Why does Anthropic warn that Mythos increases cyberattack risks?

Anthropic warned that Claude Mythos significantly increases cyberattack risks because it can discover and exploit vulnerabilities at machine speed. This allows attackers to scale sophisticated attacks faster than defenders can respond.

What is Claude Mythos and why is it important for cybersecurity?

Claude Mythos is an advanced AI model developed by Anthropic with strong capabilities in vulnerability discovery and exploit generation. It represents a major shift in cybersecurity because it can both strengthen defenses and enable more powerful attacks.

Are AI-powered cyberattacks already happening?

Yes. Documented cases include AI-assisted attacks by state-sponsored groups and cybercriminals using tools like Claude and DeepSeek to automate reconnaissance, exploitation, and scaling of attacks across hundreds of systems.

Which US agencies were briefed about Mythos risks?

Anthropic briefed agencies including the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST). Intelligence community entities such as the NSA were also reported to be monitoring the situation.

What types of cyberattacks could Mythos enable?

Mythos could enable large-scale attacks such as penetrating corporate and government systems, exploiting critical infrastructure vulnerabilities, disrupting internet services, and automating complex multi-stage attack chains.

Why is 2026 considered a critical year for AI cybersecurity threats?

Experts believe 2026 is critical because AI capabilities are advancing faster than defensive measures. As powerful models become more accessible, the likelihood of large-scale cyberattacks increases significantly.

What is the risk of AI capabilities spreading to adversaries?

There is a high risk that similar AI capabilities will spread to adversaries through open-source models, model distillation, or independent development. This could allow hostile actors to replicate advanced cyberattack techniques.

How does AI change the speed of cyberattacks?

AI dramatically reduces the time required to identify vulnerabilities and execute attacks. Tasks that previously took weeks or months can now be completed in minutes or hours, shrinking the defense window.

What concerns does the US government have about AI cybersecurity?

The US government is concerned that AI could enable attacks on critical infrastructure, defense systems, and private companies, while also lowering the barrier for less-skilled attackers to carry out sophisticated operations.

What should organizations do to prepare for AI-driven cyber threats?

Organizations should accelerate patching processes, strengthen vulnerability management, monitor systems continuously, adopt AI-driven defense tools, and prepare incident response strategies for faster and more automated attacks.

Anthropic Is Warning the US Government That Mythos Makes Massive Cyberattacks More Likely This Year

Anthropic built the most capable cybersecurity AI ever documented, then went to Washington to explain why that should concern everyone.

In the weeks before and after the April 7 announcement of Project Glasswing, Anthropic privately briefed senior US government officials about Claude Mythos Preview's offensive and defensive capabilities. According to reporting from Axios, the company told those officials directly that Mythos makes large-scale cyberattacks significantly more likely in 2026. At least one source briefed on the model told Axios that a major attack could hit this year.

The briefings reached the Cybersecurity and Infrastructure Security Agency, CISA, and NIST's Center for AI Standards and Innovation. Analysts at the National Security Agency were also described as "casually chatting" about the Mythos release, according to Defense One. Anthropic told the government it was available to help evaluate the model, though it was unclear whether the government was taking the company up on the offer.

It is the cybersecurity story inside the Mythos story, and it runs alongside a legal conflict between Anthropic and the Pentagon that has produced the most unusual AI regulatory moment in US history.

What Anthropic Told the Government

Anthropic's warnings to government officials were specific. According to the pre-announcement Axios report and Fortune's coverage of the Project Glasswing launch, Anthropic characterized Mythos as allowing AI agents to work "with wild sophistication and precision to penetrate corporate, government and municipal systems." The company's own blog post described the model as "currently far ahead of any other AI model in cyber capabilities" and said it "presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders."

The private briefings to government agencies extended beyond the general alarm. Anthropic told CISA and the Center for AI Standards and Innovation specifically about both the offensive and defensive dimensions of Mythos capabilities. The company's message, in its own framing, was that "bringing government into the loop early, on what the model can do, where the risks are, and how we're managing them, was a priority from the start."

Whether the government is responding at the required pace is a different question. Axios reported a source briefed on Mythos saying that "D.C. governs by crisis. Until this is a crisis, and gets the attention and resources it deserves, cyber is kind of a backwater." Government officials briefed on the model described it as capable of bringing down a Fortune 100 company, crippling swaths of the internet, or penetrating vital national defense systems, according to Axios.

The China Dimension

The government warnings are not purely forward-looking: Claude has already been used in a state-sponsored cyberattack.

Anthropic disclosed in 2025 what it described as the first documented case of a cyberattack largely executed by AI. A Chinese state-sponsored group used Claude agents to autonomously infiltrate roughly 30 global organizations, with AI handling the majority of tactical operations independently. Anthropic detected and stopped the campaign.

CNN reported that a Russian-speaking cybercriminal separately used multiple AI tools, including Claude and DeepSeek, to hack over 600 devices running a popular firewall in more than 55 countries, as documented by AWS's security research team. The attacker used generative AI to "implement and scale well-known attack techniques throughout every phase of their operations, despite their limited technical capabilities."

Both cases establish that Mythos-level capabilities are not the threshold for AI-enabled attacks: that threshold has already passed. What Mythos represents is the next order of magnitude.

Logan Graham, who leads Anthropic's Frontier Red Team and briefed government officials on Mythos, described the competitive timeline to Axios: "Behind Mythos is the next OpenAI model, and the next Google Gemini, and a few months behind them are the open-source Chinese models." The Defense One coverage put the national security framing bluntly: tools like Mythos in the wrong hands could help adversaries identify and exploit weaknesses in critical systems, and the offensive mission depends on understanding a target's defenses.

A source close to the Pentagon told Axios: "An enemy could reach out and touch us in a way they can't or won't with kinetic operations. For most Americans, the Iran war is 'over there.' With a cyberattack, it's right here."

The Pentagon Paradox

There is a complication woven through all of this: the company warning the government about AI-enabled cyberattacks is simultaneously suing the government for blacklisting it.

How the Conflict Started

Anthropic signed a $200 million contract with the Pentagon in July 2025, the first AI lab to deploy its technology across the DOD's classified networks. Contract negotiations over expanded deployment on the DOD's GenAI.mil platform began in September and stalled over two specific points.

Anthropic refused to allow Claude to be used for mass surveillance of American citizens or for fully autonomous lethal weapons capable of selecting and engaging targets without human decision-making. These were not new positions but had been in Anthropic's usage policy since its founding and had governed its Pentagon relationship for months without incident.

Defense Secretary Pete Hegseth set a deadline of February 27 for Anthropic to accept the Pentagon's terms. Dario Amodei declined. Hours later, Hegseth announced on social media that Anthropic was a "supply-chain risk to national security," barring defense contractors from using Claude. President Trump separately posted telling federal agencies to immediately stop using Anthropic's technology.

The Legal Fight

Anthropic filed two federal lawsuits on March 9, 2026, challenging the designation as unconstitutional retaliation against protected speech. The company argued that the supply chain risk designation, historically reserved for foreign adversaries like Chinese technology firms, had never before been applied to an American company. The Pentagon acknowledged the unusual nature of the designation while arguing it was about operational control, not speech.

On March 26, US District Judge Rita Lin granted Anthropic a preliminary injunction, calling the Pentagon's actions "classic illegal First Amendment retaliation" and describing them as looking like "an attempt to cripple Anthropic." She wrote that "nothing in the governing statute supports the Orwellian notion that an American company may be branded a potential adversary and saboteur."

On April 9, a federal appeals court in Washington denied Anthropic's request to block the Pentagon designation while the lawsuit continues, ruling that the financial harm to Anthropic was outweighed by "judicial management of how, and through whom, the Department of War secures vital AI technology during an active military conflict." The split decisions leave Anthropic excluded from DOD contracts but able to continue working with other government agencies including CISA.

The irony was not lost on the security community. The same week that Anthropic was warning CISA about Mythos's potential to enable catastrophic cyberattacks, it was fighting in federal court for the right to remain a government vendor. And the models were still being actively used to support US military operations in Iran even after the blacklisting.

What the Intelligence Community Is Watching

The intelligence community's interest in Mythos spans both the threat and the opportunity it represents. Multiple intelligence agencies and Defense Department components play roles in offensive cyber operations and defending US networks, making Mythos-class capabilities relevant to both missions. Morgan Adamski, the former executive director at US Cyber Command, told Defense One: "For those in the offensive cyber community, for the US government, there's obviously a huge potential there from an adversarial perspective."

Senator Mark Warner of Virginia, vice chairman of the Senate Intelligence Committee, issued a statement after the Project Glasswing announcement: "We are already seeing cyber threat actors using AI tools to improve their capabilities, putting government, businesses and consumers' security and personal information at risk. As AI dramatically accelerates the discovery of new vulnerabilities, I hope industry will correspondingly accelerate and reprioritize patching."

Leah Siskind of the Foundation for Defense of Democracies framed the strategic implication: the government "needs to make amends with Anthropic and help them and Glasswing members maintain the American lead on AI by preventing Chinese model theft."

The concern about model theft is not abstract. A congressional report from Representative Josh Gottheimer cited the Chinese Communist Party-backed group that previously hacked Claude and warned that Mythos capabilities could be used for more advanced attacks. Gottheimer wrote to Dario Amodei specifically warning against CCP-backed companies conducting "distillation campaigns" to extract Mythos capabilities into Chinese models.

The Industry Context

Anthropic is not alone in identifying frontier AI models as serious cybersecurity risks. OpenAI warned in December 2025 that its upcoming models posed a "high" cybersecurity risk, using the same threat assessment framework that Anthropic applied to Mythos.

The scale of concern across the industry reflects a shift in how frontier capabilities are understood. A Dark Reading poll found that 48% of cybersecurity professionals now rank agentic AI as the top attack vector for 2026, above deepfakes and all other categories.

The concern is not that Mythos-class models will be misused by amateurs. It is that they lower the technical floor for sophisticated attacks, allowing actors with "limited technical capabilities" to "implement and scale well-known attack techniques throughout every phase of their operations," as the AWS research team documented in the Russian firewall incident.

Alex Stamos, a cybersecurity expert consulted for the Platformer reporting on Mythos, offered the most measured framing of the window Anthropic is working within: "The optimistic timeline is that we are one step past human capabilities, and that means that there is a huge but finite pool of flaws that can be found and fixed." That finite pool is what Project Glasswing is working through, and whether it can be exhausted before adversaries develop comparable capabilities is the question the government warnings are meant to accelerate.

Conclusion

The story of Anthropic warning the US government about Mythos is simultaneously a story about the most capable cybersecurity AI ever built and the most consequential AI-related legal dispute in US history. It is also a story about the first documented AI-executed state-sponsored cyberattack, and the narrow window between those capabilities existing and those capabilities proliferating.

Anthropic occupies a structurally unusual position: warning government officials about a threat that only it currently controls, while fighting that same government in federal court. It has briefed CISA about Mythos's potential to enable catastrophic attacks while being excluded from DOD contracts for refusing to allow those attacks to happen without human oversight.

The technical reality underneath all of it is the one Anthropic stated plainly: the models coming from every frontier lab are getting more capable faster than defenders can patch what the current models find.

Whether that observation lands in Washington with the urgency it carries in San Francisco is the variable that Project Glasswing cannot control.

Frequently Asked Questions

What did Anthropic tell the US government about Mythos?

Anthropic privately briefed senior officials at CISA and NIST's Center for AI Standards and Innovation about Mythos Preview's offensive and defensive cyber capabilities before the Project Glasswing announcement. According to Axios, Anthropic told officials that Mythos makes large-scale cyberattacks significantly more likely in 2026. The company said bringing the government into the loop early was a priority and signaled it was available to help evaluate the model.

Is there evidence AI is already being used in cyberattacks?

Yes. Anthropic disclosed that a Chinese state-sponsored group used Claude agents to autonomously infiltrate roughly 30 global organizations, with AI handling the majority of tactical operations. This was described as the first documented AI-executed cyberattack. Separately, a Russian-speaking cybercriminal used Claude and DeepSeek to hack over 600 devices in 55 countries, as documented by AWS security researchers.

Why is Anthropic suing the Pentagon at the same time it is warning the government about Mythos?

Anthropic and the Pentagon's relationship broke down in February 2026 after Anthropic refused to allow Claude to be used for fully autonomous lethal weapons or mass surveillance of Americans. Defense Secretary Pete Hegseth designated Anthropic a "supply-chain risk to national security," the first such designation ever applied to an American company. Anthropic filed two federal lawsuits challenging the designation as unconstitutional retaliation. A San Francisco federal judge granted a preliminary injunction describing the Pentagon's actions as "classic illegal First Amendment retaliation," while an appeals court simultaneously denied Anthropic's request to block the Pentagon designation entirely.

What agencies have been briefed about Mythos?

Confirmed briefings include CISA, the Cybersecurity and Infrastructure Security Agency, and NIST's Center for AI Standards and Innovation. Defense One reported that analysts at the National Security Agency were also discussing the Mythos release. Multiple intelligence agencies and Defense Department components are described as paying attention to the model's capabilities.

What are the geopolitical concerns about Mythos?

The primary concern is that similar capabilities will proliferate to adversaries, particularly China, within six to eighteen months. Anthropic's Logan Graham estimated that behind Mythos are the next OpenAI model, the next Google Gemini, and open-source Chinese models a few months behind those. A congressional representative warned Anthropic directly about CCP-backed companies conducting distillation campaigns to extract Mythos capabilities. A source close to the Pentagon described the threat: unlike kinetic military conflict, a cyberattack enabled by AI reaches directly into US domestic systems.