Anthropic’s decision to limit access to its latest model reflects a
growing focus on the safe, secure and responsible deployment of
advanced AI.Frontier AI is expanding both defensive capabilities and potential cyber
risks, requiring organizations to adapt how they manage security.This moment highlights the need for clearer guidance and coordination
to support the secure adoption of advanced AI.<\/p>\n
On 7 April, Anthropic announced Claude Mythos Preview<\/a>, a frontier AI model so powerful (or risky) that the company decided not to release it to the public. This decision signals a critical shift in AI landscape: constraints on deployment are no longer commercial, but security-driven.<\/p>\n According to Anthropic, Mythos can autonomously identify previously unknown vulnerabilities, generate working exploits and carry out complex cyber operations with minimal human input. Testing identified a large number of related weaknesses across widely used systems, though these results remain subject to further validation<\/a> and vary in terms of severity and real-world exploitability.<\/p>\n This reflects a broader turning point; frontier AI systems are becoming more autonomous and powerful, but also harder to control once deployed. The cautious way forward is to treat these models less as consumer products and more as strategic assets. Ultimately, it underscores a new reality: AI capability is advancing faster than our ability to safely govern it<\/a>, making security the primary gatekeeper for release.<\/p>\n Global-systemic risks of frontier AI <\/p>\n Tasks that once required highly specialized teams working for weeks or months can now be performed in hours. This has two immediate consequences. First, it could significantly strengthen defences by accelerating the discovery of vulnerabilities. Second, it could lower the barrier for launching sophisticated cyberattacks, enabling a wider range of actors to operate at a higher level.<\/p>\n This is not just a cybersecurity issue. It is a resilience issue for global stability. Critical infrastructure, financial systems and supply chains all depend on digital systems that could be exposed to faster, more scalable forms of attack.<\/p>\n When AI risks move markets<\/p>\n The market reaction has been equally striking.<\/a> Reports suggest that fears linked to Mythos and similar frontier AI systems have contributed to significant volatility in global technology stocks, highlighting investor concern about disruption to cybersecurity, business models and the stability of the digital economy.<\/p>\n Recent developments underscore how quickly this issue is moving from theory to practice. Reports indicate that US officials have begun urging major financial institutions to actively test advanced AI systems like Mythos<\/a> in controlled environments, reflecting growing concern at the highest levels about both the risks and defensive potential of such tools.<\/p>\n This moment reinforces warnings already highlighted in the World Economic Forum\u2019s Global Cybersecurity Outlook 2026<\/a>, which points to a growing gap between the pace of cyberthreats and organizations\u2019 ability to respond. Frontier AI could widen that gap further \u2013 at least in the short term.<\/p>\n Three questions for leaders<\/p>\n For non-specialists, the Mythos episode raises three practical and urgent questions:<\/p>\n Could AI make cyberattacks easier to launch?<\/p>\n Yes \u2013 but unevenly<\/a>. By automating complex technical tasks, systems like Mythos Are organizations ready to respond at AI speed?<\/p>\n In most cases, not yet; for many, not even close. Even today, organizations struggle to keep up with the fast-evolving sector, with 87% of leaders identifying AI-related vulnerabilities as the fastest-growing cyber risk<\/a>. If AI systems dramatically increase the number of vulnerabilities identified, the challenge will shift from discovering problems to fixing them fast enough. Patch cycles measured in weeks may no longer be sufficient in a world where vulnerabilities can be identified and exploited within hours.<\/p>\n Who controls access to these capabilities?<\/p>\n This remains an open question. Anthropic has chosen to restrict access and work with a small group of trusted partners<\/a>, rather than releasing the model broadly. But there are no globally agreed rules for who should have access to such powerful systems or how their use should be governed.<\/p>\n From scarcity to overload<\/p>\n One of the less obvious implications of systems like Mythos is that they could create a new kind of bottleneck. For years, cybersecurity has struggled with limited visibility in that organizations did not know where their vulnerabilities were. AI changes that, enabling rapid, large-scale discovery of weaknesses across systems. <\/p>\n This, however, creates a different problem: overload. If thousands of vulnerabilities can be identified quickly, organizations may not have the capacity to address them all. Prioritization becomes critical, and errors become more costly. In this environment, more visibility does not automatically mean more secure.<\/p>\n As offensive capabilities become more automated, defensive systems must match that speed and sophistication. Static, rule-based approaches will not keep pace. Instead, organizations will need adaptive systems that continuously monitor and respond in real time.<\/p>\n Cybersecurity is shifting from defending fixed perimeters to managing dynamic, intelligent systems, fundamentally reshaping how risk is understood and controlled.<\/p>\n What leaders should do now<\/p>\n
can lower the barrier to entry for attacks on simpler systems, which can be carried out with limited human input. For more complex, well-secured systems, attacks likely still requiring steering from experienced attackers. This could increase the frequency of cyber incidents, while enabling more sophisticated attacks primarily in the hands of skilled actors. <\/p>\n