In May 2017 I was running an antivirus lab, and I remember the days of the WannaCry outbreak well. In a matter of hours the worm hit hundreds of thousands of computers worldwide, with damages estimated in the billions of dollars. We worked around the clock.
What made this case famous is that the “patch to mass exploitation” window was just 59 days. From the moment the exploit information was published, companies and organizations had a month to prepare, and that turned out not to be enough. A vivid reminder that security isn’t only about tools; it’s also about processes, people, and procedures.
I thought back to that story when I started digging into the news about Claude Mythos. Not because I expect a direct WannaCry replay, but because the same question comes up again: what happens when the pace at which new threats appear starts to outrun the industry’s ability to react.
In April Anthropic announced a preview of a model with sharply expanded abilities in finding new vulnerabilities and building exploits. According to the company, these cybersecurity capabilities are not the result of targeted training but a side effect of broader progress in code and reasoning. In their words, the model has already discovered thousands of 0-day vulnerabilities in critical software.
That’s a strong claim. But I’ve seen a similar story before, back in the mid-2010s during the next-gen antivirus wave: behind the loud promises there was often far less that was genuinely new than the marketing suggested.
With Mythos the picture is more complex. There are positive signals from Anthropic’s well-known security partners with preview access, but those need to be adjusted for conflict of interest. Separately, there is an independent evaluation from the UK AI Security Institute: Mythos solves 73% of expert-level CTF tasks and was the first of the tested models to complete a 32-step simulated attack on a corporate network (in 3 out of 10 attempts). On top of that, the independent lab Vidoc Security Lab reproduced part of Anthropic’s findings using public models. That no longer looks like pure marketing, but it’s still too early to talk about real-world impact at scale.
In a previous post I wrote that I evaluate any new technology on two things: whether it has a genuine strong point, and how fast it is developing. With Mythos both signs seem to be starting to show. But that raises another question: what happens when access to such a technology is distributed unevenly?
Unequal access to defensive capabilities
When people talk about AI in cybersecurity, the conversation almost automatically drifts toward the asymmetry between attackers and defenders. Anthropic itself, in today’s post, frames things the same way, only with an emphasis on symmetry: attackers speed up, but defenders can scan their own code with the same frontier models before the attackers do. It’s a reasonable framing and a convenient public message.
What caught my attention in the Mythos news was a different angle: not the asymmetry between attack and defense, but the asymmetry inside the defender camp itself.
To give part of the industry time to assess the possible consequences and prepare, Anthropic, as part of its Project Glasswing initiative, has given preview access to a limited circle: AWS, Apple, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and roughly 40 other organizations.
These vendors got the model earlier than everyone else. Which means they start running their code through Mythos earlier, hunt for vulnerabilities earlier, and begin reshaping their secure development processes earlier. The head start here is not so much about “cleaner code” as about extra time to work through the findings. And the bottleneck in security, as WannaCry showed, is often precisely in the processes.
For now, this is Anthropic’s voluntary decision to cautiously restrict early access, and the logic behind it is understandable. But if this practice takes hold, and the same set of organizations, mostly from a single jurisdiction, keeps getting early access to new models, the next step may start being driven not only by companies but by regulators too.
This is not really about Mythos itself. Over time there will be more tools like it, from different vendors. What matters more is this: early access to powerful tools is almost always distributed unevenly, and with Mythos the consequences of that may become more visible than before.
Has this happened before?
One could argue that restricted access to critical technologies is nothing new.
The closest analogy is access to threat intelligence. Valuable TI feeds are also often distributed through closed memberships, filtered by trust, jurisdiction, and the ability to handle sensitive data. So the selection logic itself isn’t new to the industry.
This is an important parallel because Anthropic isn’t inventing a new regime. It’s transferring the existing logic of unequal access in the infosec industry from the level of information about attacks to the level of the tool that finds those attacks.
But Mythos has an important difference. TI feeds give early knowledge about what is already happening, whereas Mythos gives the ability to find what doesn’t exist yet. If finding vulnerabilities and crafting exploits is accelerating, many defensive processes simply can’t keep up.
What this means
I remember WannaCry not as a forecast of new epidemics but as a reminder of how slowly the industry reacts even when a patch already exists.
The industry has, of course, learned to work faster since then. But the pace of change has grown too. So the underlying principle hasn’t gone anywhere: even when the tools get stronger, the processes adapt more slowly.
In 2017 everyone was in roughly equal conditions: the patch came out two months before the outbreak, and still a huge number of organizations didn’t make it in time. Now imagine the same scenario in a world where one part of the industry has been living for months with access to a tool of this class, while another gets it only on the day of the broad release.
It’s too early to say that Mythos radically changes cybersecurity. But it is already an important signal: frontier AI models are changing not only the balance between offense and defense, but also the lineup within defense itself. And it’s this second shift, it seems to me, that is worth watching especially closely right now.