Anthropic's Mythos Triggered an Emergency Bank Meeting

In Brief

Anthropic's Claude Mythos Preview, a general-purpose AI model not specifically trained for cybersecurity, proved so devastatingly effective at finding and exploiting software vulnerabilities that it triggered an emergency meeting between Treasury Secretary Scott Bessent, Federal Reserve Chair Jerome Powell, and America's largest bank CEOs.

The response: Project Glasswing, a coalition of 40+ companies racing to patch what Mythos can break.

Anthropic unveiled Claude Mythos Preview, a new AI model so capable at autonomous cybersecurity research that it forced emergency action at the highest levels of the U.S. financial system. The model found a 27-year-old bug in OpenBSD (designed to be unhackable), a 16-year-old vulnerability in FFmpeg that automated tools had scanned five million times without catching, and developed 181 working Firefox exploits. The previous model managed two.

Mythos is a general-purpose model, not specifically trained for cybersecurity. But its improved reasoning made it quite effective at finding and exploiting zero-day vulnerabilities. Anthropic's response was Project Glasswing: More than 40 companies, including Apple, Google, Microsoft, and JPMorgan, getting early defensive access, backed by $100 million in usage credits.

SmarterX founder and CEO Paul Roetzer broke down what this moment signals for business leaders on Episode 209 of The Artificial Intelligence Show.

The Key Numbers

181 - Working Firefox exploits developed by Mythos (previous model: two)

27 years - How many years a bug in OpenBSD went undetected before Mythos found it

5 million - Automated scans of FFmpeg that missed a vulnerability Mythos caught

40+ - Companies given early defensive access through Project Glasswing to patch vulnerabilities

$100 million - Usage credits Anthropic committed to the defensive effort of Project Glasswing

What's Withheld Matters More Than What's Released. Here's Why.

The preview is the weaker version. Anthropic's system card describes Mythos Preview as a frontier model with capabilities "substantially beyond those of any model we have previously trained." But as Roetzer points out: "The version that's being tested by the government, by the banks, by Microsoft, by all these people, isn't even the most powerful version that they trained."

The information gap is the real risk. Business leaders, regulators, and policymakers are making plans based on what they can see. They cannot see what the labs already have. "The labs see things we don't," says Roetzer. "What that means is business leaders, economists, educational leaders, government leaders, the people we look to to help the world be prepared are largely planning for a future state that they don't understand."

Open source closes the gap fast. Anthropic's decision to withhold the full release buys time, but the clock is already running. "While they're withholding this full release, this likely means that we're only nine to 12 months away from an open source model being able to do the same thing. And then what?" Roetzer says. Even the best defensive posture eventually faces a world where these capabilities are freely available.

"What would the other labs have done? Like if xAI got there first, would they have the same restraint?"

Paul Roetzer, founder and CEO of SmarterX, Episode 209 of The Artificial Intelligence Show

The restraint question cuts both ways. Anthropic chose to create a defensive coalition rather than release the model. But the U.S. government, Roetzer notes, "is continuing to attack Anthropic, right? They're a supply chain risk. And yet they may be the only hope we have to protect our systems, our infrastructure, the software companies that we build around, privacy of citizens." The company demonstrating the most caution is also the one facing the most political pressure.

SmarterX Take

The broader picture matters more than the cybersecurity headline: a general-purpose AI model, without specialized training, outperformed decades of purpose-built security tools. That same pattern of unexpected capability will repeat across every business these models touch.

Roetzer warns business leaders to "use caution when you're racing to integrate these agentic systems into your organization" because "even the people building it don't fully understand all the risks associated with it." The organizations that move fastest on AI adoption also need to move fastest on understanding what these systems can do within their own infrastructure. Said Roetzer: "We are talking about a perfect storm of a future that we're just not prepared for."

What to Watch

Project Glasswing is the first real example of AI labs cooperating on security. "Project Glasswing does demonstrate the ability for the labs to work together. And I think that's going to become much more critical," Roetzer says. Whether this kind of collaboration survives competitive pressure between labs will shape the next year of AI security.

The infrastructure gap may be the sleeper issue. Roetzer notes that "compute and energy needs over the next decade may end up being dramatically underestimated and under built." Defensive AI at this scale requires massive compute, and if infrastructure lags behind model capability, the attackers have the advantage.

Further Reading

Anthropic: Project Glasswing → anthropic.com

TechCrunch: Anthropic debuts preview of Mythos in new cybersecurity initiative → techcrunch.com

Fortune: Anthropic gives firms early access to Mythos for cybersecurity → fortune.com

Fortune: Mythos is a wake-up call, but AI-driven hacking is already here → fortune.com

CNBC: Anthropic limits Mythos rollout over hacker fears → cnbc.com

Heard on The Artificial Intelligence Show, Episode 209
Paul Roetzer and Mike Kaput discuss Anthropic's Claude Mythos preview model, the emergency response it triggered, and what the resulting Project Glasswing means for cybersecurity and AI governance. Listen →