AI is raising the stakes for cyber professionals – Claude Mythos just took things to another level

Anthropic’s Project Glasswing announcement this week is one of the “clearest signals yet” that there’s a looming AI arms race in the cybersecurity profession, according to industry experts.

The AI company announced a new initiative that will see a host of big tech companies, including Microsoft, Amazon, Palo Alto Networks, and CrowdStrike, test its new Claude Mythos model behind closed doors.

Anthropic said the model has the potential to “reshape cybersecurity” and made a conscious decision to limit the release to industry stakeholders to prevent potential misuse.

As ITPro noted earlier this week, it’s very unusual for a company to announce a gated release of an AI model, especially given the rapid-fire release timelines we’ve seen over the last three years.

Companies such as OpenAI, Anthropic, and Google have been locked in a game of one-upmanship to roll out increasingly powerful models and gain a cutting edge on competitors.

Anthropic’s main rival, OpenAI, is now also reportedly considering a similar gated release format for an upcoming cybersecurity tool, per reports from Axios.

If OpenAI follows suit, it means two of the leading AI model developers are actively concerned about the potential for misuse, and that doesn't bode well for cyber teams.

The double edged sword of AI

Bharat Mistry, field CTO at TrendAI, part of Trend Micro, said the initiative shows AI has now reached a critical tipping point in terms of its applications in cybersecurity.

“Frontier models can now uncover decades-old vulnerabilities at a scale and speed that only a handful of top security experts could previously match,” he said.

AI-driven gains work both ways, however. Ilkka Turunen, Field CTO at Sonatype, echoed Mistry’s comments, but warned the technology is opening the door to an array of new AI-powered threats and potential risks.

“Timelines to exploitation will continue to compress, new vulnerabilities will be discovered and spread faster, and attacks will continue to be completely autonomous,” Turunen noted.

“We are already seeing this occur with current gen models, for example with the attack chain of supply chain incidents that TeamPCP has been exploiting, which led to the compromise of LiteLLM.”

“For defenders, it means that we have to accept a rapid, autonomous future where our reaction times need to continue to compress, our ability to ship secure code needs to speed up.”

AI is now very much a double-edged sword for security practitioners, and the warning signs have been there for some time.

Fortinet’s 2025 Cybersecurity Skills Gap report, for example, found that 49% of cyber leaders are worried AI will increase the sophistication - and crucially, the volume - of cyber attacks.

Crucially, threat actors have been observed using the technology to reverse engineer malware and create more convincing phishing lures.

Increased velocity

Liam Salsi, director of architecture at Talion, noted that while the Claude Mythos initiative does have long-term implications for enterprises, it’s not quite the existential threat many are suggesting.

“It's also important to note that this does not render existing security controls obsolete,” he said.

“Many of the vulnerabilities identified through programmes like Glasswing would still be detectable and preventable through layered security approaches and mature SOC capabilities.”

What this does showcase, however, is that the scale is changing. Security teams are now working at machine speed - and many are unprepared to cope with increased velocity.

Last year, the UK’s National Cyber Security Centre (NCSC) warned that AI tools will “almost certainly” enhance threat actors’ ability to exploit vulnerabilities at a rapid pace.

“AI will increase the speed and volume at which vulnerabilities are discovered and potentially exploited, placing greater pressure on organizations to respond at pace,” he commented.

“The ability to scale detection and response will become a defining factor in how effectively organizations can manage this next phase of cyber risk.”

FOLLOW US ON SOCIAL MEDIA

Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.