Mythos: Anthropic’s agentic hacker-in-residence
Claude Mythos AI sits at the top of Anthropic’s Claude family and is framed as a fundamental step-change rather than a routine upgrade. Anthropic describes Mythos as its most capable model so far, with unusually strong coding performance, long‑context reasoning and what some analysts call "agentic" behaviour: the ability to plan and execute multi‑step tasks across large, messy codebases without losing the thread. In internal and partner testing, Mythos reportedly identified thousands of serious vulnerabilities in major operating systems and browsers, including flaws that had gone unnoticed for decades and even long‑standing bugs in platforms such as OpenBSD and FreeBSD. The UK’s AI Security Institute found Mythos was the only tested model able to complete a simulated 32‑step corporate network attack from initial reconnaissance to full network takeover, a sequence it estimated would take top human experts around 20 hours. That combination of autonomous reasoning and deep code analysis is what has thrust Mythos into the centre of the AI cybersecurity risks debate.
Project Glasswing: Locking down a dual‑use capability
Confronted with Mythos’s performance in vulnerability discovery and simulated intrusions, Anthropic chose not to release the model broadly. Instead, it created Project Glasswing, a containment and deployment programme that restricts access to a roster of large, "trusted" organisations including hyperscale cloud providers, major banks, leading security vendors and government agencies such as the UK’s AI Security Institute. The goal is to let partners test Mythos against real networks and critical software while jointly hardening defences before any wider launch. Anthropic has framed this as a responsible response to an AI vulnerability discovery tool that could otherwise accelerate exploitation at scale. Yet the arrangement is already under strain: the company is probing reports that a small group of users gained unauthorized access to Mythos through a third‑party environment, highlighting how fragile access controls can be once such systems exist at all and underscoring fears of an emerging cyber arms race AI ecosystem where leaks, not releases, drive proliferation.
Mythos’s security claims under the microscope
While headlines portray Claude Mythos AI as an apocalyptic hacker, closer reading of Anthropic’s own documentation paints a more nuanced picture. The widely repeated claim that the model uncovered "thousands" of high‑severity bugs across operating systems and browsers originates from marketing materials tied to Project Glasswing rather than the 244‑page technical System Card submitted for peer review. That document does not quantify vulnerability counts and, according to critical analyses, relies on evaluation setups with significant caveats. Some testers argue that Mythos’s impressive results hinge on curated scenarios and heavy human scaffolding rather than fully autonomous exploitation in the wild. In practice, Mythos appears to dramatically accelerate work for skilled security engineers and raise the floor for less expert operators, rather than single‑handedly obliterating existing defences. The gap between promotional language and measured capability illustrates how AI cybersecurity risks can be overstated even as real advances in exploit generation and workflow automation demand serious attention from defenders.
OpenAI’s GPT‑5.5: An alternative playbook for AI security
Anthropic’s cautious stance contrasts with OpenAI’s approach to GPT‑5.5, which is being rolled out widely to ChatGPT Plus, Pro, Business and Enterprise users, with API access to follow. GPT‑5.5 is marketed as smarter and more persistent than GPT‑5.4, with stronger coding skills and more reliable tool use, and testers have found it competitive with models like Claude Opus in reasoning and autonomy. Crucially, OpenAI emphasises expanded safeguards rather than tight access. The company says GPT‑5.5 was evaluated across internal safety and preparedness frameworks, subjected to internal and external red‑team exercises, and stress‑tested for advanced cybersecurity and biology capabilities with nearly 200 trusted early‑access partners before release. Security lab assessments suggest GPT‑5.5 meaningfully improves vulnerability research workflows, especially for novice and moderately skilled users, while providing targeted assistance on narrow subtasks for experts. Where Anthropic defaults to containment, OpenAI is betting that layered safeguards and broad deployment can coexist, setting up a clear philosophical divide in how frontier AI security models should reach the market.
From automated pen‑testing to AI‑driven governance
Taken together, Claude Mythos AI and GPT‑5.5 offer a preview of how frontier models may reshape both cyber defence and offence. On the defensive side, systems like Mythos can act as always‑on penetration testers, trawling legacy codebases, browsers and operating systems for subtle bugs, chaining vulnerabilities and proposing patches at a speed no human team can match. Security vendors in programmes like Project Glasswing are already exploring how to weave these capabilities into products spanning network, cloud and SOC workflows. On the offensive side, the same AI vulnerability discovery functions lower the barrier for less skilled attackers and compress the time from bug to working exploit. That dual‑use reality is pushing governance debates towards structured red‑team programmes, staged rollouts, tighter partnerships with security suppliers and continuous evaluation by independent institutes. For IT leaders, the priority is to monitor how these models are integrated into tools they already use, press vendors for clear safeguards and treat sensational claims with scepticism while still preparing for steadily more capable AI in the cyber arms race AI landscape.
