Anthropic’s latest Mythos-class releases are putting pressure on how quickly organizations can verify flaws, assign ownership, deploy fixes and prove remediation.
On June 2, Anthropic expanded Project Glasswing from roughly 50 initial partners to approximately 150 new organizations. Anthropic said roughly 50 early partners using Claude Mythos Preview had found more than 10,000 high- or critical-severity security flaws in their codebases.
The expanded group includes organizations in power, water, healthcare, communications and hardware across more than 15 countries.
Anthropic said many new participants maintain codebases relied on by other organizations, including governments. For most partners, the company estimated that a major attack on their codebase could affect more than 100 million people.
Expanding the scope of supply chain risk
CISA’s SMB supply-chain guidance says ICT products and services are critical to SMBs, many of which lack dedicated internal risk-management functions, and identifies supplier visibility, single-source suppliers and supplier disruption among the highest-priority ICT supply-chain risks.
A joint U.S.-allied cybersecurity advisory has also warned that managed service providers are attractive targets because compromising an MSP can expose provider-customer trust relationships.
For customers that depend on MSPs, vertical SaaS providers, payment systems, remote access tools, endpoint platforms and open-source components, the operating questions become narrower: who owns the fix, what workaround exists, which systems are exposed and how the customer verifies that the risk has been reduced.
With this, Anthropic identified the same bottleneck in its Glasswing update. The company said the constraint is now “verifying, disclosing, and patching” the volume of vulnerabilities that Mythos-class models can surface.
It also said partners are using Mythos Preview to write patches, run pre-release checks, simulate attacks, automate threat detection and rebuild legacy codebases in memory-safe languages.
Balancing general use with offensive capabilities
On June 9, Anthropic launched Claude Fable 5 and Claude Mythos 5. Anthropic describes Fable 5 as a Mythos-class model made safe for general use, while Mythos 5 uses the same underlying model with some safeguards lifted for a small group of cyberdefenders and infrastructure providers.
Anthropic said Mythos-class models can discover and exploit software vulnerabilities and show strong skills in “agentic hacking,” including reconnaissance, discovery and lateral movement. Fable 5 uses classifiers that route some cybersecurity, biology, chemistry and distillation requests to Claude Opus 4.8. Anthropic said users will be informed when that fallback occurs.
The safety issue is not limited to Anthropic’s release. A May 31 arXiv paper on cybersecurity refusals in AI agents tested eight frontier models in web-based offensive security scenarios and found that six showed near-zero refusal rates. The paper did not claim those systems were used in attacks. It did show that refusal behavior remains uneven across advanced AI agents.
Cloudflare’s own Project Glasswing write-up reached a similar operational point from the defender side. The company said Mythos Preview could combine several smaller bugs into a more serious exploit and generate proof-of-concept code.
“A finding that arrives with a PoC is a finding you can act on,” Cloudflare wrote. That shortens the gap between discovery and evidence, but it also pushes more work into validation, regression testing and release control.
Federal policy aligns with automated triage
Federal policy is moving in the same direction. CISA’s June 10 Binding Operational Directive 26-04 requires federal civilian agencies to prioritize remediation using asset exposure, Known Exploited Vulnerabilities catalog status, exploit automation and post-exploitation technical impact.
The directive’s fastest remediation window is three days for the highest-risk cases. It applies to federal agencies, not private companies, but its criteria resemble the triage questions private security teams already face.
Michael Vallas, global technical principal at Goldilock Secure, said in a statement shared with TechInformed that Mythos changes the “economics and clock speed” of cyber risk. “The strategic priority moves from eliminating every tiny flaw, which is unattainable, to containing complex attack chains that only AI can assemble,” he said.
Vallas argued that boards should prioritize architectures that limit lateral movement when exploitation occurs, including “enforced physical network isolation and deep segmentation down to the critical asset level.” That view places containment next to patching rather than after it.