Security Update
Executive Summary
A New Class of Cyber Capability Has Emerged
Anthropic has developed a frontier AI model capable of autonomously identifying and exploiting software vulnerabilities at scale. The model has been completed but deliberately withheld from public release due to its potential for misuse.
This marks the first instance of a major AI provider declining to deploy a production-ready system based on public cybersecurity risk. Independent reporting has reinforced both the technical capability and the rationale for restricting access (see: New York Times and technology reporter Engadget articles).
What Makes Mythos Different
The model’s defining capability is autonomy in offensive cyber operations:
Independently discovers previously unknown vulnerabilities
Generates working exploit code with minimal human input
Operates at a speed and scale that materially exceeds prior systems
In testing, the model:
Identified thousands of zero-day vulnerabilities across major platforms
Produced hundreds of working exploits in scenarios where prior models produced single digits
Enabled non-specialists to develop remote-code-execution exploits
Why It Has Not Been Released
The catch is that Mythos cuts both ways. The same skills that help defenders patch holes quickly would help attackers find and exploit them just as quickly. Only faster, cheaper, and at a scale that current defenses aren’t built to handle. Released widely, it could give attackers a way to scan for weaknesses everywhere at once and move faster than anyone can react.
What Is Happening Instead
Instead of a public release, Anthropic has set up Project Glasswing, a small, invite-only group working with the model behind closed doors. The group is limited to a handful of trusted tech and infrastructure companies (AWS, Microsoft, Google, Cisco, and CrowdStrike), all working under tight controls.
The idea is to use Mythos to find and fix serious weaknesses before the bad guys catch up, and to see whether defenders can stay ahead at all.
The bottom line: the window between when a weakness is found and when it gets exploited is about to get a lot shorter. Companies will have less time to react, and we should expect more cases where an attack hits the moment a flaw is discovered.
This isn’t a product launch. It’s a preview of where things are headed:
Attackers will get their hands on similar tools soon enough
Building an exploit will get faster, cheaper, and won’t take specialists
Today’s patching schedules just won’t cut it anymore
Expect patches to user devices to land more often, and with more urgency behind them
What we are doing
HalcyonFT is tracking these developments closely and incorporating them into our day-to-day security operations, monitoring vendor guidance and evaluating whether the emerging safeguards hold up in practice. At the same time, we are reinforcing the fundamentals that matter most: accelerating patching across laptops, networks, and the infrastructure we manage, and reducing our attack surface by limiting access to trusted users and known devices. We will continue to use Automox as part of our managed service to deploy patches, and we will continue to review your patching policies to determine whether the cadence needs to increase. We will also maintain steady visibility into where risk is emerging, both with our clients and with our vendors.
Best regards,
— Your HalcyonFT Team
{ HALCYONFT UPDATES }
More Insights
{ CONTACT }
