Anthropic restricts access to Claude Mythos over fears of cyberattack capabilities
Read Full Article
Policy & Regulation AI Models AI Industry

Submitted by: Franklin

PublishedApr 23, 2026

Anthropic Restricts Claude Mythos Over Cybersecurity Risks

Key Takeaways

  • Anthropic's decision to withhold Claude Mythos highlights the growing tension between AI advancement and global cybersecurity risks.
  • The model's ability to autonomously identify zero-day vulnerabilities is forcing major financial institutions and regulators to accelerate infrastructure modernization.
  • Reports of unauthorized access to the model underscore the critical challenge of securing powerful AI assets against potential misuse.

Anthropic has confirmed it will not release its latest AI model, Claude Mythos, to the public, citing the significant threat it poses to global cybersecurity. The decision follows the model's demonstrated ability to identify and exploit "zero-day" vulnerabilities—previously unknown flaws—within major IT operating systems and web browsers. While Anthropic has restricted public access, the company is currently investigating reports that a small group of users gained unauthorized access to the model via a private online forum.

The Capabilities of Mythos

Announced on 7 April, Mythos represents what Anthropic describes as a "watershed moment for cybersecurity." The model is capable of identifying flaws that have remained unnoticed for decades, and if prompted by a user, it can theoretically exploit these vulnerabilities. The UK’s AI Security Institute (AISI) has assessed the model, noting that it marks a significant advancement in threat capability. Specifically, the AISI observed that Mythos can execute multi-step attacks and identify IT flaws without human guidance, successfully completing a 32-step cyber-attack simulation in a controlled test.

Industry Response and Risk Assessment

In response to the potential risks, Anthropic launched Project Glasswing on 8 April, providing early access to approximately 40 organizations, including Apple, Google, Goldman Sachs, and JP Morgan. This initiative allows these firms to test the model’s capabilities to bolster their own cyber defenses. However, the emergence of Mythos has prompted high-level concern among regulators and financial leaders. US Treasury Secretary Scott Bessent held meetings with major bank executives to discuss the implications, and UK officials have added the model to the agenda for Cross Market Operational Resilience Group meetings.

Debating the Impact

While Anthropic highlights the disruptive potential of Mythos, some industry experts suggest the situation involves a degree of hype. Aisle, a firm specializing in AI cybersecurity, analyzed the model’s claims and found that while Mythos is highly capable, other, more affordable models are also capable of identifying similar vulnerabilities. Furthermore, experts point out that the majority of real-world breaches continue to stem from established risks, such as weak authentication and known, unpatched vulnerabilities.
Despite these differing perspectives, the emergence of Mythos has intensified the urgency for organizations to modernize their infrastructure. Richard Horne, chief executive of the UK’s National Cyber Security Centre, noted that the model serves as a catalyst for companies to replace obsolete technology. As the pace of AI development continues to accelerate, the focus remains on whether tech companies can effectively contain their most powerful products while leveraging them to defend against increasingly sophisticated digital threats.

Comments (0)

No comments yet

Be the first to share your thoughts!