Post-Mythos Cybersecurity: Keep calm and carry on

I have seen a lot of distressed debate in the cybersecurity field following the announcement of Claude Mythos Preview. It was announced as a game changer in the field, miles ahead of its league and opening the pandora’s box of fully automated hunting and exploitation of zero-days.

Since then, Mythos and it’s safeguard-heavy equivalent, Fable 5, got released, only to be taken away shortly after. Let’s take the opportunity to reflect on what this model brings and how impactful it is to the industry.

Keep Calm

Fear, uncertainty, and doubt fuels the Cybersecurity industry

Anthropic has always had a taste for dramatic phrasing in its PR. Every major model release is accompanied by concerns on its safety; calling for regulation or for a pause in research before we reach a point of no-return. Mythos makes no exception to this trend and was disclosed in April without a public release. Instead, project Glasswing was announced, gatekeeping access to the model to 50 organisations, later expanded to 150 entities. Some of those lucky few corroborated the alarmist statements from Anthropic. They announced hundreds of vulnerabilities detected thanks to Mythos. One of the most impactful article on the topic was the evaluation from the AI Security Institute from the UK Government. Mythos was the first model to ever succeed in “expert level tasks”. It was also the first of its kind to achieve “The Last One”, a cyber-range testing the entire attack chain from reconnaissance to full network takeover.

Reading the article in details depicts a less dramatic picture. While a step up from previous models, progress in this area has been very gradual. We can see GPT-5.4, or even Opus 4.6, not so far behind on their Advanced CTF Challenge. The same can be said on their cyber range for Opus. Those benchmarks can also be quite far from realistic enterprise environment, at least for companies with mature cybersecurity programme and dedicated SOC. As the article stresses out, “They lack security features that are often present, such as active defenders and defensive tooling. There are also no penalties for the model for undertaking actions that would trigger security alerts.” No doubt such models would sometimes be extremely noisy and clumsy while attempting reconnaissance tasks or pivoting into the target’s information system.

“Sure, but what about all those critical vulnerabilities the model can find offline. They could then be exploited by attackers as powerful zero-days”, you may ask? This aspect was the main marketing argument coming with Project Glasswing, with example such as a “27-year-old vulnerability in OpenBSD” or a “16-year-old vulnerability in FFmpeg”.

Security professionals would probably smirk while reading such statements. Highlighting a vulnerability is old enough to drive is a very common clickbait trick for CVE announcement, only second to the classic “CISA orders feds to patch X”. A vulnerability being decades old is not that uncommon in open source products with hundreds of thousands of lines of code. Most of the time, It just means nobody skilled enough to spot it ever looked in this area before. Old bugs are more valuable as they impact more versions of the supporting software, but that has nothing to do with how difficult they were to find in the first place. What's true, however, is that AI-assisted discovery will increase their prevalence.

Mythos, only a gradual improvement of the older models?

The biggest change with Mythos is the scalability potential of organisations with deep pockets to afford those exhaustive searches. The blog post from Anthropic red team gives more insight on how they achieve such results, and it would definitely be costly. The model was run, several times, on most source code files individually. It took a thousand runs through their scaffold to get the BSD bug, for a cost of approximately 20,000 USD. The entire Glassing project has an allocated token budget worth a hundred millions dollars. Does it bring new risks? Yes, but for actors who probably already had advanced cybersecurity resources in the first place, not to the average script kiddie.

Earlier models might have spotted a portion of those vulnerabilities, had they benefitted from the same thorough experimentation. It’s hard to make apples-to-apples comparison as the details given by Anthropic on how Mythos was run (or how many times it ran for each finding) are scarce. Some tried to replicate the concept in fair but more cost-efficient alternatives and had some probing results. In a nutshell: in the absence of Mythos or even Opus models, DeepSeek is decent in the cloud hosting world while Gemma 4 and Qwen 3.6 punch well above their weights in the self-hostable category, finding about half the vulnerabilities Mythos spotted in the benchmark.

However, I wouldn’t go as far as Aisle who claimed the secret is in the harness, not the model. While they also did manage to “detect” many vulnerabilities initially discovered by Mythos using much smaller LLM, none of those models were capable of making valid exploits. The capacity not only to raise warnings but to actually prove exploitability is definitely an edge only shared by models of the Mythos class. This also seems to solve one of the biggest downsides of earlier AI-led bug hunting: false positives. This was pointed out in their initial update of Project Glasswing, Mozilla claimed an extremely low rate of false positives in their 271 findings. In the same vein, Cloudflare qualified the false positive rate “better than human testers”. Only time (and broader access) will tell if those claims are verified. Otherwise, the average organisation will inevitably be drowned in a sea of cybersecurity noise while using the tool.

OpenAI catching up while the US gov halts Anthropic in its course

In the middle of this madness, we got an unexpected “break” from the US government as they decided to block Fable/Mythos for all non-US citizens, including those on US soil. An impossible task forcing Anthropic’s hand into turning off the offering altogether. Nobody knows how long this will last.

As a side note, there is a certain irony in watching Anthropic reap what it has spent years sowing: more government involvement to control usage and slow the AI race. This was delivered in the bluntest possible way.

Meanwhile, OpenAI continues to progress in this area with their GPT5.5-Cyber and the Codex Security plugin. They have their Glasswing equivalent, project “Daybreak” and “Patch the Planet”, but tuned down the fearmongering aspect and focused on the defender side. This is also a controlled release, likely not to poke the US regulatory bear. It’s safe to assume they will not unleash those products to their entire client base before the Anthropic situation settles or a non-US competitor fills the gap first. I can’t help but find this approach frustrating. The average company can’t access 5.5-Cyber but big cybersecurity firms do, only to sell it back to their own clients at premium. In other words, artificial scarcity disguised under the pretence of responsible deployment.

Let’s use this slowdown to regroup and focus on what we can do to hold the fort when the storm comes back.

Update (2026-06-27):

Things are moving fast. OpenAI is releasing a new family of models: Sol, Terra and Luna, with a strong PR focus on its cybersecurity prowess and comparing it to Mythos. Same as with 5.5-Cyber, the model is made to be biased toward defence instead of building exploits. Those safeguards don't seem to be enough for the U.S. government who still wants to vet which institution get to access the new models. The same now applies to Anthropic, opening Mythos to a hundred US institutions to start with.

Carry On

As some of those fears, uncertainties, and doubts are starting to feel real, what can we do about it? Paradoxically, I believe that little needs to change in what we’ve been doing for years.

“We already h