In the wake of Anthropic’s announcement of its latest artificial intelligence model, Mythos, on April 7, the company has stood by an unusual decision: refusing to release it to the public. Not since OpenAI temporarily withheld its GPT-2 model in 2019 has a major developer deemed a system too dangerous for the public. More than a week later, that choice is still reverberating through finance and regulatory circles.
“The fallout—for economies, public safety, and national security—could be severe,” Anthropic said on its website. But while officials scramble to gauge the implications of the model’s unprecedented hacking capabilities, cybersecurity experts are divided over whether Mythos marks a major break from what came before or an expected step down an already troubling path.
Anthropic did not respond to a request for comment from Scientific American.
On supporting science journalism
If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.
A 245-page technical document released alongside the announcement outlines what the company presents as a major leap in capability. The model operates like a senior software engineer, demonstrating an ability to spot subtle bugs and self-correct mistakes. It also scored 31 percentage points higher than Anthropic’s previous cutting-edge model, Opus 4.6, on the USAMO 2026 Mathematical Olympiad, a grueling, two-day proof-based competition.
But that same coding prowess makes Mythos a formidable offensive weapon, and Anthropic says it can outstrip all but the most skilled humans at identifying and exploiting software vulnerabilities. In tests, it found critical faults in every widely used operating system and web browser. Of those vulernabilities, 99 percent have not yet been patched. And Anthropic has disclosed only a fraction of what it says it has found. Independent evaluations suggest the danger is real, if more bounded than the company has implied: an assessment by the U.K.'s AI Security Institute (AISI), which was granted early access, found the model succeeded in expert-level hacking tasks 73 percent of the time. Prior to April 2025, no AI model could complete those tasks at all.
Instead of a public rollout, Anthropic is limiting access to a clutch of organizations to use defensively, allowing them to scan their networks and patch problems before the flaws become public knowledge. That initiative is called Project Glasswing. The initial group includes Microsoft, Google, Apple, Amazon Web Services, JPMorgan Chase and Nvidia.
Mythos is the first of a new crop of AI models that have been trained on next-generation graphics processing units (GPUs)—the advanced chips that power AI training—and its capabilities have continued to rattle financial firms well beyond the initial announcement: on Thursday, German banks said they were consulting authorities and cyber experts about the risks, while the Bank of England said AI risk testing had intensified after Mythos came into view.
Yet the cybersecurity community remains split on the true severity of the threat. “The Anthropic announcement was very dramatic and was a PR success, if nothing else,” says Peter Swire, a professor at the School of Cybersecurity and Privacy at the Georgia Institute of Technology and former advisor to the Clinton and Obama administrations. Swire notes that among his colleagues, “a large fraction of the cybersecurity professors believe this is pretty much what was expected, and pretty much more of the same.”
Ciaran Martin, professor of practice at the Blavatnik School of Government at the University of Oxford and former CEO of the U.K.'s National Cyber Security Center, shares that view. “It’s a big deal, but it’s unlikely to prove to be the end of the world,” he says. “I would not be at the more apocalyptic end of the scale.”
AISI acknowledged limits to the AI’s abilities. During testing, Mythos faced near-nonexistent software defenses that lacked many protections present in the real world—a scenario Martin compares to a soccer forward scoring a goal against the world’s worst goalkeeper.
Neither expert denies that Mythos is a significant advance, but suggest the decisive regulatory action is partly driven by institutional self-preservation. “CISOs [chief information security officers] and cybersecurity vendors have a rational incentive to point out the potentially very severe consequences of a new development,” Swire explains, even if their internal estimates assume the actual impact will be a fraction of what Anthropic’s press release claims. As Martin notes, it is rare for any organization “to suffer commercial detriment by predicting calamity.”
“One risk after Mythos is that it will be easier to turn a vulnerability, a known flaw, into an exploit, something that somebody actually takes advantage of,” Swire says. “Every cybersecurity defender should take Mythos seriously, but the expected harm to defense is likely to be far lower than the worst-case scenarios would suggest.”
