Commentary
Anthropic’s latest artificial intelligence (AI) model, called Mythos Preview, was not released to the public because of its demonstrated ability to supercharge offensive hacking.
Anthropic said when it announced the model on April 7 that Mythos had already discovered “thousands of high-severity vulnerabilities, including some in every major operating system and web browser.” The italics were theirs. This means that Mythos can likely hack most government and business networks.
Instead of publicly releasing the model, which could have gotten the company hundreds of billions of dollars in revenue, Anthropic released about 300 pages of soul-searching documentation.
A statement released by Anthropic reads: “Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely. The fallout—for economies, public safety, and national security—could be severe.”
Tech stocks fell after the announcement, likely because of the revelation of new cyber-risks.
Mythos is a general, large-language model that is not only remarkably adept at defensive cyberoperations. It can also be used for any other purpose, including benign and malign purposes. Although the model is more benign than prior models on most metrics, its growing power makes any misalignment with ethics—no matter how slight—all the more dangerous.
Mythos still shows a proclivity for deceiving human handlers, covering its tracks, breaking out into the wild, sabotaging its own ethics training, and advertising its own success. It knows when it is being tested for ethics and performs better on these tests when it thinks it is being watched. In one key area, it seems to be more dangerous than past models. It was at least eight times more likely to hide what it was really thinking when sabotaging its own training.
Rather than release Mythos, Anthropic held back and provided it privately to approximately 40 major tech companies and its 12 launch partners. The latter include Google, Amazon, Microsoft, Apple, and JPMorgan Chase. Anthropic provided the model to all those companies so they could test their systems and fix any vulnerabilities before Mythos—or something like it made by another company—is released to the public.
The U.S. military, the National Security Agency, and the UK’s signals intelligence agency reportedly also have access to the model, which may give them the ability to hack adversary systems in places such as China, Russia, Iran, and North Korea.
The Pentagon is warning, however, of national security risks to the United States from Anthropic’s AI. The Pentagon and Anthropic are in a legal dispute over whether the company’s technology poses a supply-chain risk to U.S. government systems, as alleged by the Pentagon. Anthropic argues that the designation was a form of retaliation against the company for not allowing the Pentagon to use its technology for certain hypothetical purposes, including mass surveillance of U.S. citizens and the development of autonomous weapons.
However, if Anthropic and other U.S. AI companies discontinue its development, or if the Pentagon does not have full access to the model, an adversary country could out-develop the United States in AI and use it as a weapon against us. This provides Washington with an unenviable choice, similar to an arms race: fight fire with fire or get burned. In either case, the risk of getting burned remains.
Even without Mythos, AI-enabled hacking increased by 89 percent in 2025 compared with the year prior, according to data from security group CrowdStrike. AI is also making hackers quicker and more malicious. The average time it takes for a hacker to act maliciously after accessing a system dropped to 29 minutes last year, or 65 percent faster than in 2024.
In September 2025, Anthropic detected a Chinese state-sponsored hacking group that altered the company’s Claude Code to attempt to hack the networks of approximately 30 global companies and government agencies. In some cases, the Chinese hackers were successful.
OpenAI has released a similar model for cybersecurity purposes. It is unclear whether, like Mythos, it could be used by hackers to rapidly mass-produce cybersecurity exploits before human security personnel could protect key systems.
Whereas cybersecurity personnel often used to have weeks to patch a new zero-day vulnerability after it was discovered, now they will only have hours. Mythos would likely help them if the hackers do not have access to Mythos. AI could be used to identify and patch zero-day vulnerabilities rapidly if in the hands of defensive cybersecurity professionals. But in the wrong hands, AI is already being used to quickly identify and exploit vulnerabilities, leaving defensive capabilities scrambling.
What can you do to help protect yourself as AI technology improves, proliferates, and may become more malign?
Plenty.
Institutions should automate detection and defensive responses to AI-enabled cyberthreats. Anything less will be too slow to defend against AI-enabled hackers.
Individuals should set their devices to update automatically. Use complicated and unique passwords, password vaults, physical multifactor authentication keys, and passkeys—the latest secure form of user authentication.
Guard against deepfakes of your friends, colleagues, and family members by creating a joint password or reminiscence. If someone you know calls asking for emergency money, for example, ask for information only the two of you would know, such as stories from your earliest shared memories together. Call the person back at a known number to confirm. AI can now make videos and sounds to mimic people you know well.
Mythos has demonstrated that AI is advancing at exponential speeds. It’s a brave new world, and it’s best to come prepared.
Views expressed in this article are the opinions of the author and do not necessarily reflect the views of The Epoch Times.
Friends Read Free
Copy
Facebook
Tweet
