Anthropic Mythos Cybersecurity Warning: Why Former Officials Say It Can Hack Nearly Anything

Claude Mythos Preview Raises Serious Cybersecurity Concerns

Anthropic introduced Claude Mythos Preview on April 7 through Project Glasswing, giving access only to a limited group of roughly 40 technology companies, including Apple, Amazon, and Microsoft. The model was not released publicly because Anthropic said it has an unusual ability to autonomously identify and exploit software vulnerabilities.

During a short testing period, Anthropic said Mythos found thousands of zero-day vulnerabilities across major operating systems and web browsers. Some of those flaws had reportedly remained undiscovered for decades. The oldest cited example was a 27-year-old bug in OpenBSD, an operating system widely regarded for strong security. Mozilla also said it used the preview version of the model to uncover and patch 271 vulnerabilities in Firefox.

Former acting national cyber director Kemba Walden warned in a Fortune column published Thursday that Mythos "can hack nearly anything" and argued that the United States is not ready for the risks these models create.

Unauthorized Access to Mythos Deepens Alarm

Reported breach of a restricted AI model

Concern grew further after Bloomberg reported on April 21 that a small group of users in a private Discord forum obtained unauthorized access to Mythos on the same day the model was announced.

According to the report, one member of that group was a third-party contractor for Anthropic. That access reportedly helped the group locate the model using previously leaked details about Anthropic's infrastructure. Anthropic said it was "investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments".

Security experts warn the exposure may have wider implications

David Lindner, chief information security officer at Contrast Security, told Fortune that if a random Discord group was able to get access, then more capable actors may already have done the same. His warning added to a growing sense that the model's restricted rollout has not prevented serious exposure concerns.

Global Intelligence and Government Agencies Respond

South Korea elevates AI-powered hacking as a top threat

South Korea's National Intelligence Service issued a government-wide advisory warning that next-generation AI models can autonomously find vulnerabilities, build exploit chains, and carry out attacks without ongoing human direction.

The agency named Mythos specifically and raised AI-powered hacking to one of the country's top five cyber threats for 2026. That move signals how quickly concern around offensive AI capability has shifted from theory to active national security planning.

Regulators and Financial Leaders Scramble to Prepare

Security-driven deployment restrictions mark a shift

The World Economic Forum said on April 19 that Anthropic's choice to limit Mythos access reflects a broader change in how advanced models are being handled. In this case, the constraints were described as security-driven rather than commercial.

Wall Street leaders briefed on AI cyber risk

Bloomberg and the Financial Times reported that Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell brought together Wall Street chief executives earlier this month to brief them on the cyber risks associated with Mythos and similar upcoming models.

That response suggests concern is no longer limited to technology firms or intelligence agencies. Financial institutions are also being pulled into urgent discussions about how these systems could affect critical infrastructure and cyber defense.

Competition in Offensive Cyber AI Is Expanding

Anthropic is not the only company developing models with these kinds of capabilities. OpenAI is reportedly preparing an internal model known as "Spud" that could reach similar cybersecurity performance.

OpenAI CEO Sam Altman said this week that Anthropic's messaging around Mythos was "fear-based marketing". Even so, cybersecurity professionals quoted alongside these developments said the threat remains serious regardless of which company reaches the front first.

David Lindner framed the issue in direct terms: if defenders are not using these systems, they have no chance of keeping up with the offensive side.

What Mythos Has Already Demonstrated

Vulnerability discovery across major systems

Anthropic said Mythos identified thousands of zero-day vulnerabilities across all major operating systems and web browsers in only a few weeks of testing. That scale is a major reason the model has drawn attention from former U.S. officials, intelligence services, regulators, and security leaders.

Long-undetected flaws and real-world patching

The reported findings included vulnerabilities that had gone unnoticed for decades. The OpenBSD example stood out because of the platform's reputation for security. Mozilla's use of the model to detect and patch 271 Firefox vulnerabilities also points to a practical defensive use case, even as concern grows over how the same capability could be misused.