AI like Mythos is compressing the gap between ‘good enough’ and ‘dangerously exposed’ — and organisations that delay cyber hygiene and investment are choosing to sit on the wrong side of that line.

The Background: Why Claude Mythos Preview Set Off Alarm Bells

In early April 2026, Anthropic announced that it had built a new AI model - Claude Mythos Preview - that was too powerful to release to the public because of its ability to discover and exploit serious software vulnerabilities automatically, drastically increasing the risk of zero-day exploits (in cyberspeak, meaning there are zero days to fix the flaw before a hack). 

Anthropic claimed Mythos had already found thousands of high‑severity vulnerabilities, including longstanding flaws across every major operating system and web browser. Some bugs were said to be decades old and had survived years of human inspection. 

Rather than release the model to the public, Anthropic created Project Glasswing, a tightly controlled programme giving access only to selected technology companies, security firms, and infrastructure maintainers. The stated goal was defensive: find and fix vulnerabilities before similar tools become widely available. 

What made this explosive was not just the claims themselves, but the implication: AI and agentic AI may have crossed a threshold where it can independently carry out complex cyberattacks, not just assist humans with bits and pieces.

How Governments, Regulators, and Markets Reacted

Financial Regulators Moved First

Within days of Anthropic’s announcement, senior financial authorities in both the UK and the US reacted. In Britain, officials from the Bank of England, the Financial Conduct Authority, HM Treasury, and the National Cyber Security Centre began urgent discussions about risks to banks and market infrastructure. 

In the US, Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell reportedly summoned major bank chiefs to emergency meetings to discuss the implications of Mythos for financial system security. 

This was striking: central banks do not usually convene emergency discussions because of a single AI model.

Market and Expert Opinion Split Sharply

Reactions elsewhere were divided.

Supporters said Anthropic was being unusually responsible - building something powerful, then restricting it, and warning the world early. 

Critics and sceptics accused the company of hype and fear‑based marketing, arguing that bug‑finding at scale had been improving steadily anyway, and this was another of those grandiose claims relying on hype and using fear for effect. Some compared Anthropic's announcement to OpenAI's GPT-2 launch in 2019, when GPT-2 was claimed to be too powerful for general release at that point.

One of the “godfathers” of AI, Yann LeCun, dismissed the reaction as “drama,” arguing that similar results could be achieved with smaller or cheaper models and that the claims were being overstated.

Despite the disagreement, one thing was clear: governments thought they needed independent verification.

Why the AI Security Institute was Involved

The AI Security Institute (AISI) is a UK government body set up to evaluate risks from advanced AI systems. It was given early access to Claude Mythos Preview.

Its task was not to judge Anthropic’s motives, but to answer a simple question: does Mythos actually represent a meaningful step change in AI cyber capabilities, and if so, where exactly is the risk? 

AISI had an advantage here. It has been running the same cyber‑skill tests on AI models since 2023, meaning it could compare Mythos with earlier systems on a like‑for‑like basis.

What the AISI Tested

AISI used two main types of evaluation.

Capture‑the‑Flag (CTF) Challenges (Basic to Expert Skills)

Capture‑the‑Flag tests are controlled hacking exercises. Models are asked to probe systems, find weaknesses, and retrieve hidden “flags.” These tests isolate individual skills like spotting bugs or crafting exploits. AISI tracks performance across difficulty levels - from beginner to expert.

“The Last Ones” (TLO): A Full Attack Simulation

Because real cyberattacks involve many steps chained together, AISI built a much harder process called “The Last Ones” (TLO) to test the capabilities of frontier AI models. This is a 32‑step simulation of a corporate network attack, covering everything from early reconnaissance to full system takeover. Human experts estimate it would take about 20 hours of focused work to complete manually.

What AISI Actually Found

On Basic and Expert Hacking Tasks

On standard CTF challenges, Mythos performed very well, but not wildly out of line with recent top‑tier models.  It completed about 85% of mid‑level tasks.

On expert‑level tasks - which no AI could solve before April 2025 - it succeeded 73% of the time. 

This confirmed that AI hacking skills overall have been steadily improving, and that Mythos is at the front, but not alone.

Where Mythos Stood Out: Chaining Attacks Together

The key difference appeared in long, multi‑step attacks.

Mythos became the first AI model to complete the entire 32‑step TLO simulation end‑to‑end. It did so in three out of 10 attempts, and across all runs it completed an average of 22 out of 32 steps, well ahead of previous models such as Anthropic's own Claude Opus 4.6.  This matters because chaining steps together is what makes cyberattacks dangerous in the real world.

Important Limits and Caveats

AISI was careful not to overstate the threat: 

1. the simulated networks were small and relatively weakly defended,
2. there were no active human defenders, intrusion detection systems, or real‑world defensive complexities, and
3. Mythos failed several times, even when close to success. Performance improved with more AI compute (computing power), but reliability remained an issue.

In short, Mythos is not yet a fully reliable autonomous hacker, but it is a powerful accelerator of cyber-threat when given the right access and prompts.

What This Means in Plain Terms

The Real Shift is Speed, Not Magic

AISI’s evaluation supports a middle position between hype and dismissal.  Mythos does not break cybersecurity overnight.  But it compresses timeframes dramatically. Tasks that took skilled humans days can now take hours.

This shortens the window between a flaw being discovered and exploited, which heavily favours attackers.

But Defensive Use Cuts Both Ways

Anthropic argues that Mythos can help defenders find and fix bugs first, and that is true in principle. But AISI and other experts warn that defenders must patch everything, while attackers only need one success. 

This asymmetry already exists, and AI appears to sharpen it.

Why This Evaluation Mattered

The AISI report (at https://www.aisi.gov.uk/blog/our-evaluation-of-claude-mythos-previews-cyber-capabilities) did three key things:

1. confirmed some of the substance behind the Anthropic claims - Mythos genuinely represents a step forward in autonomous cyber capability, against a steadily improved and improving competitive landscape,
2. debunked extreme fears - the model is not yet a push‑button cyber‑weapon.  The AISI tests ran in simplified environments: there were no active cybersecurity teams, no real-time monitoring or alerting, and no consequences for triggering cyberdefences.  We therefore cannot assume success against well‑defended organisations. But poorly secured systems are increasingly exposed, and
3. refocused the AI/cyber debate: the risk is less about rogue AI, and more about faster, cheaper, scalable exploitation of weak systems, of which there are too many, including mission-critical legacy systems in regulated industries like financial services.

For regulators and other organisations, this shifts attention away from science‑fiction scenarios and toward very practical questions: patching speed, basic cyber hygiene, and resilience.

What This Means in Practice

This is not about AI hysteria or Armageddon.  It is about the growing risk to organisations with unpatched systems, weak access controls, poor logging and monitoring and weak cyber governance.

The key takeaway is that cyber hygiene matters more than ever, relying on patch management, secure configurations, strong access controls, visibility and monitoring, and tested cybersecurity and resilience governance and procedures.