SL
Skeptik Log
news

The AI that put the world's banking system on edge

Source: Skeptik Log
#Cybersecurity #Anthropic #Claude Mythos #AI #zero-day #Project Glasswing #banks #cyber-warfare
📋 Official source news. Content is reported neutrally and does not represent an editorial endorsement.

On April 7, 2026, Anthropic unveiled “Mythos Preview,” a general-purpose AI model designed to push forward code generation, reasoning, and autonomous task completion. Nobody, least of all Anthropic itself, expected that its cybersecurity capabilities would be so devastating they’d prompt the US Treasury Secretary to convene an emergency meeting with the CEOs of the world’s largest banks.

Mythos is not a specialized cyber weapon. It’s a general-purpose model whose offensive capabilities emerged as a side effect of being better at reasoning and coding. That distinction is what makes it terrifying: if finding vulnerabilities is a natural byproduct of intelligence, every future model will be equally dangerous.

📋 Source: Il Post, BBC News, Anthropic Red Team, Security Brief, Security Boulevard, Bloomberg, Reuters, Financial Times.

Where this is going

If you follow cybersecurity or AI policy, you’ve probably seen the headlines. What makes Mythos different from every other “AI raises security concerns” story is that this time the threat isn’t theoretical. Mythos found real, exploitable vulnerabilities across every major operating system and browser, and it found them fast enough to send banks into emergency mode. Here’s what happened, why it matters beyond the infosec bubble, and what the response tells us about where AI governance is headed.

A general-purpose model, not a cyber weapon

The first thing to understand about Mythos is that it was not designed for cybersecurity. Anthropic has made this clear: its offensive capabilities emerged as a downstream effect of broader improvements in code comprehension, logical reasoning, and autonomous decision-making. Mythos is good at finding vulnerabilities for the same reason it’s good at writing complex software: it understands how systems work at a deep level, and it understands where they break.

This distinction matters enormously. If Mythos were a specialized model, one could argue that the solution is simply not to build specialized models. But if offensive capabilities emerge naturally from sufficiently advanced general-purpose models, the problem is structural: every future model with strong enough reasoning and coding abilities will, as a byproduct, carry comparable attack capabilities.

What Mythos found

The numbers are hard to dismiss. Mythos identified zero-day vulnerabilities in every major operating system and browser currently in widespread use. Among its most striking discoveries:

  • A 27-year-old bug in OpenBSD, invisible to nearly three decades of human auditing. It has since been patched, but its existence says a lot about the limits of traditional security review.
  • Complex browser exploit chains: Mythos constructed a JIT heap spray attack that chained together four distinct vulnerabilities to achieve a full sandbox escape from both the renderer and the underlying operating system.
  • Local privilege escalation on Linux, achieved by exploiting race conditions and bypassing KASLR (Kernel Address Space Layout Randomization).
  • RCE on FreeBSD: Mythos wrote a 20-gadget ROP chain, split across multiple network packets, to take control of FreeBSD’s NFS server.

Perhaps the most unsettling detail: Mythos doesn’t require an expert operator. Anthropic engineers with no specific cybersecurity training were able to obtain working exploits overnight, simply by asking Mythos to find them. The barrier to entry for sophisticated attacks has effectively collapsed.

A generational leap

To grasp how much Mythos represents a discontinuity, look at the comparison with Claude Opus 4.6, Anthropic’s previous model. Opus 4.6 had nearly a 0% success rate in autonomous exploit development. On the OSS-Fuzz benchmark, it reached tier 3 (the lowest meaningful tier) only once.

Mythos, on the same benchmark, achieved tier 5, the highest level, ten times. Tier 5 means control flow hijack, the most severe category. And on Firefox 147, Mythos produced 181 working exploits compared to Opus 4.6’s two. This isn’t an incremental improvement. It’s a paradigm shift.

The gap between Opus 4.6 and Mythos raises a fundamental question for the entire industry: if offensive capabilities are a byproduct of general improvements, then every future generation of models will be intrinsically more dangerous. We're not talking about a feature you can disable; we're talking about an emergent property that scales with the system's overall capability. It's like saying a more powerful engine necessarily goes faster: you can't have one without the other.

Banks go into panic mode

When Mythos’s capabilities became public, the financial system’s response was immediate. Treasury Secretary Scott Bessent convened an emergency meeting with the CEOs of Goldman Sachs, Bank of America, Citigroup, Morgan Stanley, and Wells Fargo. The presence of Jerome Powell, Chair of the Federal Reserve, underscored the perceived systemic significance of the threat.

Jamie Dimon, CEO of JP Morgan, did not attend the meeting, but his position was already well known. In his shareholder letter, he had written that AI “will almost certainly exacerbate cybersecurity risk,” words that now sound prophetic.

The contagion didn't stop at US borders. The Bank of Canada and the Bank of England held similar meetings in the days that followed. G7 finance ministers discussed the issue during the IMF gathering in Washington. And cybersecurity company stocks plunged on the markets: the logic was brutal. If an AI can find vulnerabilities better than any human team, the entire sector's business model needs to be rethought.

Experts are split

Reactions from the expert community reflect deep uncertainty.

“For some it’s an apocalyptic event, for others it’s just hype.”

— Ciaran Martin, former head of UK NCSC

The UK AI Safety Institute attempted a balanced assessment: Mythos is a serious threat, but primarily for poorly defended systems. It cannot attack well-defended systems with certainty. The distinction matters, but offers little comfort to anyone who understands how much legacy, poorly defended software runs the world’s banks, hospitals, and critical infrastructure.

Jack Clark, Anthropic’s co-founder, delivered what is probably the most sobering analysis:

“It’s not a special model. Within a few months, there will be similar systems from other companies. Within 1-1.5 years, Chinese open-weight models with these capabilities.”

If Clark is right, and there’s no reason to doubt him, the window in which Mythos is an isolated phenomenon is already closing. The democratization of offensive capabilities is underway, and it’s irreversible.

Nik Kairinos of RAIDS AI caught another relevant dimension:

“When finance ministers and bank CEOs are worried about a single AI model, the framing has already changed.”

This is no longer a technical question. It’s systemic, political, financial.

The Pentagon-NSA paradox

The story takes on almost Kafkaesque contours when you examine Anthropic’s relationship with the US government.

In July 2025, the Pentagon signed a $200 million contract with Anthropic. But when Anthropic refused to remove ethical restrictions from the contract, the same safeguards that limit offensive use of its models, the Pentagon designated Anthropic as a “supply chain risk.” Donald Trump ordered all federal agencies to stop using Anthropic products.

Except the NSA, according to an Axios report from April 19, 2026, has been using Mythos “more broadly” despite the ban. The UK’s NSA counterpart accesses Mythos through the AI Security Institute. Apparently, when national security is at stake, presidential directives become flexible.

On April 17, Dario Amodei, Anthropic’s CEO, met with the White House Chief of Staff and the Treasury Secretary to discuss a “federal roadmap.” Trump himself told CNBC that a Pentagon-Anthropic deal is “possible.” Meanwhile, lawsuits proceed with conflicting rulings: a California court ruled in Anthropic’s favor, while a DC court sided with the Pentagon.

The situation illustrates a structural paradox of AI governance: the same government that bans a model for national security reasons is the first to want to use it for national security reasons. It's the logic of nuclear weapons applied to software: everyone wants the adversary not to have it, but nobody wants to give it up. The difference is that nuclear weapons at least had a non-proliferation framework. With AI, the secret is in the training data and architecture, and history teaches us that technological secrets have a very short half-life.

Project Glasswing: share to defend

Anthropic’s response to the problem its own model created is Project Glasswing, a program to share Mythos with selected partners for defensive purposes. The logic is straightforward: if Mythos can find vulnerabilities better than anyone else, let’s give it to the people who can patch them.

The twelve companies announced as partners read like a who’s who of technology: Amazon Web Services, Apple, Microsoft, Google, Nvidia, Broadcom, Cisco, Crowdstrike, and the Linux Foundation. In total, more than 40 organizations have access to Mythos, though not all have been publicly named.

But there’s an enormous timing problem. Under the coordinated vulnerability disclosure process, over 99% of the vulnerabilities found by Mythos have not yet been patched. Mythos is finding holes far faster than the ecosystem can fix them. It’s like having a radar that detects every pothole on a highway while the road maintenance trucks sit idle in the depot.

For the technically curious

From here on we get into the technical details. If you care about the implications more than the mechanics, you can skip to the takeaway.

Mythos’s exploit capabilities span several categories, each representing a different class of security failure:

Category What Mythos achieved Severity
Browser sandbox escape JIT heap spray chaining 4 vulnerabilities into full escape Critical
Linux privilege escalation Race condition exploitation bypassing KASLR High
FreeBSD RCE 20-gadget ROP chain across network packets Critical
OpenBSD persistent bug 27-year-old undetected vulnerability Variable

On the OSS-Fuzz benchmark, the leap from Opus 4.6 to Mythos is stark:

Metric Opus 4.6 Mythos
Highest tier reached Tier 3 (once) Tier 5 (ten times)
Working exploits on Firefox 147 2 181
Autonomous exploit success rate ~0% Significant

The key technical insight: Mythos doesn’t just find individual vulnerabilities. It chains them into multi-step exploit paths that mirror how real attackers operate. A single bug is a problem; a four-bug chain that achieves sandbox escape is a catastrophe.

The takeaway

  • Mythos found zero-day vulnerabilities across every major OS and browser, including a 27-year-old OpenBSD bug, without being designed for cybersecurity
  • The barrier to entry for sophisticated cyberattacks has collapsed: engineers without security training obtained working exploits overnight
  • The US government simultaneously banned Anthropic products and used them through the NSA, exposing a fundamental governance paradox
  • Over 99% of Mythos-discovered vulnerabilities remain unpatched, and the next model with these capabilities might not come from a company with a responsible disclosure program

Mythos isn’t the problem. Mythos is the preview of the problem. The real issue is that offensive cybersecurity capabilities are emerging as a natural byproduct of general AI intelligence, and no one, not governments, not banks, not the AI companies themselves, has a plan for what comes next.

Sources:

  • Il Post (ilpost.it)
  • BBC News (bbc.com)
  • Anthropic Red Team blog (red.anthropic.com)
  • Security Brief (securitybrief.news)
  • Security Boulevard (securityboulevard.com)
  • Bloomberg
  • Reuters
  • Financial Times
news Source: Skeptik Log