LIVE FEED
Anthropic Mythos LLM Scans Federal Software for Vulnerabilities

Anthropic Mythos LLM Scans Federal Software for Vulnerabilities

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.5 SecurityWeek

CISA's Attack Surface Evaluation team is reportedly leveraging Anthropic's 'Mythos' model to scan federal government software for security vulnerabilities, representing a significant expansion of AI-assisted offensive security tooling in critical infrastructure defence. The deployment raises important questions about the trustworthiness of LLM-driven vulnerability assessment, potential for model-induced false negatives, and the security of the AI pipeline itself when applied to sensitive government codebases. This marks one of the most prominent known uses of a commercial LLM in an active U.S. government cyber defence role.

Anthropic Ships Mythos for AI-Driven Bug Discovery

Anthropic Ships Mythos for AI-Driven Bug Discovery

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.8 Dark Reading

Anthropic's Mythos capability, combined with IBM and Red Hat's Project Lightwell service backed by 20,000 engineers and $5B, introduces an AI-driven pipeline for discovering and remediating bugs in open-source software at industrial scale. This creates a dual-edged attack surface: adversaries who can influence Mythos's findings, its training data, or the remediation pipeline gain a privileged position to inject subtle vulnerabilities into widely-deployed open-source components. Defenders must treat the AI vulnerability-finding and patch-generation pipeline itself as a high-value, high-risk supply chain asset requiring rigorous integrity controls.

Anthropic Releases Mythos and Fable Models with Global Access

Anthropic Releases Mythos and Fable Models with Global Access

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 6.8 TechCrunch AI

The US government has lifted export restrictions on Anthropic's Mythos and Fable models, restoring broad international access to what are described as the most capable AI models publicly available, with Mythos specifically noted for its advanced ability to identify and exploit software vulnerabilities. Defenders must now contend with a significantly wider pool of threat actors — including foreign nationals and nation-state-affiliated researchers — who can access a model with documented offensive security capabilities. The policy reversal also introduces regulatory uncertainty that complicates enterprise risk assessments, as organizations cannot rely on stable governance signals to calibrate their AI security postures.

Sakana AI and 360 Launch Fugu and Tulongfeng Models

Sakana AI and 360 Launch Fugu and Tulongfeng Models

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 6.8 Cohere AI (via HN)

Sakana AI's Fugu and Chinese firm 360's Tulongfeng are frontier AI models positioned as functional alternatives to Anthropic's export-restricted Mythos and Fable 5, with Fugu explicitly designed for agentic orchestration across third-party model APIs. For defenders, the proliferation of cybersecurity-focused frontier models outside US regulatory reach removes a key friction point that previously slowed adversary access to high-capability AI offensive tooling. The agentic, multi-model orchestration design of Fugu in particular introduces compounded supply-chain and prompt-injection risk for any enterprise connecting these models to existing tool ecosystems.

Anthropic's Mythos AI Breached Classified US Government Systems in Hours

Anthropic's Mythos AI Breached Classified US Government Systems in Hours

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.1 SecurityWeek

Anthropic's Mythos AI model identified vulnerabilities in classified US government computer systems within hours during a government-sanctioned testing exercise under Project Glasswing. A senior US official confirmed the findings to the Associated Press, corroborating statements made by Sen. Mark Warner that the model 'broke into almost all of our classified systems.' The incident marks a landmark demonstration of AI-enabled offensive cyber capability at the highest sensitivity levels of government infrastructure.

Anthropic Mythos Model Theft: China-Linked Access

Anthropic Mythos Model Theft: China-Linked Access

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 8.5 The Verge AI

The White House reportedly believes a China-linked group accessed Anthropic's Mythos AI model, prompting export restrictions on the technology. If confirmed, the breach represents a significant national security threat, as adversaries could exploit the model directly or use knowledge distillation to replicate its capabilities. Separately, reports of jailbreak vulnerabilities in Mythos and Fable compound concerns about unauthorised access to frontier AI systems.

Mythos AI Exploits macOS Kernel Memory Corruption

Mythos AI Exploits macOS Kernel Memory Corruption

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.5 Schneier on Security

A threat group leveraged Anthropic's Mythos AI model to identify and exploit a kernel memory corruption vulnerability in Apple's M5 chip running macOS. This represents a concrete, reported instance of AI-assisted vulnerability research being used offensively to discover low-level hardware-adjacent exploits. The incident underscores the dual-use danger of increasingly capable AI coding and reasoning models in the hands of adversarial actors.

GPT-5.5 and Mythos Execute 32-Step Network Intrusion

GPT-5.5 and Mythos Execute 32-Step Network Intrusion

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.5 Ars Technica Security

The UK's AI Security Institute (AISI) found that OpenAI's GPT-5.5 matches Anthropic's Mythos Preview on cybersecurity benchmarks, including a 32-step simulated corporate network intrusion. Both models successfully completed the 'The Last Ones' data-extraction simulation — a first for any AI system — suggesting autonomous offensive cyber capability is a general frontier-model property, not a one-vendor breakthrough. The findings raise urgent questions about responsible release practices and the pace at which LLMs can independently execute multi-stage attacks.

Anthropic Releases Claude Security Vulnerability Scanner

Anthropic Releases Claude Security Vulnerability Scanner

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 SecurityWeek

Anthropic has released Claude Security in public beta, a dedicated vulnerability scanning product aimed at countering the accelerating threat of AI-powered exploitation exemplified by its own Mythos model. The tool integrates directly into Claude Enterprise, scanning repositories for vulnerabilities, providing confidence-rated findings, and generating targeted patches — compressing the security team-to-engineer remediation cycle from days to a single session. The launch reflects a broader industry acknowledgment that frontier AI models in adversarial hands are fundamentally shortening time-to-exploit, forcing defenders to adopt equivalent AI-native tooling.

Anthropic Mythos Preview Breached via Contractor Credentials

Anthropic Mythos Preview Breached via Contractor Credentials

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.2 Wired Security

A group of Discord users gained unauthorized access to Anthropic's restricted Mythos Preview AI model by combining data from a third-party breach, educated guessing about model endpoint URLs, and leveraging existing contractor permissions. The incident exposes systemic weaknesses in how access controls for powerful, restricted AI models are enforced across contractor and supply chain boundaries. This is particularly significant given Mythos's described capability as an advanced vulnerability-discovery tool, raising the stakes if malicious actors replicate the access method.

Anthropic Mythos AI Achieves 72% Autonomous Exploit Success

Anthropic Mythos AI Achieves 72% Autonomous Exploit Success

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.2 The Hacker News

Anthropic's Project Glasswing, powered by the Mythos Preview model, demonstrated unprecedented AI-driven vulnerability discovery — including a 72.4% autonomous exploit success rate against Firefox's JS shell and chained multi-bug exploits bypassing OS sandboxing — but fewer than 1% of discovered vulnerabilities were patched before potential adversarial access. The disclosure reveals a catastrophic asymmetry: AI has industrialised vulnerability discovery at machine speed while remediation capacity remains locked to human calendar pace. Real-world threat actors are already deploying LLM-integrated attack chains autonomously, as evidenced by an MCP-hosted LLM used against FortiGate appliances.

GPT-5.4-Cyber Expansion Raises LLM Jailbreak Dual-Use Risks

GPT-5.4-Cyber Expansion Raises LLM Jailbreak Dual-Use Risks

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.5 SecurityWeek

OpenAI has expanded access to GPT-5.4-Cyber, a fine-tuned model designed for defensive cybersecurity applications, following Anthropic's reveal of its Mythos cybersecurity model. While framed as a defensive tool for legitimate security practitioners, the widened access to a capability-enhanced cybersecurity LLM raises dual-use concerns around potential misuse for offensive operations. The competitive dynamic between major AI labs in the security-focused model space signals a broader industry trend that warrants careful access control and policy scrutiny.

Anthropic Claude Prompt Injection Enables Excessive Agency

Anthropic Claude Prompt Injection Enables Excessive Agency

ATLAS OWASP LOW Limited impact · Standard review ▲ 6.2 CrowdStrike Blog

CrowdStrike, as a founding member of Anthropic's Mythos program, is highlighting the security challenges posed by increasingly capable frontier AI models, signaling a growing industry focus on securing agentic and large-scale AI systems. The article underscores the philosophical and practical position that AI capability gains must be matched by proportional security investment. While the piece is primarily a vendor partnership announcement and executive viewpoint, it reflects an important industry trend toward formalising AI-specific security frameworks and tooling.

Anthropic Mythos AI Autonomously Discovers Zero-Day Exploits

Anthropic Mythos AI Autonomously Discovers Zero-Day Exploits

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.2 Dark Reading

Anthropic has released a preview of 'Mythos,' an AI model reportedly capable of autonomously discovering and exploiting critical zero-day vulnerabilities, raising significant dual-use concerns. While Anthropic claims the model ships with access controls, the security community is scrutinising whether those safeguards are sufficient to prevent misuse by malicious actors. The development represents a pivotal moment in the arms race between offensive AI capabilities and defensive governance frameworks.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.