CURAATE

AI Still Can’t Defend Us. And Mythos Just Made That More Urgent.

Published on: 2026-05-09

Read time: 8 min read

Share this article

AI Still Can’t Defend Us. And Mythos Just Made That More Urgent.

Anthropic’s most powerful model can find decade-old vulnerabilities in hours.

The problem is AI defence still can’t keep up with AI offence — and that gap is widening.

What Mythos Actually Is

On April 7, 2026, Anthropic announced Claude Mythos Preview.

It is a limited-access AI model that the company describes as its most powerful to date. Notably, it is deemed too dangerous to release publicly.

The headline capability is cybersecurity.

Mythos can autonomously scan codebases, identify vulnerabilities, develop exploits, and patch weaknesses. It does this at a speed and scale no human security team can match.

The showcase examples are striking: a 17-year-old bug in FreeBSD that gives unauthenticated attackers full root access.

A 27-year-old vulnerability in OpenBSD.

Mozilla used a preview of the model to identify and patch 271 vulnerabilities in Firefox.

Rather than releasing Mythos publicly, Anthropic launched Project Glasswing.

This is a consortium of around 40 major companies including Amazon, Apple, Cisco, CrowdStrike, JPMorgan Chase, and Nvidia. They are using the model to harden their own defences before the wider world gets access to similar capabilities.

THE STATED GOAL:

  • Let defenders get ahead of the threat before attackers catch up.
  • Use Mythos to find and patch vulnerabilities at scale — proactively, not reactively.
  • Commit $100M in usage credits and $4M in direct donations to open source security.

It is, on paper, a genuinely thoughtful approach.

And yet, the problems with it are equally real.

The Attack-Defence Asymmetry Problem

Here’s what the Mythos announcement makes impossible to ignore: AI is dramatically better at attacking than it is at defending.

Finding a vulnerability is a fundamentally different problem to preventing one from being exploited.

Discovery is pattern recognition. This is something AI models are extraordinarily good at.

Defence is adaptive and contextual. It requires understanding not just what a system does, but every possible way it could be misused under adversarial pressure in real time.

That’s a much harder problem.

The World Economic Forum put it plainly in their analysis. Defensive AI capabilities are improving, but unevenly.

Offensive capabilities tend to spread more quickly once released. This creates a period of heightened risk before any new equilibrium is established.

The Cloud Security Alliance was more blunt.

They describe Mythos as collapsing the gap between vulnerability discovery and exploitation. These two events were previously distinct.

Now, they are effectively simultaneous. You find it, you exploit it, in the same motion.

“Mythos’ power eliminates time between vulnerability detection and vulnerability exploitation. Two previously distinct events are now effectively simultaneous.” — Cloud Security Alliance

AI Is Relentless in a Way Humans Never Were

One framing that keeps coming up from security professionals is the fatigue angle. It’s worth taking seriously.

Human attackers get tired. They lose interest. They move on to easier targets.

A human penetration tester probing a system for a weak spot will eventually stop.

An AI model will not.

It will probe continuously, at machine speed, across every surface simultaneously. It will never need to sleep or take a break.

This changes the threat model in a fundamental way.

Security has historically relied, at least partially, on resource asymmetry. There was an assumption that attackers cannot afford to push through multiple layers of protection for every single target.

AI removes that assumption.

With the right model, an attacker can pursue every target, at every layer, all the time.

And it lowers the barrier in another direction too.

Previously, sophisticated attacks required sophisticated attackers. They required people with deep technical knowledge, years of experience, and the ability to adapt their approach on the fly.

Mythos-class models give that capability to anyone with some technical background and the right access.

The pool of capable attackers just got a lot larger.

The Part Nobody Planned For: Mythos Got Leaked

Here is where the story takes a turn that feels almost too on-the-nose.

Anthropic announced Mythos with carefully controlled access, a thoughtful rollout plan, and a clear rationale for keeping it out of public hands.

Within days of the announcement, a small group of users in a private Discord had accessed the model without authorisation.

The access chain was predictable in retrospect.

One member of the group was a third-party contractor with Anthropic access.

They used previously leaked knowledge about Anthropic’s internal practices — knowledge obtained from an AI training startup called Mercor.

The group was able to guess where the model was hosted and access it directly.

At the time of reporting, the group had been using the model continuously since the announcement and still had access.

Let that sit for a moment.

The model deemed too dangerous to release publicly, designed specifically to find and exploit security vulnerabilities, was itself compromised.

It was compromised through a social engineering and insider access chain within days of its announcement.

If there is a more pointed illustration of the problem at hand, I haven’t seen it.

THE LEAK CHAIN:

  • A contractor with Anthropic access joins a private group
  • The group uses leaked knowledge about Anthropic’s infrastructure practices
  • They guess the model’s location and gain unauthorised access
  • They continue using it weeks after the initial breach, undetected

The Capability Is Jagged — And That Matters

One of the most interesting technical findings to come out of the post-Mythos analysis period is something researchers at AISLE have called the “jagged frontier” problem.

The finding: AI cybersecurity capability doesn’t scale smoothly with model size.

They took the specific vulnerabilities Anthropic showcased in the Mythos announcement, isolated the relevant code, and ran the same analysis through small, cheap, open-weights models.

Eight out of eight models detected the flagship FreeBSD exploit. This included one with only 3.6 billion parameters costing $0.11 per million tokens.

The implication is uncomfortable. The moat in AI cybersecurity is not the frontier model.

It’s the system around it. It's the security expertise embedded in the scaffold, the organisational knowledge, and the tooling that connects model capability to real-world context.

A small, cheap model with the right system can recover most of what a frontier model achieves on isolated vulnerability detection.

This matters for defence as much as it matters for offence.

It means that the threat is not contained to Mythos-level access. It’s distributed across the ecosystem of models already available.

The capability to find serious vulnerabilities autonomously is not gated behind a $100M compute budget and a controlled access program.

It is already out there.

What the Defenders Are Actually Up Against

The numbers are stark and they’re worth reading plainly.

  • 85% of senior security leaders using AI say their current cyber budget is insufficient to meet AI-enabled threats, according to an EY survey from March 2026
  • 87% of leaders identify AI-related vulnerabilities as the fastest-growing cyber risk, according to the World Economic Forum’s Global Cybersecurity Outlook 2026
  • More than 60% of organisations say geopolitical tensions have already affected their cybersecurity strategies
  • Planned cybersecurity spending increases of around 10% annually fall far short of what the threat now demands — Bain estimates some organisations may need to double their current security spend

And there is a human cost sitting behind those numbers that doesn’t get talked about enough.

Security teams are being asked to respond faster, to more vulnerabilities, across a larger attack surface, with budgets that haven’t kept pace.

The Cloud Security Alliance’s report warns directly about burnout and attrition as the likely outcome.

The people doing the defensive work are being ground down by a volume problem that AI offence is accelerating and AI defence hasn’t solved.

So What Actually Helps?

There’s a line from Bain’s analysis that I think is the most practically useful framing to come out of all of this:

“AI does not create new vulnerabilities, it exposes existing ones. Strong foundations provide significant protection against AI-enabled attacks.”

Which is to say: the answer to Mythos-class threats is not, primarily, a better AI defensive model.

It’s building the fundamentals that should have been in place already.

Patch management. Access controls. Credential hygiene. Monitoring that catches anomalous behaviour before it becomes an incident.

The boring, unglamorous work of security operations that organisations have been deprioritising for years because it didn’t feel urgent.

It feels urgent now.

  • Treat patch velocity as a strategic priority, not a maintenance task — the window between discovery and exploitation has collapsed
  • Audit every AI tool connected to your internal systems and apply the same credential standards you’d apply to a human employee with the same access
  • Invest in detection and response capability, not just prevention — assume breach, plan for containment
  • Map your actual attack surface, not the theoretical one — know where your oldest code lives and who has access to it
  • Start using AI defensively now, before your threat actors are using it offensively against you at scale

The Honest Conclusion

Mythos is real. The capability it represents is real.

And the problem it has surfaced — that AI offence has pulled ahead of AI defence — is not going to be solved by one model, one consortium, or one announcement.

What Mythos has done is compress the timeline on a reckoning that was already coming.

The organisations that respond by treating cybersecurity as a board-level business risk, investing accordingly, and building the foundations that AI-enabled attacks will most reliably expose — those are the ones that will be standing on the other side of this.

The storm isn’t coming. It’s here.

The only question is whether your foundations are built to take it.

“The time between the public release of a new capability by an AI company and its weaponization by threat actors shrank dramatically in 2025. That trend will likely accelerate in 2026.” — Bain & Company

Thinking about your security posture in the age of AI?
At Curaate, we help engineering teams build with security as a foundation, not an afterthought. From architecture reviews to AI-first product development — we’ve been thinking through this alongside our clients since before it became a headline.
→ Let’s talk at curaate.com

Sources: Anthropic, Cloud Security Alliance, World Economic Forum, Bain & Company, AISLE, Bloomberg Law, Fortune, CBS News, CNBC, EY

AI Automation Agency

Ready to automate your business?

We build custom AI agents, automations, and integrations that save hours every week. Let's talk about what's possible for your team.