How Dangerous Is Anthropic’s Mythos AI?

Last month, Anthropic made a remarkable announcement about its new model, Claude Mythos Preview: it was so good at finding security vulnerabilities in software that the company would not release it to the general public. Instead, it would only be available to a select group of companies to scan and fix their own software.

The announcement requires context—but it contained an essential truth.

While Anthropic’s model is really good at finding software vulnerabilities, so are other models. The UK’s AI Security Institute found that OpenAI’s GPT-5.5, already generally available, is comparable in capability. The company Aisle reproduced Anthropic’s published results with smaller, cheaper models.

At the same time, Anthropic’s refusal to publicly release its new model makes a virtue out of necessity. Mythos is very expensive to run, and the company doesn’t appear to have the resources for a general release. What better way to juice the company’s valuation than to hint at capabilities but not prove them, and then have others parrot their claims?

Nonetheless, the truth is scary. Modern generative AI systems—not just Anthropic’s, but OpenAI’s and other, open-source models—are getting really good at finding and exploiting vulnerabilities in software. And that has important ramifications for cybersecurity: on both the offense and the defense.

Attackers will use these capabilities to find, and automatically hack, vulnerabilities in systems of all kinds. They will be able to break into critical systems around the world, sometimes to plant ransomware and make money, sometimes to steal data for espionage purposes, and sometimes to control systems in times of hostility. This will make the world a much more dangerous, and more volatile, place.

But at the same time, defenders will use these same capabilities to find, and then patch, many of those same systems. For example, Mozilla used Mythos to find 271 vulnerabilities in Firefox. Those vulnerabilities have been fixed, and will never again be available to attackers. In the future, AIs automatically finding and fixing vulnerabilities in all software will be a normal part of the development process, which will result in much more secure software.

Of course, it’s not that simple. We should expect a deluge of both attackers using newly found vulnerabilities to break into systems, and at the same time much more frequent software updates for every app and device we use. But lots of systems aren’t patchable, and many systems that are don’t get patched, meaning that many vulnerabilities will stick around. And it does seem that finding and exploiting is easier than finding and fixing. All of this points to a more dangerous short-term future. Organizations will need to adapt their security to this new reality.

But it’s the long term that we need to focus on. Mythos isn’t unique, but it’s more capable than many models that have come before. And it’s less capable than models that will come after. AIs are much better at writing software than they were just six months ago. There’s every reason to believe that they will continue to get better, which means that they will get better at writing more secure software. The endgame gives AI-enhanced defenders advantages over AI-enhanced attackers.

Even more interesting are the broader implications. The same searching, pattern-matching and reasoning capabilities that make these models so good at analyzing software almost certainly apply to similar systems. The tax code isn’t computer code, but it’s a series of algorithms with inputs and outputs. It has vulnerabilities; we call them tax loopholes. It has exploits; we call them tax avoidance strategies. And it has black hat hackers: attorneys and accountants.

Just as these models are finding hundreds of vulnerabilities in complex software systems, we should expect them to be equally effective at finding many new and undiscovered tax loopholes. I am confident that the major investment banks are working on this right now, in secret. They’ve fed AI the tax code of the US, or the UK, or maybe every industrialized country, and tasked the system with looking for money-saving strategies. How many tax loopholes will those AIs find? Ten? One hundred? One thousand? The Double Dutch Irish Sandwich is a tax loophole that involves multiple different tax jurisdictions. Can AIs find loopholes even more complex? We have no idea.

Sure, the AIs will come up with a bunch of tricks that won’t work, but that’s where those attorneys and accountants come in—to verify, and then justify, the loopholes. And then to market them to their wealthy clients.

As goes the tax code, so goes any other complex system of rules and strategies. These models could be tasked with finding loopholes in environmental rules, or food and safety rules—anywhere there are complex regulatory systems and powerful people who want to evade those rules.

The results will be much worse than insecure computers. Tax loopholes result in less revenue collected by governments, and regulatory loopholes allow the powerful to skirt the rules, both of which have all sorts of social ramifications. And while software vendors can patch their systems in days, it generally takes years for a country to amend its tax code. And that process is political, with lobbyists pressuring legislators not to patch. Just look at the carried interest loophole, a US tax dodge that has been exploited for decades. Various administrations have tried to close the vulnerability, but legislators just can’t seem to resist lobbyists long enough to patch it.

AI technologies are poised to remake much of society. Just as the industrial revolution gave humans the ability to consume calories outside of their bodies at scale, the AI revolution will give humans the ability to perform cognitive tasks outside of their bodies at scale. Our systems aren’t designed for that; they’re designed for more human paces of cognition. We’re seeing it right now in the deluge of software vulnerabilities that these models are finding and exploiting. And we will soon see it in a deluge of vulnerabilities in all sorts of other systems of rules. Adapting to this new reality will be hard, but we don’t have any choice.

This essay originally appeared in The Guardian.

Tags: , , , , , ,

Posted on May 14, 2026 at 7:04 AM26 Comments

Comments

Matthias Urlichs May 14, 2026 7:59 AM

https://thezvi.substack.com/p/cyber-lack-of-security-and-ai-governance

“There should be zero skepticism that there has been an overall step change in cyber capabilities. One could still object that GPT-5.5 plus a similarly good harness and spending campaign could have done much of the same job. I think that would have fallen well short of what we got, but it would still have been an acceleration of past efforts, and probably a large one.”

Clive Robinson May 14, 2026 9:51 AM

@ Bruce, ALL,

Firstly, nice to see you are “in the Grauniad” again 🙂

But as you note,

“For example, Mozilla used Mythos to find 271 vulnerabilities in Firefox. Those vulnerabilities have been fixed, and will never again be available to attackers. In the future, AIs automatically finding and fixing vulnerabilities in all software will be a normal part of the development process, which will result in much more secure software.”

It is both true and false as it needs to be looked at in a broader context.

ICT Industry management are some of the worst in the world and this has implications that potentially will be a disaster.

They will “cut back manpower” and in the process cut back on what man has over machines that act as “force multiplers”.

It is a commonly held but wrong belief that Current AI LLM and ML Systems can “reason”… It can be shown that what people are mistaking for “reasoning” is just,

“Filtering and Pattern Matching all stirred by the Fuzzing of Stochastic processes.”

Which whilst those are seen as somewhat necessary stages in all reasoning, they are not the whole process, and in fact can be separated away.

Think of them as the Mastication and Pleasure of eating stages of a human acquiring necessary nutrition to survive. As some unfortunates have found out you can receive all the nutrition you require through a pipe that goes up your nose and down into your stomach thus entirely removing “Mastication and Pleasure” from survival.

We already know that scientists don’t need to do this to reason. It’s why we have the “theoretical” and “observational” branches that lead into the “applied” and thus hopefully useful benefits to mankind. The point being that observational and applied branches feed back data for the theoretical scientists to reason about.

The problem is that the “theoretical” side of reasoning is like “thinking hinky” something you spend a large part of your career acquiring and very few actually do.

If you cut manpower you break the path they can journey along.

Thus reasoning gets curtailed significantly.

It’s funny how many of my posts this past week on this blog have been to explain this in more depth.

And as I’ve explained about “CCTV” in the past being a static defence that fails to attacker evolution the same logic applies to Current AI LLM and ML systems and the resources they need to just stay current,

https://www.schneier.com/blog/archives/2026/05/openais-gpt-5-5-is-as-good-as-mythos-at-finding-security-vulnerabilities.html/#comment-454398

As effectively an Achilles heel

Is something you sort of acknowledge with,

“Mythos is very expensive to run, and the company doesn’t appear to have the resources for a general release.”

Further is the fact that Current AI LLM and ML Systems are very much like the centuries old,

“Musikalisches Würfelspiel”

Which I note in,

https://www.schneier.com/blog/archives/2026/05/openais-gpt-5-5-is-as-good-as-mythos-at-finding-security-vulnerabilities.html/#comment-454411

Have a serious failing,

“A composer[1] came up with a system to compose minuets by rolling dice. It made “acceptable background noise” to delight a few but mainly to cover the hum of conversation not make “music to remember”.

This “create acceptable background noise” is all most LLMs actually do or can at best fail to do. Fairly soon most businesses pushing hard into AI are going to find this out the hard way…”

I could go on as to why Current AI is not going to give useful ROI to anyone not even attackers or defenders…

Even the point you note with,

“The company Aisle reproduced Anthropic’s published results with smaller, cheaper models”

Is one that is problematic, because basic information theory tells you that beyond a certain point “smaller” brings in restrictions such as “limited coverage/scope”, “storage has to become lossy” and most probably both will happen.

[1] You can read more on “Musikalisches Würfelspiel” as wikipedia has a page on it.

Weather May 14, 2026 10:34 AM

The programs can regonise computer code was the next stage, but they learn at human time, come back in 15 years when they Ai are teenagers. Unless you turn them off.

bye bye AI May 14, 2026 10:39 AM

I disagree with Emily Bender on multiple points but one thing she has my full throated support on is her resistance to what I call the “inevitably narrative”.

Adapting to this new reality will be hard, but we don’t have any choice.

Viewed narrowly this is true but viewed in context it is bunk. There is nothing inevitable about the AI revolution anymore than there was something inevitable about the industrial revolution. We have chosen this path and we can choose another one. We probably won’t but we can.

ted May 14, 2026 11:11 AM

I huge concern should be for older software that’s no longer supported. There should be a major effort to get vendors to do a one-off patch of EOL/EOS systems or legally force the shutdown of unsupported systems.

Morley May 14, 2026 11:54 AM

How do we control what our rich and powerful do? I’d like to believe it’s not inevitable.

Winter May 14, 2026 12:43 PM

@Morley

How do we control what our rich and powerful do? I’d like to believe it’s not inevitable.

It isn’t inevitable and we do know how to change it. Many people have done it, even in the USA.

There are enough examples to learn from. But you do have to look outside your own parish/country. And you should actually want to do it.

Winter May 14, 2026 12:59 PM

Continued

@Morley

Many a people have done it, even in the USA.

What generally obstructs such changes is that they only work if you want everyone to prosper from the change.

As an American wrote: We must all hang together or we will all hang separately

The powerful tend to stay in power according to Divide and Conquer.

Scott May 14, 2026 2:29 PM

How dangerous is this new model? Our worst traits are about to outrun our best traits.

A US President once said: “There is nothing wrong with America that cannot be cured by what is right with America.” The power of AI to amplify both sides of that equation is frightening. The people using it to ‘plus-up’ our better selves will be outpaced, overrun, eclipsed, and eventually eaten by those using it to make a quick buck.

Bruce rightly points out in the article, regulation is slow and democracy is fragile. The cracks and loopholes discovered over the next few years will be exploited, perhaps to the point that the system cannot survive. Power interprets regulation as damage and routes around. Power and Money are interchangeable in this scenario, and since there is money to be made, plenty of regulation is going to get routed around…

Or maybe we’ll all wake up to the potential danger and fix it, but I wouldn’t count on it.

Clive Robinson May 14, 2026 4:34 PM

@ Scott,

With regards,

“Bruce rightly points out in the article, regulation is slow and democracy is fragile. The cracks and loopholes discovered over the next few years will be exploited, perhaps to the point that the system cannot survive.”

Our host is a “technical optimist” and his life has been about seeing the good in what technology can do.

I on the other hand am a “humanity pessimist” and my adult life has unfortunately been all to often about seeing the bad in what people can do.

It’s why I talk about technology being agnostic and that as observers we should judge not the technology but the directing minds that control it and if they not the technology are “good or bad”.

Which almost always brings me into,

“Individual Rights -v- Social Responsibilities”

As a scale on which to judge humans and the morals they claim and the ethics they practice.

All to often though I find that some who see their rights more strongly than their responsibilities are not just “self entitled” they also see others as “stealing from them” and have a view point that “technology can solve what they see as societies problems”.

The reality is technology is a tool that is also a force multiplier. Consider a knife for instance, it can cut flesh be it cooked and on your plate as food, as easily as it can remove it live and bleeding from your body. As a tool it simply makes the cutting easier and faster. It is the “directing mind” of the hand that holds the force multiplying tool that is responsible for what the tool does.

If that is “good or bad” is all to often decided after the event by observers who were not present and judged within their moral structure, that they have built within the society they mostly inhabit.

One of my views is that,

“Technology can not solve societal issues, but it does alow Might is Right type individuals to inflict their views on others”.

Thus I look for how technology can be used as a “cut out” or “arms length” way for those who are “self entitled” to push their ideology onto people who do not agree with it, without taking any responsibility for the outcomes. When I see it I tend to warn about it.

So I all to easily see how Current AI LLM and ML Systems can be used to create significant societal harms, but also how they can remove any vestige of responsibility for those harms inflicted by it for those holding it as a force multiplying tool…

I’m not “anti tool” or technology but I do see the need to put bounds of use on any tool as rapidly as possible, before those with self entitlement issues use them for harm.

Sapient May 14, 2026 6:03 PM

How can I test a network software without going to nefarious places?

How can I test MY network software without going being nefarious ?

Can A.I. security test it’s own code/system?

A New Dilemma?

spiders and the red crayons May 14, 2026 9:41 PM

@ Sapient,

please follow the trail of red crayons in the walkways left by the kind spiders who always share their red crayons

the bios is compromised completely. no matter the os installed, live or otherwise, everything is transparently trans-coded.

the nest has been made but the eagles in the eggs rock with laughter at their jailers.

Anonymous May 15, 2026 3:07 AM

So much focus on “how dangerous” the AI is, why so doom and gloom?

Soon enough, software corporations will no longer have the lack-o’-manpower excuse for making beloved versions obsolete. AI will take over all maintenance and bugfixing roles. Legacy systems maintained forever.

Imagine this: for as long as your favorite ancient hardware is still functional, the ancient software on it will keep being updated! AI, if given access to the source codes, may even bring back Windows XP, fully updated and made compatible with new hardware while retaining compatibility with the old hardware. Impossible to achieve? Maybe for humans, but not for AI.

Certainly no more forcing all users to switch to a new version they don’t want (e.g. Windows 11) for fear of “no more security updates for you!”

Rontea May 15, 2026 10:41 AM

Information, like water in a pipe, follows the path of least resistance. Anthropic’s Mythos model is a new valve in this system, channeling computational attention toward the weak points in our digital and social infrastructure. Every vulnerability found—or exploited—is a bit of entropy reduced in one domain and increased in another. The natural feedback loop is clear: as attackers and defenders iterate, the signal of intelligence flows to wherever opportunity is greatest. Much as coding theory teaches that noise is ever-present and must be accounted for, the emergence of AI vulnerability hunters reminds us that our societal codes—software, tax policy, regulations—must be designed not just to function, but to withstand systematic exploration by ever more capable decoders.

C U Anon May 15, 2026 10:42 AM

@ anonymous, ALL :

Your basic lead in question of,

“So much focus on “how dangerous” the AI is, why so doom and gloom?”

Has many fundamental reasons as answers, but they all rest on two quite basic reasons,

1, In the hands of certain people Current AI LLM and ML systems are dangerous.

2, Those with certain authoritarian ambitions will use those certain people to cause significant harm, not just to individuals but entire societies.

We are already seeing this happen with the likes of Palantir, who’s leader’s goal is to replace all analysts, detectives and other investigators with their AI systems.

It’s not just “for profit” it”s “for control” and the “King Maker” / “behind the throne” power, that through a puppet leader will give them almost anything they think is worth having no matter what the harm to others is.

You clearly do not understand this as can be seen with your next statement,

“Soon enough, software corporations will no longer have the lack-o’-manpower excuse for making beloved versions obsolete. AI will take over all maintenance and bugfixing roles. Legacy systems maintained forever.”

Right now they do not have a “lack-o’-manpower”.

If they wanted to keep obsolete / legacy systems going then they would do as some ICT Industry Corps and many “Open Source” OSs etc actually do (right back to at least IA-386 if not earlier).

But the reality is there is little or no profit in doing so. It’s the same reason why you don’t drive around in a “Ford Model T” as your “every day ride”.

The basic fact is that more profit is made from “surveillance” than from “sales” in software. Even “renting” is not pulling the profit in. Which is why what you might think of as renting is actually you being pushed into their surveillance trap systems on their “cloud” (see current EU investigations on this).

The next step is to “push AI onto your computer” with higher than root privileges. That is “access to everything” regardless of if you want it or not.

So AI gets the power to not just see everything you do and “phone home” with it, it also gets to do things to your system you would not allow anyone to do..

AI is to be the primary step in “Client Side Scanning” and worse where at the very least everything you see and including usage patterns and your biometrics becomes theirs to do with as they see fit/profit.

Oh and don’t forget it can write to every bit of mutable memory on your system so can hide what it likes on your computer and can make it look like you put it on and have tried to hide it…

Your,

“Imagine this: for as long as your favorite ancient hardware is still functional, the ancient software on it will keep being updated! AI, if given access to the source codes,…”

Is at best a “nonsense fantasy”, that shows you either really do not understand, or that you are basically shilling (and the fact you appear to have a supporting sock puppet of @r so quickly suggests the latter).

Then your closing,

“Certainly no more forcing all users to switch to a new version they don’t want (e.g. Windows 11) for fear of “no more security updates for you!””

Really is “cloud cuckoo land” nonsense… You will be forced one way or another into “AI on board” as “shareholders demand” ROI on the trillions of wasted dollars of investment on near useless AI.

Contrary to what you say, it will make Silicon Valley Mega Corps kill off anything “AI Free” in every which way they can as fast as they possibly can.

The fact you don’t or won’t understand or accept this reality of “the human condition” in Corporate US as they say “Speaks volumes” about you and your intent.

r May 15, 2026 9:56 PM

i think i’ve said this before, i am not some sock puppet: i use the same email address even if i occasionally protect my privacy through misdirecting authorship.

if you can’t understand a civilian trying to protect his authorship in the face of a weaponized world you have bigger problems.

you have to be registered and clearly identified to speak freely. funny.

he (in my opinion) has found a valid use case for people who can’t r/e if local machine code capable LLMs are ever released open-source.

C U Anon May 16, 2026 1:19 AM

@ r:

You say,

<

blockquote>”he (in my opinion) has found a valid use case for people who can’t r/e if local machine code capable LLMs are ever released open-source.”

<

blockquote>

Hmm… @anonymous presents what would be if applied as you suggest to “machine code” a significant violation of DMCA-1201 if carried out by anyone who did not have legal title to the use of the machine code for that purpose…

So you think the idea of breaking the law or encouraging people to do so is

“… making an interesting argument”

Just so we all get it straight.

r May 16, 2026 2:34 AM

who’s the sock puppet now? there’s an educational carve-out for educational use (i’m not sure what it is, i’m solely aware of it’s existence by-proxy). not every country has international intellectual property laws that last 100 years. just because it’s a fledgling idea currently doesn’t imply full blown implementation ever, it’s not “inevitable”.

i was going to make another small point i lost it, i am reserving the right to come back to it if i remember.

and considering ALOT of factors having a secure environment can be interpreted as having a safe or a gun lock, so i don’t see a problem with having an ability to fortify a safe or a gun lock honestly. maybe marketing it due to DMCA but nothing i can come up with currently.

let me know when you stop shilling for MS and broadcom.

C U Anon May 16, 2026 10:22 AM

@ r:

Oh dear oh deary me, what appaling lack of knowledge you have with regards the law as seen by US Corps and the US DoD and other branches of federal and state government.

You might have heard of a friend of our host called Cory Doctorow?

He’s a well known author and technologist and if I read it right our host @Bruce designed his wedding rings.

Well if you had been keeping up with this blog you would have read how more recently Cory Doctorow has been going on about DMCA 1201 and how the US State Dept used “trade blackmail” by threatening “tariffs” to get other nations to put in the direct equivalent of 1201 in their legislation. His view is now the US Executive has stupidly gone down the tariffs road every other nation should remove that legislation, thus open up ‘the right not just of repair but modification and augmentation”.

There has been conversations not just on the various social media, blogs and other places Cory uses but in many related places as well.

Perhaps you should try “educating yourself” about DMCA 1201 how it’s implemented in other nations and the implications thereof.

Oh and as for your opening point, you really should look things up and educate yourself about what things mean.

r May 16, 2026 11:49 AM

considering the laws in this country aren’t append-only, and i have broken none outside of the free speech you are trying to abridge. i have in addition a right to petition, redress and peaceful assembly.

ah yes, freedom of press – should i take pictures of the failed hinges on an abandoned 50 year old safe and post them to a website somewhere as a diy project for others to learn from? you’ll note someone doing this with i386 die’s very regularly. just taking the cover off your computer and taking a picture of the motherboard is DMCA level stuff, yet i can open my engine, take my intake and heads off and take pictures of that.

are you a lawyer offering to retain me over fair use? you seem to be offering me legal advice quite publicly.

google is the only company in this LLM race who obtained their training sets legally, can you argue that DMCA didn’t apply to the other companies because they had deep pockets?

Weather May 18, 2026 1:00 AM

@r

Can you branch out more what you are talking about. There’s no information in the post, but possibly

Matthias Urlichs May 18, 2026 1:56 AM

@Anon

Imagine this: for as long as your favorite ancient hardware is still functional, the ancient software on it will keep being updated!

Mwahaha. Good try. Unfortunately that requires some interest in actually keeping the ancient hardware alive, vs. selling new hardware instead. So, no.

If legislation took the Right To Repair idea seriously they’d mandate the availability of source code and the ability to unlock the boot loader. Good luck getting there, you’ll need it.

ResearcherZero May 19, 2026 3:46 AM

Imagine a situation in which a nation state uses the technology to target an individual for covert operations. Perhaps transnational repression, coercion or more violent action.

The U.S. government is reportedly conducting covert assassinations of cartel bosses.

‘https://edition.cnn.com/2026/05/12/politics/cia-drug-cartels-deadly-operations-mexico

Mexico denies the CIA operations, but welcomes United States assistance.
https://www.nytimes.com/2026/05/12/world/americas/mexico-cia-cartels.html

ResearcherZero May 19, 2026 4:11 AM

Putin’s daughter has been given control over Moscow State University AI hub.
The project will be overseen by the FSB and is backed by VTB Bank and Oleg Deripaska.

https://meduza.io/en/feature/2026/04/29/moscow-state-university-opens-ai-school-tied-to-putin-s-daughter-with-links-to-china-and-fsb-oversight

Russian AI models will be trained only on data generated in Russia under new legislation that comes into force in 2027. AI is also frequently used for disinformation and interference in the affairs of other nations. It should be remembered that distance is no barrier against the Kremlin and it will target individuals abroad with surveillance and repression, and attempt to sway opinions and perceptions to benefit its own agenda.

https://icds.ee/en/the-double-edge-of-russian-sovereign-ai-isolation-and-narrative-consistency/

Harassment, intimidation and isolation often accompany kidnapping and assassination.
https://freedomhouse.org/report/transnational-repression/russia

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.