security problems. The latest version of Firefox contains fixes for 271 flaws found with Mythos’s help. Any one of them would have been a red-alert moment just last year, Holley wrote in a blog post this week. The most serious vulnerabilities in older versions of the browser theoretically could be used to install programs or delete data, according to an advisory from the Center for Internet Security, although there is no evidence of them being put to use….
It’s good that your bank and others are using Mythos to patch up their rickety defenses, if they are. But what happens when less scrupulous firms and governments catch up with Anthropic?
As the Mozilla results suggest, the newest AI models could prove adept at finding fresh security flaws in computer code—vulnerabilities known as “zero-days.” Anthropic says it found one that had lurked undetected for 27 years. This could allow companies and governments to reinforce their digital holdings. At the same time, experts say such tools could allow hackers to automate their attacks, speeding up their operations and making it possible for even people with no computer security training to stage digital break-ins.
Anthropic’s curated, select interactions and nondisclosure agreements are probably not foolproof barriers to abuse.
A few days before the Post article, Bloomberg reported that Mythos had been accessed by unauthorized users using “a mix of tactics…. These included using access the person had as a worker at a third-party contractor for Anthropic and trying commonly used internet sleuthing tools often employed by cybersecurity researchers…. The users are part of a private Discord channel that focuses on hunting for information about unreleased models….”
What the intruders managed to extract through this illicit access, maybe nothing crucial, is unclear. Maybe they’re just fanboys, not criminals or persons susceptible to hefty bribes. But we can assume that the Chinese, North Korean, Russian and other governments who routinely unleash gangs of hackers on us are not sitting around waiting until all possible targets get adequately patched.
“While the risks are relatively contained right now,” says the Post, “other AI companies—including those overseas—are expected to develop their own tools with similar capabilities in coming months. A Switzerland-based security researcher reported this week that one Chinese firm appeared to already be employing techniques similar to those enabled by Mythos.” Oh?
Also see:
TechCrunch: “Hacker who allegedly carried out cyberattacks for China is extradited to US” (April 27, 2026)
The New York Times: “ ‘Unrestrained’ Chinese Cyberattackers May Have Stolen Data From Almost Every American” (September 4, 2025)
