Skip to content

Claude Mythos: Anthropic Massively Expands AI Vulnerability Discovery for Enterprises

Bottom line: Anthropic expands Mythos access to 150 new organizations; security experts warn of structural changes driven by frontier AI models and the risk of vulnerability chaining.

Anthropic is scaling its Project Glasswing program and granting approximately 150 additional organizations access to Claude Mythos, an AI-powered vulnerability discovery tool. Security experts warn of structural shifts in cybersecurity and the risk that future frontier AI models will expand the attack surface.

In April, Anthropic initially granted access to Claude Mythos to approximately 50 organizations. The company now plans a significant expansion to around 150 additional vetted partners through Project Glasswing. In parallel, OpenAI is offering nine major UK banks access to its cybersecurity tool GPT-5.5 Cyber. This development signals a shift in how enterprises identify vulnerabilities.

Gunter Ollmann, CTO of penetration testing firm Cobalt, warned at Infosecurity Europe that frontier AI models from Google and China are not far behind in their capabilities. Paul Chichester, Director of the UK National Cyber Security Centre (NCSC), confirmed this assessment, citing estimates that China lags about eight months behind Western models. However, Chichester also emphasizes that AI tools offer defenders the opportunity to impose additional costs on attackers and have the potential to democratize security assessments and penetration testing.

Mythos’s particular strength lies in its ability to chain vulnerabilities: the tool can combine multiple medium-severity vulnerabilities to create a highly critical risk. Ollmann highlights that Mythos provides a level of software access and analysis procedures that commercial security researchers and testing platforms typically lack — including the ability to examine code and behavior that would otherwise be restricted by licenses or terms of service. This enables the identification of vulnerability classes that conventional testing approaches frequently overlook.

Jim Reavis, CEO of the Cloud Security Alliance, warns that traditional CVSS ratings are losing relevance due to AI’s ability to chain vulnerabilities. Daniel Wilcock, Threat Intelligence Analyst at Talion, cautions organizations that those who do not leverage advanced AI will fall behind those using the technology to accelerate vulnerability discovery. At the same time, threat actors are already using such systems.

Security experts emphasize that AI does not replace classical security professionals but is significantly more effective in combination with human expertise. Organizations should strengthen their cybersecurity through hardened access controls and regular incident response exercises.


Source: www.csoonline.com · Published June 4, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.9.

Share on: