The AI cyber risk no one is really talking about

Anthropic’s Mythos has largely been reported as a story about AI-enabled hacking. The more important intelligence story may be different: advanced models are beginning to concentrate vulnerability intelligence around a small number of organisations that can map shared dependencies, validate exposure, and act before the rest of the market even knows where to look. 

From isolated exploits to systemic visibility 

The most unsettling part of the Mythos story is not that an AI model may now be unusually good at finding security flaws. It is that a small number of organisations may soon know much more, much earlier, about weaknesses in the software that everyone else depends on. That is a different kind of cyber risk. It is less about a machine “becoming a hacker” in the science-fiction sense, and more about who gains early visibility into fragile parts of the digital ecosystem the rest of us share. 

When Anthropic announced Claude Mythos Preview on 7 April, it did not release the model generally. Instead, it paired the announcement with Project ‘Glasswing’, a controlled initiative designed to use the model on “foundational systems” that represent a large portion of the world’s shared cyberattack surface. The UK government then added weight to the concern, saying the AI Security Institute had found Mythos to be substantially more capable at cyber offence than any model it had previously assessed, and warning that frontier-model cyber capabilities are now doubling every four months rather than every eight. 

That has mostly been covered as a breakthrough in offensive capability. Fair enough: Anthropic’s technical note says Mythos autonomously wrote a remote code execution exploit against FreeBSD’s NFS server, reportedly granting full root access to unauthenticated users, and also says the model has identified and exploited zero-day vulnerabilities in major operating systems and web browsers. Importantly, Anthropic does not say the FreeBSD flaw itself was 17 years old. Its broader point is that many of the vulnerabilities Mythos found were ten or twenty years old, while the oldest example it specifically names is a now-patched 27-year-old OpenBSD bug. Those are serious claims and they help explain the cautious release posture. But from a threat intelligence perspective, the more strategic issue is what happens when that level of capability is directed not at isolated targets, but at widely used software, common components, and shared digital infrastructure. 

The problem shifts from individual companies to shared foundations

This is where the discussion becomes more interesting, and less reported. Modern cyber risk is increasingly systemic. One vulnerable company is a problem; one vulnerable dependency reused across sectors is a different class of problem altogether. The G7’s own guidance on third-party cyber risk makes exactly this point, warning that critical parts of the ICT supply chain can create not only risk for an individual organisation but systemic cyber risk for the wider financial sector. NCSC guidance on software bills of materials makes the operational implication clear: organisations need transparent inventory of components and dependencies if they want any realistic chance of understanding supply chain exposure. 

Put simply, AI is starting to change the shape of cyber advantage. The old advantage was often held by the actor with the most skill, patience, or access. The emerging advantage may belong to the organisation that can answer three questions fastest: which shared technologies are weak, who depends on them, and how quickly can that exposure be validated and distributed as actionable intelligence. That is a very different contest. It shifts the centre of gravity away from pure actor tracking and toward what might be called dependency intelligence. That framing is an inference from the current evidence, but it is strongly suggested by the way Anthropic has structured Project Glasswing around foundational systems rather than one-off bug hunting. 

There is another reason this matters. Access to Mythos is restricted. Reuters reports that access has been given only to selected organisations through Project Glasswing, and that this has already triggered concern in financial services about unequal visibility and competitive disadvantage. The latest Reuters reporting shows that banks and regulators are now actively discussing the implications, with some European institutions worried about being left behind if a small club gains earlier insight into vulnerabilities affecting common platforms and legacy environments. That does not mean anyone is behaving irresponsibly. On the contrary, controlled access is clearly the safer route than public release.

A two-speed model of defence 

This creates an uncomfortable strategic reality: the cyber market may be drifting toward a two-speed model of defence. One group gets earlier access to model-driven vulnerability discovery and can act on that insight sooner. Everyone else waits for coordinated disclosure, public advisories, vendor patches, or downstream reporting. In practical terms, the real asymmetry may not be who owns the most firewalls or the best SOC. It may be who gets to see the map first. That conclusion is also an inference, but it follows naturally from the restricted-access structure now being reported and the focus on foundational software. 

The real bottleneck: validation, disclosure, and trust 

There is also a bottleneck forming that has received far less attention than the “AI can hack” narrative: human validation and coordinated disclosure. In March, AWS, Anthropic, Google, Microsoft, and OpenAI announced a joint $12.5 million investment with the Linux Foundation to help open-source projects cope with a surge in AI-enhanced and AI-generated vulnerability reports. AWS’s description is blunt: foundation models are beginning to outpace security researchers in their ability to find bugs in critical code, while maintainers are increasingly overwhelmed by low-quality AI-generated reports. In other words, the pressure point is moving from discovery to triage. 

That may prove to be the real underreported risk. If advanced models can generate findings at a rate that human teams cannot quickly validate, prioritise, and communicate, then the limiting factor in cyber defence becomes neither the model nor the attacker. It becomes trust infrastructure: disclosure processes, maintainer capacity, asset inventory, supplier mapping, and the ability to decide which findings matter most before attention is wasted on noise. This is exactly why inventory disciplines such as SBOMs, and exploitability-focused methods such as EPSS-style prioritisation, become more important in an AI-shaped threat landscape. 

What this means for threat intelligence and risk management 

The evidence also still calls for balance. A March 2026 research paper on multi-step cyber-attack scenarios found meaningful progress, but not omnipotence: the best single run completed 22 of 32 steps on a corporate network range, while performance on an industrial control system scenario remained limited. So, this is not yet a story of flawless autonomous intrusion everywhere. It is a story about the rapid compression of time, effort, and expertise in vulnerability discovery and attack-path progression. That is serious enough on its own. 

For threat intelligence and risk management teams, the message is the same: understanding the threat is no longer enough unless it is tied directly to understanding exposure. Tracking actors, campaigns, and TTPs still matters, but teams must also assess shared dependencies, concentration risk, transitive supplier exposure, and where a newly discovered flaw could create cross-sector blast radius. In practice, that means CTI and risk management need to work as one discipline: intelligence identifies how the threat is evolving, while risk management determines what matters most to the organisation, where the material exposure sits, and which mitigations should be prioritised first. The future CTI function may therefore need to be as fluent in software lineage, business criticality, and ecosystem fragility as it is in adversary tradecraft. 

That is the deeper story behind Mythos. The real issue is not simply that AI may find more bugs. It is that AI is beginning to reshape who sees systemic weakness first, who can validate it fastest, and who can turn it into useful defensive action before someone else weaponizes the same insight. In the next phase of cyber competition, the decisive advantage may not belong to the organisation that finds the next flaw first. It may belong to the one that understands, fastest, which shared flaw matters, who else is exposed, and how quickly that knowledge can move. That is also why organisations increasingly need an integrated response that brings together cyber threat intelligence, risk management, and the practical application of data and AI across the enterprise. Talan combines the cyber services many clients already rely on with broader Data and AI capability, helping organisations not only understand and manage emerging AI-enabled cyber risk, but also apply AI in a secure, governed and value-focused way to improve processes, create efficiencies and support better decisions across the business.