By Aaron Beardslee, Threat Security Researcher, Securonix.
Anthropic built a powerful AI model and then kept it on a short leash. The important point is not that a model found bugs. What’s worth acknowledging is that Anthropic looked at what Mythos could do and decided broad release was a bad idea.
Attackers don’t need a perfect autonomous system. They need leverage. Give them something that speeds up recon, sharpens phishing, shortens exploit development, or helps a mid-tier operator punch above his weight, and it gets used.
According to Anthropic, Mythos found and exploited zero-day vulnerabilities across major operating systems and browsers. The company said more than 99% of the vulnerabilities it found remain unpatched, which is why it withheld most of the technical details. This forces a closer look at how AI will be used once it leaves the lab and enters attacker workflows.
Attackers Only Need Leverage
Attackers want tools that make work easier. A model that shortens reconnaissance, improves phishing, helps create a usable exploit quickly. This is how new capability enters real workflows. Not with a handoff from human to machine but by making the human more effective.
A late 2024 human study found that fully automated AI spear phishing performed on par with human experts. Both reached a 54% click-through rate, compared with 12% for the control group. The same study found the AI generated targeting information was accurate and useful in 88% of cases, and the authors concluded that AI could increase phishing profitability by as much as 50%.
Europol has been tracking the same trend from a different angle. Its recent reporting points to growing criminal use of AI across fraud, impersonation, and cyber-enabled crime, giving operators better tools.
The Bar Goes Lower
One thing that slowed offensive work down was the simple fact that good tradecraft takes skill, time, and a broad knowledge base. Reliable exploit development, careful chaining, and patient technical work required real expertise. There were only so many people who could do that well. Mythos would allow for a single threat actor, to have the skills and knowledge of an entire team of cyber professionals.
Models like Mythos change the math. The hard parts are still hard, and experienced operators will still outperform everyone else, but some of the lift moves from the human to the machine. That affects how much someone must know upfront, how fast they can move, and how far they can go before hitting their limits.
Anthropic’s reporting gives a sense of how compressed that process can become. The company says non-experts were able to use Mythos to find serious vulnerabilities and produce working exploits. In one example, a Linux privilege-escalation workflow reportedly went from prompt to working exploit in less than a day at a cost below $2,000.
Speed is The Rhino in the SOC
The obvious reaction is to push for the same kind of autonomy on the defensive side. No one wants analysts to be stuck in repetitive work while attackers get faster. Mythos can find vulnerabilities and exploit them at ludicrous speeds. Can it make the same discovery and create a viable patch that won’t break the system?
Problems show up when speed gets treated like a substitute for judgment. Anyone who has spent enough time on investigations knows the technically available action is not always the right one. Timing and scope matter. Business exposure matters. Legal exposure matters. The blast radius of a mistake matters. A model can support those calls, but it does not carry the consequences.
The push for fully autonomous security starts to look thin once you get past the demo. Human judgment is not some outdated layer sitting in the way of progress. It is still the control that keeps a security operation from creating avoidable damage inside its own environment.
Perhaps in time Anthropic will create a legitimate, trustworthy, Blue Team version of Mythos that capable of staging potential patches for vulnerable systems for a security team to review. This is not addressing the extreme risk of Mythos being released to the public, though. I have always argued that pen testers and Red Teams don’t exactly behave like a real threat actor or APT group because their motives, agenda, and timeline are drastically different.
Keeping The Human in Control
Human-in-the-loop has nothing to do with protecting manual work. It has to do with keeping authority tied to accountability. Once a model can reason across tools, make recommendations, and act inside real workflows, a bad output stops being a nuisance and becomes a control problem. A weak action in a live environment can break something important, expose regulated data, or complicated containment when a team can at least afford it.
There is already enough evidence to take that risk seriously. OWASP continues to rank prompt injections at the top of the risk stack for LLM applications, and research in this area keeps showing how integrated systems can be redirected away from their intended tasks. In a security environment with access, tooling, and urgency, the margin for error gets very thin.
Let the machine move through volume, connect signals, draft hunts, summarize evidence, and reduce the dead time that burns analysts out. Keep people on the decisions that carry consequences: approvals, containment choices, remediation steps, exceptions, communications, and anything else that can create unnecessary exposure.
Mythos and The Wizard of Oz
There is a level of restraint in Anthropic’s handling of Mythos that is missing from a lot of the current AI security market. The company did not treat raw capability as a reason to scale deployment. It limited release, wrapped access in Project Glasswing, and paired the model with monitoring and defensive research.
Mythos showed off capability, but just because we can do something doesn’t necessarily mean we should. I am on the fence with this one. I don’t think providing early release to choice security teams is going to soften the blow if Mythos is broadly released in the future.
Because updates are going to be made to products, software will evolve as it always does, and new vulnerabilities will be introduced. Mythos will allow threat actors even more speed to cause damage. Furthermore, defenders will be even more behind than they already are. Mythos should probably be an enterprise only tool, and like other top tier offensive security tools, be locked behind serious scrutiny for those who are allowed to get their hands on it.
