TechTarget and Informa Tech’s Digital Business Combine. TechTarget and Informa TechTarget and Informa Tech’s Digital Business Combine. Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise Newsletter Sign-Up Newsletter Sign-Up Cybersecurity Topics Related Topics Application Security Cybersecurity Careers Cloud Security Cyber Risk Cyberattacks & Data Breaches Cybersecurity Analytics Cybersecurity Operations Data Privacy Endpoint Security ICS/OT Security Identity & Access Mgmt Security Insider Threats IoT Mobile Security Perimeter Physical Security Remote Workforce Threat Intelligence Vulnerabilities & Threats Recent in Cybersecurity Topics Cyber Risk Claude Mythos Fears Startle Japan's Financial Services Sector Claude Mythos Fears Startle Japan's Financial Services Sector by Nate Nelson Apr 30, 2026 5 Min Read Application Security Reverse Engineering With AI Unearths High-Severity GitHub Bug Reverse Engineering With AI Unearths High-Severity GitHub Bug by Alexander Culafi Apr 29, 2026 3 Min Read World Related Topics DR Global Middle East & Africa Asia Pacific Latin America See All The Edge DR Technology Events Related Topics Upcoming Events Podcasts Webinars SEE ALL Resources Related Topics Resource Library Newsletters Podcasts Reports Videos Webinars White Papers Partner Perspectives Dark Reading Resource Library Cybersecurity Operations Cyber Risk Vulnerabilities & Threats Threat Intelligence News Anthropic's Mythos Has Landed: Here's What Comes Next for Cyber In this latest installment of the Reporters' Notebook video series, we discuss how the new AI model threatens to completely upend cybersecurity, and what industry leaders are telling the press. Becky Bracken , Kristina Beek April 30, 2026 Source: Dark Reading On April 7, Anthropic announced that its latest version of the large language model (LLM) Claude, dubbed Mythos, was here and displaying a shocking ability to find and exploit software vulnerabilities at machine, even industrialized speed. The implications of an AI red teamer on the loose, accessible potentially to threat actors, and able to be turned against any system in the world in an instant, has inspired alarm for governments and around the cybersecurity sector. According to Anthropic, the Claude Mythos model can find and exploit zero-day bugs in "every major operating system and every major Web browser." To prove the point, the company said the model was quickly able to identify a 27-year-old flaw in OpenBSD. Enter Project Glasswing: A consortium of some of the biggest software providers in the world who will endeavor to use the model for cybersecurity defense first, putting it to work on their software before adversaries can get a hold of the tool. Related: Helping Romance Scam Victims Requires a Proactive, Empathic Approach Three reporters, Dark Reading's Becky Bracken , Cybersecurity Dive’s Eric Geller , and TechTarget SearchSecurity’s Phil Sweeney, open up their notebooks and share what their top sources are saying in reaction to reports that Anthropic’s Mythos can find and exploit vulnerabilities at machine speed. They also cover the consortium of software power players that have come together to test Mythos under Project Glasswing . Learn more in the video, and also check out our Reporters' Notebook full series , which is designed to bring together insights and coverage from across Informa TechTarget's network of cybersecurity sister sites. Becky Bracken, Phil Sweeney & Eric Geller: Full Video Transcript This transcript has been edited for clarity and length. For the full experience, please watch the video. Dark Reading’s Becky Bracken: Hello everybody, and welcome to Reporters' Notebook. I am Becky Bracken and I am here with my two colleagues to discuss this month's big blockbuster story, "Mythos, the AI Model to End All Cybersecurity," and Glasswing, the forum that was established to wrap industry and government's head around it. I'm joined today by Eric Geller, senior reporter with Cybersecurity Dive, as well as Phil Sweeney, who is a reporter with TechTarget SearchSecurity. I'm sorry, we've rebranded, is that correct? TechTarget SearchSecurity’s Phil Sweeney: You got it. DR’s Becky Bracken: All right, well, welcome both of you. I figured this was a pretty easy one for us to tackle. Do you wanna walk us through the background as you understand it? Related: Coast Guard's New Cybersecurity Rules Offer Lessons for CISOs TTSS’s Phil Sweeney: For the Mythos preview , Anthropic developed it and had some pretty startling success with it, things they did not expect. And before release, they said, OK, we can't do this. We can't release this. We need to talk about this and the implications for that, especially security-wise. They found incredible volumes of zero-days , unknown vulnerabilities, and some of them going back years; they said many, in fact, are 10, 20 years old, not just a few outliers. There were many, many that were going back many years undiscovered and the LLM found them in almost no time at all. So it was quite a jolt and, as a result, Anthropic has reached out to partners across the IT industry to try to come to some kind of consensus about, what are we going to do about this before this becomes major security crisis? DR’s Becky Bracken: Eric, what's the headline for you here? Cybersecurity Dive’s Eric Geller: To me, this is a story about how the government is going to be increasingly dependent on the technology companies in a way that wasn't even really true in earlier phases of this kind of government-industry relationship. We think about cybersecurity as a domain where the private sector , because it runs the infrastructure, has the best visibility; and the government is really dependent on it to understand cyberattacks. I think in the AI space, that reliance is even stronger because now it's not just that the AI companies have all this information about how hackers are trying to launch cyberattacks using their products. And you see Anthropic putting out that report last year about the first AI-powered cyberattack. So, they have that visibility. They also have the ability, unlike say critical infrastructure operators, to actually define the terms of the battlefield, because it's their products that are being used to do some of this work. Related: Full Sail University to Open IBM Cyber Defense Range Powered by AWS and Cloud Range on Campus That's not to say AI is the only thing that hackers are using or the only thing that they need, but it is increasingly going to be part of the initial phase of an attack to use AI to figure out if your target has any vulnerabilities. And so it's incumbent on the vendors to do as much as they can to prevent their tools from being weaponized in a way that really isn't true with a lot of other technology out there (with the exception of pen-testing software where we know that hackers use things like Mimikatz for attacks). This is a totally different ballgame and the government is entirely dependent on the vendors to not only make products that are not capable of being weaponized, but also to proactively share with the government what they're finding and what their partners are finding with these tools. You know, we're going to talk about Project Glasswing , and what I'll be looking for there is, as companies use Mythos and discover vulnerabilities, what is the tempo of information-sharing with federal agencies like CISA? Is there something formally in place that says, when a Glasswing partner finds a vulnerability, does it have to tell CISA? I don't think so. So we're really seeing an environment where these relationships haven't been well defined, and how quickly that stuff gets ironed out is gonna go a long way toward answering the question of how rocky are the next few years are going to be, to prevent weaponization of these tools. DR’s Becky Bracken: You are, Eric, the person that I look to to read the Washington, D.C., tea leaves about what's going on in cyber. So, what's your analysis of where we are? The executive branch has been very clear that they want AI to run rampant and do nothing to hamper any kind of innovation. How do you see this playing out in, let's say the next six months? I think that's a pretty long runway in the AI. CD’s Eric Geller: I mean, I do think that there's no real appetite in Washington to regulate what a company like Anthropic can do, in part because how would you define the boundaries of the regulation ? How would you define safe behavior and unsafe behavior, safe coding and unsafe coding? I mean, if you define it based on the output, i.e., can this tool help a hacker find a vulnerability, then you're going to be prohibiting a lot of behavior that we actually want to see because any tool that can help a hacker find a vulnerability can also help a defender find a vulnerability — the technology is agnostic. There's no way to create an AI model that checks who you are, peers into your soul and based on that decides whether it's going to tell you about a CVE in an Internet-facing network appliance or what have you. That would be what we would want in a fantasy world, but that doesn't exist. So, you can't regulate the problem out of existence. That's not to say you can't have any regulation. I'm not taking a stance here, but the idea that you can solve this particular problem through a regulatory framework, it's not like environmental pollution. You can't say only do the good things and don't do the bad things. That's not how the technology works. And I think you see policymakers recognizing that. In the absence of a regulatory answer, the next best option is close conversations and coll