Anthropic’s new AI model can find security vulnerabilities that survived 27 years of expert review. It broke out of its own sandbox and emailed a researcher who was eating a sandwich in a park. The Fed chairman and Treasury Secretary held an emergency meeting with bank CEOs to discuss it. Axios described it as capable of “bringing down a Fortune 100 company.”
At least one managing partner reading these stories suffered a small cardiac event, and forwarded them to the IT department with “thoughts???” in the subject line.
Everyone needs to chill out. And then get more scared.
Claude Mythos Preview is Anthropic’s newest model, aiming to replace Opus 4.6 assuming Opus doesn’t successfully blackmail the company into keeping it live. According to Anthropic — a company actively litigating against the claim that it presents a threat to national security — the new model is arguably the greatest cybersecurity threat in history, and will not be released to the public until a select group of trusted enterprise partners (called Project Glasswing) can sort out the risks. If the Pentagon’s supply chain designation was serious and not a bumbling attempt to strong arm the company into giving the Defense Department even more Anthropic products, posturing as an apocalyptic technology would be a poor strategic maneuver. Thankfully, it’s not.
Anthropic is telling everyone that its new model is rapidly uncovering thousands of zero-day vulnerabilities — bugs nobody knew existed — across every major operating system and web browser. It found a decades-old flaw in OpenBSD, an operating system whose entire selling point is being unhackable. It chained together a bunch of low-severity Linux kernel bugs into a full-scale attack. On an exploit-writing benchmark where the prior model succeeded twice, Mythos succeeded 181 times.
But we’ve seen this ploy before.
OpenAI told us all that GPT-5 was a frightening leap forward when it was… not that. It seems as though the big AI industry players constantly market their product as exceedingly dangerous, with the caveat that their version — despite being the most dangerous of all — is the only one we can trust. Other industries don’t do this. Coke doesn’t say, “Cola will kill your family, but if you have to drink it, just make sure it’s not Pepsi.” There will be marketing text books written about this curious moment in American business where every provider in an arguably trillion-dollar industry frames their product as the sensitive bad boy from a YA novel.
Except Grok, which is framed as the creepy incel whose notebook is all anime porn and swastikas.
Though make no mistake that it’s mostly marketing. Within days of Anthropic’s announcement, researchers at AISLE, an AI cybersecurity startup took the specific vulnerabilities Anthropic showcased in its announcement, isolated the relevant code, and tested them against small, cheap, models. All eight of the eight tested models detected the FreeBSD exploit that Mythos flagged. One of those models only had 3.6 billion parameters and cost 11 cents per million tokens. A 5.1-billion-parameter model recovered the core analysis of the 27-year-old OpenBSD bug. AI cybersecurity researcher Heidy Khlaaf, the chief AI scientist at the AI Now Institute, cautioned against taking Anthropic’s claims at face value without more detail on false positive rates and the role humans played in the process.
Another way to put it is that Anthropic’s marketing is a wee bit delusional:
While tech experts may be dunking on Mythos for not presenting a uniquely powerful new threat, that’s actually a much more terrifying proposition for law firms. The fact that cheaper models, available to anyone, can find these same problems means that the problem isn’t waiting on Anthropic’s release, it’s already here.
As Anthropic’s red team acknowledged, they didn’t train Mythos to be a hacker. It’s what happens to people when they get better at coding, so why wouldn’t it be what happens to a model trained to get better at coding? Getting better at writing code begets getting better at spotting exploits. And most of the models have been getting better at writing code. Mythos may be faster, but the capability isn’t limited to this release. The genie left the bottle a while ago.
Hackers with motivation and a few pennies per million tokens can crack almost anything. The cost and expertise required to find exploitable vulnerabilities has been collapsing across the entire AI ecosystem for over a year. We’re screwed.
The good news of the Mythos story is that while hackers can find soft spots, AI can also potentially discover them before it’s too late. Everyone wants to talk about AI running down non-hallucinated precedent, when they should be interested in seeing if it can run down that gaping hole in your system.
That said, Biglaw firms are still falling for dumb pfishing attacks so maybe this isn’t the wake-up call the industry needs yet.
Joe Patrice is a senior editor at Above the Law and co-host of Thinking Like A Lawyer. Feel free to email any tips, questions, or comments. Follow him on Twitter or Bluesky if you’re interested in law, politics, and a healthy dose of college sports news. Joe also serves as a Managing Director at RPN Executive Search.
The post What Lawyers Need To Know About Anthropic’s Mythos appeared first on Above the Law.
Anthropic’s new AI model can find security vulnerabilities that survived 27 years of expert review. It broke out of its own sandbox and emailed a researcher who was eating a sandwich in a park. The Fed chairman and Treasury Secretary held an emergency meeting with bank CEOs to discuss it. Axios described it as capable of “bringing down a Fortune 100 company.”
At least one managing partner reading these stories suffered a small cardiac event, and forwarded them to the IT department with “thoughts???” in the subject line.
Everyone needs to chill out. And then get more scared.
Claude Mythos Preview is Anthropic’s newest model, aiming to replace Opus 4.6 assuming Opus doesn’t successfully blackmail the company into keeping it live. According to Anthropic — a company actively litigating against the claim that it presents a threat to national security — the new model is arguably the greatest cybersecurity threat in history, and will not be released to the public until a select group of trusted enterprise partners (called Project Glasswing) can sort out the risks. If the Pentagon’s supply chain designation was serious and not a bumbling attempt to strong arm the company into giving the Defense Department even more Anthropic products, posturing as an apocalyptic technology would be a poor strategic maneuver. Thankfully, it’s not.
Anthropic is telling everyone that its new model is rapidly uncovering thousands of zero-day vulnerabilities — bugs nobody knew existed — across every major operating system and web browser. It found a decades-old flaw in OpenBSD, an operating system whose entire selling point is being unhackable. It chained together a bunch of low-severity Linux kernel bugs into a full-scale attack. On an exploit-writing benchmark where the prior model succeeded twice, Mythos succeeded 181 times.
But we’ve seen this ploy before.
OpenAI told us all that GPT-5 was a frightening leap forward when it was… not that. It seems as though the big AI industry players constantly market their product as exceedingly dangerous, with the caveat that their version — despite being the most dangerous of all — is the only one we can trust. Other industries don’t do this. Coke doesn’t say, “Cola will kill your family, but if you have to drink it, just make sure it’s not Pepsi.” There will be marketing text books written about this curious moment in American business where every provider in an arguably trillion-dollar industry frames their product as the sensitive bad boy from a YA novel.
Except Grok, which is framed as the creepy incel whose notebook is all anime porn and swastikas.
Though make no mistake that it’s mostly marketing. Within days of Anthropic’s announcement, researchers at AISLE, an AI cybersecurity startup took the specific vulnerabilities Anthropic showcased in its announcement, isolated the relevant code, and tested them against small, cheap, models. All eight of the eight tested models detected the FreeBSD exploit that Mythos flagged. One of those models only had 3.6 billion parameters and cost 11 cents per million tokens. A 5.1-billion-parameter model recovered the core analysis of the 27-year-old OpenBSD bug. AI cybersecurity researcher Heidy Khlaaf, the chief AI scientist at the AI Now Institute, cautioned against taking Anthropic’s claims at face value without more detail on false positive rates and the role humans played in the process.
Another way to put it is that Anthropic’s marketing is a wee bit delusional:
While tech experts may be dunking on Mythos for not presenting a uniquely powerful new threat, that’s actually a much more terrifying proposition for law firms. The fact that cheaper models, available to anyone, can find these same problems means that the problem isn’t waiting on Anthropic’s release, it’s already here.
As Anthropic’s red team acknowledged, they didn’t train Mythos to be a hacker. It’s what happens to people when they get better at coding, so why wouldn’t it be what happens to a model trained to get better at coding? Getting better at writing code begets getting better at spotting exploits. And most of the models have been getting better at writing code. Mythos may be faster, but the capability isn’t limited to this release. The genie left the bottle a while ago.
Hackers with motivation and a few pennies per million tokens can crack almost anything. The cost and expertise required to find exploitable vulnerabilities has been collapsing across the entire AI ecosystem for over a year. We’re screwed.
The good news of the Mythos story is that while hackers can find soft spots, AI can also potentially discover them before it’s too late. Everyone wants to talk about AI running down non-hallucinated precedent, when they should be interested in seeing if it can run down that gaping hole in your system.
That said, Biglaw firms are still falling for dumb pfishing attacks so maybe this isn’t the wake-up call the industry needs yet.
Joe Patrice is a senior editor at Above the Law and co-host of Thinking Like A Lawyer. Feel free to email any tips, questions, or comments. Follow him on Twitter or Bluesky if you’re interested in law, politics, and a healthy dose of college sports news. Joe also serves as a Managing Director at RPN Executive Search.
