When the chief technology officer of one of the world's most popular web browsers first encountered Anthropic's new Mythos tool, he experienced an unpleasant sensation of vertigo. The frontier AI system, described as a 'terrifying superhacker', had exposed 271 serious vulnerabilities in Mozilla's Firefox browser – none of which Bobby Holley or his elite security research team had known about.
'Just one such bug would have been a red-alert in 2025,' Holley wrote in a blog post this week. 'So many at once makes you stop to wonder whether it's even possible to keep up.'
Anthropic claims that Mythos has already uncovered software flaws in 'every major operating system and every major web browser' globally, including one that had remained undetected for 27 years. The potential threat to the internet's foundations if hackers obtained Mythos has led Anthropic to withhold public release. Instead, it aims to give defenders a head start by enabling them to find and fix weaknesses before malicious actors exploit them.
A select group of 40 major tech and financial organisations – including Microsoft, Mozilla, and Morgan Stanley – have already received early access through Project Glasswing. The UK government is now in discussions with Anthropic to roll out Mythos to British businesses, driven by fears that any company without it will be exposed.
In a joint public letter last week, Security Minister Dan Jarvis and Technology Minister Liz Kendall warned that 'AI cyber capabilities are accelerating even faster than had been previously envisaged.' They also referenced OpenAI's Cyber program as part of a growing trend of AI tools capable of performing the work of highly skilled hackers in a fraction of the time. 'Criminals will not just target government systems and critical infrastructure,' they wrote. 'They will also target ordinary companies, of every size, in every sector. Attackers go where defences are weakest.'
Despite such claims, Anthropic is hesitant to offer Mythos access on a large scale, as it would heighten the risk of it falling into the wrong hands. This week, reports emerged of a small group of unauthorised users gaining access through a third-party contractor. Screenshots of the alleged leak were shared online, with those involved appearing motivated more by curiosity than malice.
The incident, currently under investigation by Anthropic, has led security researchers to warn that even tightly controlled tools can be easily hijacked. 'Even if their intent is just to explore, it shows how easily these systems can be exposed,' said Shane Fry, CTO of cyber defence firm RunSafe Security. 'The reality is these AI capabilities are already out there, hacked or not, and they're going to accelerate how quickly vulnerabilities are found and exploited.'
Anthropic is investigating while keeping the AI in a restricted preview mode. Despite safety measures, Camellia Chan, CEO of security firm X-PHY, called it a 'warning shot' to the industry. 'The fact that Anthropic themselves choose not to release it publicly tells you everything about the capability threshold we have now crossed,' she said. 'This is intended for defenders today, but similar tools will not stay in safe hands forever. That is the reality businesses need to plan for – the attack surface is increasing and the pace of threat is accelerating.'
Anthropic claims that more than 99 per cent of vulnerabilities uncovered by Mythos remain unpatched. In a statement, the company said 'the fallout – for economies, public safety, and national security – could be severe.' This warning comes amid record-breaking cyber attacks, but those with early access to Mythos appear hopeful that AI will help defenders, not attackers. For now.
'Our experience is a hopeful one for teams who shake off the vertigo and get to work,' Firefox CTO Bobby Holley wrote. 'Our work isn't finished, but we've turned the corner and can glimpse a future much better than just keeping up. Defenders finally have a chance to win, decisively.'
