AI benefits/risks Why Anthropic was right to form Project Glasswing April 24, 2026 Share By Aaron Beardslee (Adobe Stock) COMMENTARY: Anthropic built a powerful AI model and then kept it on a short leash. The company said more than 99% of the vulnerabilities it found remain unpatched, and that’s why it withheld most of the technical detail. The important part is not that a new tool found bugs. What’s worth acknowledging: Anthropic looked at what Mythos could do and decided broad release was a bad idea. [ SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here . ] Attackers are after something much simpler: a model that shortens reconnaissance, improves phishing, helps move from an idea to a usable exploit, or gives a mid-tier operator a better shot at success. Earlier this week, Mozilla claimed that Claude Mythos had uncovered 271 vulnerabilities in Firefox, which were patched with the release of version 150. This serves as a fitting case study in the rat race for leverage that attackers are after. As attackers specialize and become increasingly skilled in their tactics, a tool like Mythos will accelerate their ability to the nth degree. While the tool in isolation may possess the ability of a generally skilled actor, when we pair that skilled actor with this powerful tool, suddenly the threat actor-Mythos relationship turns into something superhuman. A late 2024 human subject study found that fully-automated AI spear phishing performed on par with human experts. Both reached a 54% click-through rate, compared with 12% for the control group. The same study found the AI generated targeting information was accurate and useful in 88% of cases, and the authors concluded that AI could increase phishing profitability by as much as 50% at larger scale. Europol has been tracking the same trend from a different angle. Its recent reporting points to growing criminal use of AI across fraud, impersonation, and cyber-enabled crime. None of this makes the operator disappear. It gives the operator better tools. Lowering the bar Good tradecraft used to slow down offensive work – taking skill, time, and a broad knowledge base. Reliable exploit development, careful chaining, and patient technical work still required real expertise. Models like Mythos start to change the math. The hard parts are still hard, and experienced operators will still outperform everyone else, but some of the lift moves from the human to the machine, affecting how much knowledge someone needs up front, how quickly they move, and how far they can get before their own limitations catch up with them. Anthropic’s reporting gives a sense of how compressed that process can become. The company says non-experts were able to use Mythos to find serious vulnerabilities and produce working exploits. In one example, a Linux privilege-escalation workflow reportedly went from prompt to working exploit in less than a day at a cost below $2,000. That compression matters. Work that used to demand more time, more money, and more effort becomes much more accessible. Is it worth the risk? The understandable reaction is to push for the same kind of speed in capability for defenders. Nobody wants analysts stuck in repetitive work while attackers get faster. Mythos can find vulnerabilities – even zero-days – and exploit them at relatively ludicrous speeds. Can it do the same discovery and create a viable patch that won’t break the system? Maybe in time Anthropic will create a blue team version of Mythos that can stage potential patches at machine speed for vulnerable systems for a security team to review. While a hopeful idea, this does not address the extreme risk of Mythos in its existing state being released to the public, though. Penetration testers and red teamers don’t exactly behave like real threat actors or APT groups because their motives, agenda, and timeline are drastically different. North Korea doesn’t care about our systems or winning another contract round for next year. Their only rule: don’t get caught. If North Korea ever got their hands on a model as advanced and sophisticated as Mythos, well… Keep the humans in control Humans-in-the-loop have nothing to do with protecting manual work. It has to do with keeping authority tied to accountability. Once a model can reason across tools, make recommendations, and act inside real workflows, a bad output stops being a nuisance and becomes a control problem. There’s already enough evidence to take that risk seriously. OWASP continues to rank prompt injection at the top of the risk stack for LLM applications, and research in this area keeps showing how integrated systems are often redirected away from their intended tasks. In a security environment with access, tooling, and urgency, the margin for error gets very thin. Let the machine move through volume, connect signals, draft hunts, summarize evidence, and reduce the dead time that burns analysts out. Keep people on the decisions that carry consequence: approvals, containment choices, remediation steps, exceptions, communications, and anything else that can create unnecessary exposure. Right now, there’s a level of restraint in Anthropic’s handling of Mythos that’s missing from the broader AI security market. The company did not treat raw capability as a reason to scale deployment. It limited release, wrapped access in Project Glasswing , and paired the model with monitoring and defensive research. However, offering an early release to choice security teams will not soften the blow if Mythos ultimately gets fully-released in the future to everyone, or if it winds up in the hands of threat actors as Bloomberg reported the other day. Because software will evolve as it always does with new vulnerabilities introduced. At that point, Mythos will allow more speed for threat actors to cause even more damage than they are already doing, and defenders would wind up being even more behind than they already are. Until we know more, a powerful product like Mythos should only run as an enterprise tool and – like other top-tier offensive security tools – get locked behind serious scrutiny for those who are allowed to get their hands on it. Aaron Beardslee, threat security researcher, Securonix SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial. Aaron Beardslee Related AI/ML AI-driven cloud attacks reach ‘functional’ maturity, says Unit 42 Steve Zurier April 23, 2026 PoC proves that attackers can leverage AI to exploit cloud weaknesses at machine speed. AI/ML Why predictive resilience based on Agentic AI must anchor the National Cyber Strategy Jonathan Trull April 21, 2026 Here’s how a risk operations center model promises to help teams stay one step ahead of the attackers. DevSecOps Vercel incident falls short of a supply chain attack — for now Steve Zurier April 20, 2026 Experts say Vercel case was a trust and authentication boundary failure, but not an attack on the level of SolarWinds. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe You can skip this ad in 5 seconds