How Dangerous Is Anthropic's Mythos AI? The Future of Hacking

"Modern generative AI systems are getting really good at finding and exploiting vulnerabilities in software. And that has important ramifications for cybersecurity: on both the offense and the defense." — Bruce Schneier

Last month, Anthropic made a remarkable announcement about its new model, Claude Mythos Preview. It was so exceptional at finding security vulnerabilities in software that the company chose not to release it to the general public. Instead, it would only be available to a highly select group of enterprise partners to scan and fix their own internal software.

While the announcement requires context, it contains an essential truth: we have entered the era of automated AI hacking. And the implications extend far beyond computer code.

01. A Virtuous PR Stunt or a Real Threat?

Anthropic's model is undoubtedly powerful at finding software vulnerabilities, but so are its competitors. The UK's AI Security Institute recently found that OpenAI's GPT-5.5, which is generally available, possesses comparable offensive capabilities. Furthermore, the AI startup Aisle successfully reproduced Anthropic's published results using smaller, significantly cheaper open-source models.

At the same time, Anthropic's refusal to publicly release its new model makes a virtue out of necessity. Mythos is incredibly expensive to run at scale. By gating access, they effectively juice the company's valuation, hint at god-like capabilities, and let the industry parrot their claims without needing the compute to back it up for millions of users.

02. The Cyber War: Attackers vs. Defenders

Live Vulnerability Scan

Make no mistake, the truth is scary. Threat actors will inevitably use these AI capabilities to automatically discover vulnerabilities in systems of all kinds. They will break into critical infrastructure, deploy ransomware, steal sensitive espionage data, and disrupt services. This automated hacking will make the digital world much more volatile.

But the sword cuts both ways. Defenders are using these exact same models. As we covered previously, Mozilla used Mythos to find 271 vulnerabilities in Firefox. Those zero-days have been patched and will never be exploited by attackers.

03. The Ultimate Hack: Tax Codes and Regulations

The broader implications of Mythos are where things get truly disruptive. The same searching, pattern-matching, and reasoning capabilities that make AI excellent at analyzing C++ or Rust apply to other complex systems of rules.

The US tax code is not computer code, but it is a series of algorithms with inputs and outputs. It has vulnerabilities (tax loopholes), it has exploits (tax avoidance strategies), and it has black hat hackers (high-priced corporate attorneys and accountants).

We should expect AI to be equally effective at finding undiscovered tax loopholes. Major investment banks and hedge funds are almost certainly feeding the entire US and UK tax codes into private AI models right now. How many loopholes will they find? Ten? A thousand? Can an AI invent a strategy more complex than the infamous Double Dutch Irish Sandwich? Yes.

Why Regulatory Hacking is Worse than Software Bugs

When Anthropic finds a bug in Firefox, Mozilla patches it in days. When an AI finds a loophole in the tax code, it generally takes years for a country to amend it.

That process is highly political. Lobbyists actively pressure legislators not to deploy the patch. Just look at the carried interest loophole in the US—a vulnerability exploited for decades that politicians still cannot close.

Just as the industrial revolution gave humans the ability to consume energy outside their bodies at scale, the AI revolution gives us the ability to perform cognitive tasks outside our bodies at scale. Our regulatory systems are designed for human-paced cognition. We are about to witness a deluge of automated vulnerabilities found in food safety laws, environmental regulations, and financial markets. Adapting to this reality will be incredibly difficult, but as the release of Mythos proves, we don't have a choice.