7 min read4 hr

It was neither just a savvy marketing move nor simply a selfless act of corporate responsibility. Instead, most informed observers agree, it was a bit of both.

On 7 April, AI firm Anthropic announced that its latest model, Claude Mythos Preview, was “strikingly capable at computer security tasks”. So capable, in fact, that they were not releasing it to the public.

Through an initiative they dubbed Project Glasswing, Mythos has been made available to America’s biggest tech giants and financial institutions. By giving them privileged access to it, Glasswing’s participants are using Mythos to find ‘zero-day’ – that is, undiscovered – vulnerabilities in their systems and patch them up.

Anthropic still intend to publicly release “Mythos-class” AI models at some stage. They just aren’t saying when. And in the meantime, experts warn that the UK’s critical national infrastructure could be vulnerable, built as much of it is on legacy systems in urgent need of modernisation.

While Mythos is said by Anthropic to have “already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser”, it is only a matter of time before other AI developers devise models with similar or superior capabilities – including in China.

“I think the Chinese are not too far behind,” says Joyce Hakmeh, an associate fellow at Chatham House. While China has made public pronouncements emphasising the need for AI safety, the actions of hackers tell a different story.

“Publicly, they’re saying they want responsible AI, but we also know that the capabilities the Chinese have are quite sophisticated. We know they’ve infiltrated critical infrastructure in the US.”

Groups like Volt Typhoon, sponsored by the Chinese state, have targeted power grids and pipelines across the US, she points out. The prospect of these hackers gaining the ability to search out zero-day vulnerabilities with Mythos-class technology is therefore “really worrying”.

But a more fundamental issue, Hakmeh suggests, may be the fact that the US, UK and others are for the moment relying on the goodwill of AI firms to act responsibly.

“We’re basically expecting the AI developer to police its own products – and this can only go so far,” she says. (Although the White House last week signed a deal with Google’s DeepMind, Microsoft and xAI to conduct “pre-deployment evaluations” of their upcoming AI models, with the aim of ensuring they do not pose national security threats.)

Nevertheless, as rival AI models are developed over the coming months, not all of Anthropic’s competitors may be so cautious.

“I think there’s a concern about competitive pressures and how that drives frontier AI model producers to not always implement the same care that Anthropic has taken in this instance,” says Connor Attridge, a visiting researcher at the Alan Turing Institute.

There is already a substantial time lag between vulnerabilities being exposed and then patched, he says. A 2025 report found that even in large global businesses with more than 1,000 employees, on average, 45 per cent of vulnerabilities discovered in a 12-month period remain open.

“I think that gap between the two is going to increase and become exacerbated,” says Attridge. “The risk, there, is in UK Civil Service legacy infrastructure. There’s a tail of legacy infrastructure in places that deal with really critical data of citizens. NHS trusts, for example, have quite [a lot of] legacy software and from my understanding, pretty small IT teams. That’s a concern.”

A government review found that, on average, 28 per cent of systems in central government departments in 2024 were composed of “legacy technologies”, an increase from 26 per cent in 2023. The figure ranged from 10 to 50 per cent in NHS trusts and 10 to 70 per cent in police forces.

As far as access to Mythos for British high street banks and businesses is concerned, the UK is still in talks with Anthropic. In the meantime, large companies are exploring alternative options to secure their systems.

Katharina Sommer, director of government affairs at cybersecurity firm NCC Group, says clients at “the more mature end” of their market have been asking NCC if they can “replicate a similar level capability” to Mythos, on which they can test their IT estates against.

Behind these requests, she says, is a desire to check whether the patches they’ve put in place are sufficient and to reduce the risk of “something completely unknown being unearthed” by a Mythos-class model in future.

Experts also warn that, even before Mythos arrived, the rush from businesses to incorporate AI systems into their workflows over the last few years could itself be creating new vulnerabilities for conventional hackers to exploit.

“Everyone’s worried about the attacks from the outside, but not how they’re making themselves more vulnerable, perhaps, by rapidly deploying AI technologies in the business,” says Rafe Pilling, director of threat intelligence at cybersecurity firm Sophos.

We’re basically expecting the AI developer to police its own products – and this can only go so far

Pilling says there is “plenty of scope” for large language models to be used both for social engineering and for exfiltrating data from organisations.

“It really depends what that [AI model] is connected to and what access it has,” he says. “So, in a rush to provide a great experience for the customer and plug it into your order management system, financial databases and customer information systems, you may inadvertently provide a route in to access all that stuff.”

So far, Whitehall’s response to Mythos has been well-received by the cybersecurity sector. The government has written an open letter to businesses across the country, urging them to plan and rehearse their responses to critical incidents. Security minister Dan Jarvis has meanwhile invited technology firms to “partner with” the government “to co-develop AI” for a “national cyber defence” project – though the details of this remain unclear.

Following some delay last year, the government has also been progressing its Cyber Security and Resilience Bill through Parliament. The legislation will bring ‘managed service providers’ – the technology firms who provide core IT services to businesses – within the scope of existing regulations.

This will place a legal duty on them to have “appropriate and proportionate measures” to guard against cyber-attacks, while also tightening the requirements to ensure that breaches are swiftly reported to regulators.

The bill is yet to reach the Lords, but many in the cybersecurity sector argue it is an important statement of intent from ministers.

“The proof will be in the pudding,” says Sommer. “On the whole, there is very clear signposting from government to say ‘This is what you have to do’.

“The way in which regulators will be empowered and resourced to do the enforcement properly, I think, will be a really important part of the success of the legislation.

“If it’s a piece of paper that’s ultimately toothless, it might not have the desired effect, but I think the way in which it has changed the conversation has already made a really positive impact… The level of maturity and informedness by parliamentarians scrutinising the legislation is miles ahead of where we were five or six years ago.”

The fact that the UK is the only known government, other than the US, to have been granted direct access to Mythos – and for the UK’s AI Security Institute to then publish the world’s only independent assessment of Mythos’ capabilities – has also been positively remarked on.

“It speaks to the relationship that the UK has developed with these [AI] companies,” says Hakmeh, who adds that news of Anthropic expanding their London office is another boon for Britain.

If the right steps are taken over the coming months, tools like Mythos could be used to ensure software is “secure by design” at the development stage, she points out.

“If you are producing systems which are much more secure, because AI is letting you do that cheaply, then that starts changing the equation quite considerably.

“It’s not all gloomy. This is a dual-use technology: use it for good, you do brilliant stuff. Use it for bad, you have a big problem. It’s basically a question of who gets there first.”