{"id":583359,"date":"2026-04-14T09:36:24","date_gmt":"2026-04-14T09:36:24","guid":{"rendered":"https:\/\/www.newsbeep.com\/us\/583359\/"},"modified":"2026-04-14T09:36:24","modified_gmt":"2026-04-14T09:36:24","slug":"cybersecurity-veteran-on-anthropics-mythos-weve-never-had-a-problem-finding-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/us\/583359\/","title":{"rendered":"Cybersecurity veteran on Anthropic\u2019s Mythos: \u2018We\u2019ve never had a problem finding vulnerabilities\u2019"},"content":{"rendered":"<p>Anthropic caused an industrywide <a aria-label=\"Go to https:\/\/fortune.com\/2026\/04\/07\/anthropic-claude-mythos-model-project-glasswing-cybersecurity\/\" href=\"https:\/\/fortune.com\/2026\/04\/07\/anthropic-claude-mythos-model-project-glasswing-cybersecurity\/\" rel=\"nofollow noopener\" target=\"_blank\">panic<\/a> last week when it announced Claude Mythos Preview, an AI model with a knack for uncovering high-level cybersecurity vulnerabilities.<\/p>\n<p>Among its achievements, the model found a now-patched weak spot in OpenBSD, an operating system known for its security, that Anthropic claimed went undiscovered <a aria-label=\"Go to https:\/\/red.anthropic.com\/2026\/mythos-preview\/\" href=\"https:\/\/red.anthropic.com\/2026\/mythos-preview\/\" rel=\"nofollow noopener\" target=\"_blank\">for 27 years<\/a>.\u00a0 <\/p>\n<p>It has also found \u201cthousands of additional high- and critical-severity vulnerabilities\u201d across open-source and closed-source programs, according to the company.<\/p>\n<p>Tech insiders and other experts subsequently freaked out over the potential for the large language model to upend cybersecurity, but\u00a0one 25-year industry veteran is skeptical.<\/p>\n<p>David Lindner, chief information security officer at Contrast Security, told Fortune that while Mythos may help find myriad problems, this isn\u2019t necessarily the most important issue.\u00a0<\/p>\n<p>\u201cWe\u2019ve never had a problem finding vulnerabilities. We find them every day. We actually have a pile of them that we just don\u2019t fix,\u201d he said. \u201cSo I don\u2019t think that really changes anything.\u201d<\/p>\n<p>Lindner pointed out that weak spots are easier to find than to fix, noting that Anthropic\u2019s <a aria-label=\"Go to https:\/\/red.anthropic.com\/2026\/mythos-preview\/\" href=\"https:\/\/red.anthropic.com\/2026\/mythos-preview\/\" rel=\"nofollow noopener\" target=\"_blank\">blog post<\/a> announcing Mythos stated over 99% of the vulnerabilities the model uncovered haven\u2019t been patched.<\/p>\n<p>More specifically, he said, Mythos does little to help solve one of the biggest issues facing cybersecurity experts: social engineering. Hackers can still use existing tools and AI to impersonate an employee\u2019s boss or an IT worker and gain access to systems, he argued.<\/p>\n<p>Anthropic has said Mythos is so powerful it won\u2019t be publicly released, and it is being made available only to a group of 40 organizations including tech companies such as <a aria-label=\"Go to https:\/\/fortune.com\/company\/microsoft\/\" target=\"_blank\" href=\"https:\/\/fortune.com\/company\/microsoft\/\" rel=\"nofollow noopener\">Microsoft<\/a>, <a aria-label=\"Go to https:\/\/fortune.com\/company\/apple\/\" target=\"_blank\" href=\"https:\/\/fortune.com\/company\/apple\/\" rel=\"nofollow noopener\">Apple<\/a>, and <a aria-label=\"Go to https:\/\/fortune.com\/company\/alphabet\/\" target=\"_blank\" href=\"https:\/\/fortune.com\/company\/alphabet\/\" rel=\"nofollow noopener\">Google<\/a>, as well as others like cybersecurity company CrowdStrike and bank <a aria-label=\"Go to https:\/\/fortune.com\/company\/jpmorgan-chase\/\" target=\"_blank\" href=\"https:\/\/fortune.com\/company\/jpmorgan-chase\/\" rel=\"nofollow noopener\">JPMorgan Chase<\/a> so they can use the technology to improve their own security infrastructure through an effort it called <a aria-label=\"Go to https:\/\/www.anthropic.com\/glasswing\" href=\"https:\/\/www.anthropic.com\/glasswing\" rel=\"nofollow noopener\" target=\"_blank\">Project Glasswing<\/a>.<\/p>\n<p>Because so many people have access to the model, Lindner also predicted it won\u2019t be kept a secret for long.<\/p>\n<p>\u201cEven if they, quote unquote, don\u2019t release it, China will have a version in five or six months, and there\u2019ll be an open-source version within a year or two,\u201d he said.<\/p>\n<p>Incidentally, Fortune was the <a aria-label=\"Go to https:\/\/fortune.com\/2026\/03\/26\/anthropic-leaked-unreleased-model-exclusive-event-security-issues-cybersecurity-unsecured-data-store\/\" href=\"https:\/\/fortune.com\/2026\/03\/26\/anthropic-leaked-unreleased-model-exclusive-event-security-issues-cybersecurity-unsecured-data-store\/\" rel=\"nofollow noopener\" target=\"_blank\">first to report<\/a> on the development of Mythos, thanks to a security lapse in which the company left details about the large language model in a publicly accessible database.\u00a0<\/p>\n<p>Meanwhile, venture capitalist Marc Andreessen has <a aria-label=\"Go to https:\/\/x.com\/pmarca\/status\/2042742413098450998\" href=\"https:\/\/x.com\/pmarca\/status\/2042742413098450998\" rel=\"nofollow\">raised questions<\/a> about whether Anthropic is really holding back the release of Mythos because of security concerns or because it lacks the compute to support a general rollout. Anthropic has faced frequent outages recently and has limited users\u2019 computing supply during peak times, the <a aria-label=\"Go to https:\/\/www.wsj.com\/tech\/ai\/ai-is-using-so-much-energy-that-computing-firepower-is-running-out-156e5c85\" href=\"https:\/\/www.wsj.com\/tech\/ai\/ai-is-using-so-much-energy-that-computing-firepower-is-running-out-156e5c85\" rel=\"nofollow noopener\" target=\"_blank\">Wall Street Journal<\/a> reported this weekend.\u00a0<\/p>\n<p>Still, other cybersecurity experts remain vigilant about Mythos and its potential to reshape cybersecurity. Zach Lewis, the chief information officer and chief information security officer at the University of Health Sciences and Pharmacy in St. Louis, told Fortune he is worried Mythos will make it that much easier for bad actors, even those with little coding experience, to exploit systems.\u00a0<\/p>\n<p>\u201cThreat actors don\u2019t even need to know about\u2014they don\u2019t need to have a background in\u2014coding or software design to understand how these systems work. They can deploy an agent that can do it for them,\u201d he said.\u00a0<\/p>\n<p>Part of the solution for organizations may lie in doubling down on the strategies that are already foiling hundreds if not thousands of exploit attempts per day, according to Lewis. <\/p>\n<p>This includes patching existing vulnerabilities and making sure that the permissions employees have are strictly limited so they can\u2019t be exploited.\u00a0<\/p>\n<p>\u201cYou\u2019ve got to get that stuff locked down,\u201d he said.<\/p>\n","protected":false},"excerpt":{"rendered":"Anthropic caused an industrywide panic last week when it announced Claude Mythos Preview, an AI model with a&hellip;\n","protected":false},"author":2,"featured_media":583360,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[184,28,34477,1283,28261,7270,172],"class_list":{"0":"post-583359","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"tag-anthropic","9":"tag-business","10":"tag-cyber","11":"tag-openai","12":"tag-programming","13":"tag-security","14":"tag-tech"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/posts\/583359","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/comments?post=583359"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/posts\/583359\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/media\/583360"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/media?parent=583359"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/categories?post=583359"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/tags?post=583359"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}