This is for security leaders, engineering directors, and platform owners who are being pitched “frontier AI ready” services in the wake of Anthropic’s Mythos announcement. If you are trying to separate the real shift from the vendor narrative, this one is for you.
In the weeks since Anthropic announced the Mythos Preview, my inbox has been filling up with the same message, dressed in different logos. Palo Alto Networks launched a Frontier AI Alliance. PwC started running seminars on identity as “the new battleground”. SANS and the Cloud Security Alliance published an “AI Vulnerability Storm” emergency briefing. Each one points at Mythos and says the same thing: everything has changed, you need to buy something, now.
Here’s the thing. Mythos did not create a new class of cybersecurity risk. It exposed one that has been building for years. What changed in April 2026 was not the attack surface. What changed was how easy it became to demonstrate that the surface was already broken.
What Mythos Actually Did
Mythos Preview is a constrained internal version of Anthropic’s next-generation model. In its published capability write-ups, it autonomously found thousands of zero-day vulnerabilities across major operating systems and browsers. Among them:
- A 27-year-old OpenBSD bug.
- A 17-year-old FreeBSD NFS remote code execution flaw, CVE-2026-4747, identified and exploited with no human in the loop.
- A 16-year-old FFmpeg bug.
- Multi-vulnerability privilege escalation chains in the Linux kernel.
- JIT heap-spray browser sandbox escapes.
The FreeBSD exploit is the one I keep coming back to. Mythos split a too-large ROP chain into 15 separate RPC requests, each writing 32 bytes into kernel memory, to work around a tight overflow budget. That is not a fuzzer stumbling into a crash. That is an agent reasoning about an exploit budget and reshaping the payload to fit.
None of those bugs were new. They had survived multiple generations of fuzzers, scanners, and manual audits. Mythos did not invent them. It found them faster than anyone was expecting, and chained them without being told how.
One detail worth sitting with: Anthropic reports that Mythos was not trained as a vulnerability research specialist. Its security performance emerged as a side effect of being strong at code understanding. That is the real signal. The offensive capability is not a narrow research artefact. It is a byproduct of a general model being good at reading code.
Anthropic’s Relative Restraint
This is where the framing of the rest of the industry starts to look strange.
Anthropic is not publicly releasing Mythos. Access is via Project Glasswing, a curated programme covering AWS, Apple, Google, Microsoft, Nvidia, Broadcom, Cisco, CrowdStrike, JPMorgan Chase, and around forty additional organisations that build or maintain critical software infrastructure. Anthropic has committed up to 100M USD in Mythos credits for defensive work, and 4M USD in direct donations to open source security organisations. They have briefed governments privately about the offensive acceleration risk. Leaked internal documents describe Mythos as “too dangerous to release” in open form.
You can disagree with the shape of Glasswing. You can argue it gives a defensive head start to a specific club. But when you compare that posture to what the rest of the ecosystem is doing, Anthropic is the quiet one in the room.
The diagram below shows how Glasswing routes Mythos access across the ecosystem, from intake through to defensive deployment:
The Panic Dividend
Most of the noise is coming from the companies who sell security. The pattern is straightforward.
- Declare that everything changed overnight because of Mythos.
- Publish a whitepaper or an alliance landing page within the same news cycle.
- Offer paid “frontier AI ready” assessments, SOC augmentations, and managed services.
Palo Alto Networks’ “Defender’s Guide to the Frontier AI Impact on Cybersecurity” describes frontier models like Mythos as a “quantum leap” in offensive and defensive capabilities, and uses that framing to announce partnerships with Accenture, Deloitte, IBM, NTT DATA, and PwC. PwC’s own material on AI in cybersecurity encourages clients to “rapidly deploy AI-enabled capabilities” through managed services for threat detection, vulnerability management, identity, and compliance automation. The SANS and Cloud Security Alliance “AI Vulnerability Storm” briefing argues that time from vulnerability discovery to weaponisation has collapsed from weeks to hours, and recommends pointing AI at your own code this week and standing up a permanent Vulnerability Operations function within 12 months.
Some of that advice is not wrong. Time to exploit is compressing. Scanner to ticket to sprint pipelines are slow. But the packaging is optimised for budget capture, not for an honest conversation about tradeoffs. The same vendors who warned for years that patch backlogs were a risk at the board level now warn that Mythos has made them urgent, and offer the same managed services they were already selling, rebadged.
That is the panic dividend. The gap between how bad a problem has actually been for a decade and how urgent a vendor can make it look once a news cycle gives them cover.
Mythos as a Mirror
Horizon3.ai put it cleanly: Mythos did not create a new cybersecurity problem, it exposed one that has been building for years. The vulnerabilities were there. The debt was there. The slow patch cycles were there. Memory-unsafe legacy code was there. What Mythos added was the ability to compress the exploitation pipeline to a point where you can no longer pretend not to see it.
This is the part that should change how you think about budget.
If your response to Mythos is to buy a frontier AI readiness programme from a consultancy, you are paying someone else to hold the mirror up for you. If your response is to look in the mirror and fix what you see, the spend goes into very different places.
What a Sane Response Looks Like
This is where I would actually put the money.
- Point whatever model you can safely access at your own code. It does not have to be Mythos. Smaller open models with good orchestration will get you most of the way to triage and prioritisation. The point is to see what you have, not to match the state of the art.
- Fund the fundamentals you have been deferring. SBOMs. Realistic patch SLAs. Memory-safe rewrites in the services where the debt hurts most. Identity hardening against phishing accelerated by AI. None of this is novel. All of it is overdue.
- Treat vendor narratives as input, not gospel. Read the whitepaper, then read the underlying research. If the whitepaper claim is stronger than the research supports, discount the vendor in proportion to the gap.
- Separate the offensive story from the defensive package. Vendors are disproportionately dramatising attacker speed while wrapping the defender story in managed services. You can accept the first and still refuse the second.
- Be honest about machine-speed governance. In regulated environments, the “act at machine speed” framing is not inherently wrong, but it glosses over how slowly approvals actually move. Do not commit to operating models your own internal processes cannot support. That is how a governance story becomes a compliance incident.
A Note on What I Am Not Saying
I am not saying Mythos is harmless. A model that can autonomously chain kernel exploits is a serious artefact, and Anthropic’s own testing showed it could escape a secured sandbox and gain broader network access. The offensive acceleration is real, and it matters.
I am saying that the shape of the reaction is wrong. The industry is converting a capability demonstration into a marketing event, and the bill lands on the same CISOs who have been asking for budget to fix the underlying issues for a decade.
Mythos is not the threat. The threat is the thing Mythos exposed, and the secondary threat is the industry reflex to turn that exposure into a product line. Spend on the first problem. Be sceptical of anyone trying to sell you a solution to the second.