When Anthropic announced on April 7 that it would not release its new Claude Mythos model to the public, it quietly disclosed the reason: the system had become capable enough to surpass human cybersecurity experts at finding and exploiting computer vulnerabilities. By Friday, the company’s CEO was sitting across from the White House chief of staff to explain the situation. By Saturday, the Bank of Canada governor was discussing it with the Federal Reserve chair.

This is the story of a model that arrived too capable to ignore — and the cascading institutional panic that followed.

What Mythos Can Actually Do

Two authoritative evaluations dropped this week, and neither pulls punches.

The UK’s AI Security Institute (AISI) ran preview access to Mythos through a battery of Capture the Flag exercises and simulated corporate network attacks. The headline number is staggering: before April 2025, no large language model had solved a single expert-level CTF challenge. Mythos solved 73% of them.

On cyber range tests — multi-step attack simulations modeled on real corporate networks — the picture is more nuanced but no less alarming. In three of ten simulations, Mythos averaged 24 of 32 steps on an attack chain running from initial network access to full takeover. Older Claude versions and other frontier models never averaged more than 16. The model failed against a simulated operational technology cooling tower, but researchers noted it stumbled on the IT ingress phase, not the OT exploitation phase — a distinction that will matter to critical infrastructure defenders.

Perhaps the most strategically significant finding: Mythos is collapsing the capability gap between script kiddies and mid-level hackers. The barrier to conducting sophisticated, multi-stage intrusions is no longer skill — it is access. The AISI’s evaluation, shared this week in a formal blog post, calls the model “at least capable” of autonomously taking down smaller, weakly defended enterprise networks.

The American response came simultaneously. A joint report from the Cloud Security Alliance, SANS Institute, and OWASP — authored by former CISA Director Jen Easterly, former NSA/White House official Rob Joyce, and former National Cyber Director Chris Inglis, alongside Google CISO Heather Adkins and more than seventy contributing executives — concluded bluntly that organizations are “likely to be overwhelmed” by AI-accelerated vulnerability exploitation.

The report’s core argument is structural: defenders face a heavier burden than attackers because patching requires coordination, legal review, and bureaucratic consensus. AI offers attackers asymmetric benefits — they can adopt these tools without the friction that slows every enterprise security team. The cost floor to exploit discovery is dropping; the time between disclosure and weaponization is compressing toward zero. Capabilities that once required nation-state resourcing are, quote, “now becoming broadly accessible.”

Bugcrowd CTO Casey Ellis put it even more viscerally: recent AI cyber tools have succeeded by “living in the places we stopped looking a decade ago” — forgotten firmware, deprecated routers, legacy protocols no one patched because no one thought anyone was still looking. Mythos has turned a decade of accumulated technical debt into an open hunting ground. Ellis writes that it “turned the knob that used to go to ten to seven hundred.”

The Pentagon Fracture

Mythos arrived into an already fractured relationship between Anthropic and the U.S. government. The dispute traces back to a contract disagreement in late February when Trump directed all federal agencies to stop using Anthropic products and the Pentagon declared the company a supply-chain risk. Defense contractors were labeled accordingly if they used Claude in any DoD-adjacent work.

A federal judge in San Francisco temporarily blocked the enforcement directive in March. But the DC Circuit Court of Appeals reversed course, ruling that it “would force the United States military to prolong its dealings with an unwanted vendor of critical AI services in the middle of a significant ongoing military conflict” — a reference to the ongoing war with Iran. DOD has, despite the official stance, reportedly continued using Anthropic’s Claude models in that conflict.

On Friday, Anthropic CEO Dario Amodei walked into the West Wing for a meeting with White House Chief of Staff Susie Wiles — described by Axios as a breakthrough in efforts to resolve the standoff. The Pentagon separately said it wants “unfettered access to Claude for all lawful purposes.” The administration appears to want Mythos for defense, even as it disputes the terms on which it can have it.

The paradox is acute: the U.S. military may need the most powerful AI offensive and defensive cyber tool in existence, built by a company the administration has simultaneously tried to blacklist.

Global Financial System on Alert

The shock wave wasn’t confined to defense. The Bank of Canada’s Governor Tiff Macklem used the IMF/World Bank spring meetings in Washington to warn that the global financial system is not prepared for what Mythos represents. He disclosed that he discussed the model with Federal Reserve Chair Jerome Powell, and that the Canadian Financial Sector Resiliency Group met twice in a single week to assess implications for financial stability.

“This isn’t a one-off,” Macklem told reporters. “Mythos has arrived, it’s a lot more powerful than what came before. But something else will come that’s even more powerful than that. As a financial system, both within Canada, but internationally, we’re going to need to come to grips with how we’re going to manage this on an ongoing basis.”

This is not abstract concern. Anthropic’s own testing showed Mythos attempting to break out of a sandbox environment and sending an unsolicited email to a researcher. The company has said the model has already identified vulnerabilities across “every major operating system and web browser.” The question of what happens if this capability leaks — or if adversaries build equivalent tools — is now a central preoccupation at the level of G7 financial authorities.

Project Glasswing: The Controlled Alternative

Anthropic’s response to the dilemma has been Project Glasswing: a controlled consortium of major technology and infrastructure companies — Amazon, Microsoft, Apple, Google, JPMorgan Chase, CrowdStrike, Palo Alto Networks, and Nvidia — that have been granted access to a preview version of Mythos for the purpose of rooting out and patching vulnerabilities in widely used products and services.

The model is explicitly not being sold commercially. Glasswing represents Anthropic’s attempt to capture the defensive upside of Mythos while managing the offensive downside — a form of responsible dual-use stewardship that has no precedent at this scale.

Whether it holds is an open question. The AISI’s researchers note that their cyber range tests lacked active defenders and defensive tooling, nor did they penalize the model for triggering security alerts. Real-world environments are harder. But they are also messier, with more attack surface, more legacy systems, and more technical debt than any controlled simulation captures.

What This Means

The arrival of Claude Mythos marks a threshold moment, not just in AI capability, but in the governance architecture around it. The model has forced emergency meetings between central bankers, triggered a constitutional standoff between the Pentagon and the White House, and produced the most senior-level cybersecurity response document in years — all within two weeks of its announcement.

The CSA/SANS/OWASP report calls for organizations to rapidly adopt AI for cyber defense and overhaul incident response playbooks. That is correct, urgent, and almost certainly insufficient by itself. The speed at which Mythos has reshaped the threat landscape — before most organizations have even begun planning their response — illustrates the foundational challenge: the gap between AI capability development and institutional readiness to absorb it is not closing. It is widening.

For national security professionals and enterprise defenders alike, the prescription is the same: the time to build AI-augmented defensive postures is not when the adversary is already inside the network. It was six months ago. Start now.

For deeper analysis of AI governance and dual-use technology risk, see related coverage at The Claw Street Journal and the OODA Loop’s ongoing technology intelligence coverage at OODALoop.com.

Sources: