Anthropic Reuters via BBC In recent weeks, the world of artificial intelligence has been in an uproar following claims made by leading company Anthropic about its new model, Claude Mythos. The company claims to have discovered that the tool can outperform humans in some hacking and cybersecurity tasks — which has led regulators, parliamentarians and financial institutions to discuss the dangers it could pose to digital services. Several tech giants have been granted access to the Mythos through an initiative called Project Glasswing, designed to bolster resilience against the Mythos itself. Anthropic announced this week that it will extend access to Mythos to another 150 institutions in diverse sectors, such as energy, water, health, communications and equipment. New partners will need to meet security requirements before they can gain access to the template. Some analysts are even more skeptical about Mythos' capabilities and say it's in Anthropic's interest to suggest it has a tool with never-before-seen abilities. The issue also caused fear in the financial system and was even discussed at an IMF meeting in Washington involving international authorities. In practice — as is often the case with AI — the task of distinguishing between facts and exaggerations is complicated. What is Claude Mythos? The Mythos is one of Anthropic's latest models, developed as part of its broader AI system called Claude. It encompasses the company's AI assistant and family of models, rivaling OpenAI's ChatGPT and Google's Gemini. It was previewed by Anthropic in early April as "Mythos Preview." Researchers who test how AI models handle specific requests or tasks, known as "red teams," said in a report that Mythos was "incredibly capable at computer security tasks." They found that the tool could locate dormant bugs hidden in decades-old code and exploit them with ease. Rather than making it widely available to Claude users, Anthropic granted access to 12 technology companies through Project Glasswing, which it described as "an effort to protect critical software systems." These include cloud computing giant Amazon Web Services, device makers Apple, Microsoft and Google, and chipmakers Nvidia and Broadcom. Crowdstrike, whose faulty software update caused a major global outage in July 2024, is also among the project's partners, and Anthropic says it has granted Mythos access to more than 40 organizations responsible for critical software. In a video released alongside the launch of Project Glasswing, Anthropic boss Dario Amodei said the company offered to work with US government officials in order to "help defend against the risk of these models." Why are there concerns? Anthropic claims that during testing it discovered that the model is highly skilled in cybersecurity and hacking tasks, surpassing humans. "Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser," Anthropic said on April 7. "Given the speed of AI progress, it will not be long before such capabilities become widespread, potentially beyond actors committed to their safe use." The company said it could locate — with little oversight — critical flaws that require immediate action in old systems, including a vulnerability that had been present in a system for 27 years, and suggest ways to exploit them. Since then, some finance ministers, central bankers and financial sector executives have expressed serious concerns, fearing that the model could compromise the security of financial systems. Canadian Finance Minister François-Philippe Champagne told the BBC that Mythos was discussed at an International Monetary Fund (IMF) meeting in Washington in April. "It is certainly serious enough to deserve the attention of all finance ministers," he said. Bank of England governor Andrew Bailey told the BBC: "We have to look very carefully now at what this recent development in AI could mean for cybercrime risk." The European Union said it is also in discussions with Anthropic about its concerns related to Mythos. In May, the European bloc received access to the tool. What do cyber experts say? Ciaran Martin, former head of the UK's National Cyber ​​Security Centre, told the BBC earlier this week that the claim that Mythos could discover critical vulnerabilities much faster than other AI models "really shook people up". "The second issue is that even with existing vulnerabilities that we know about but that organizations may not have patched or may not be well defended against, he is simply a very good hacker," he said. Many independent analysts and cybersecurity experts have not yet been able to test Mythos for themselves, and some remain skeptical about its performance. The UK AI Security Institute recently concluded that, although it is a very powerful model, its biggest threat would be against poorly protected and vulnerable systems. "We cannot say for sure whether Mythos Preview would be able to attack well-protected systems," its researchers said. For them, where there are good cybersecurity practices, this model, in theory, would be contained. Italian Valentina Palmiotti — better known as Chompie — participates in international ethical hacking tournaments, in which competitors earn money by finding vulnerabilities in security systems before they can be exploited by cybercriminals. She told the BBC that her competition days may be numbered due to the rise of AI tools like Claude Mythos. Should we be worried? AI-related fears are nothing new. New models and tools are emerging all the time and are often accompanied by promises to revolutionize our lives — for better or worse. Tapping into this mix of fear and excitement about AI and its future impact has also become a hallmark of the industry and its marketing strategies in recent years. In the case of Mythos, we still don't know enough to understand whether these hopes or fears are justified, or more a reflection of the enthusiasm surrounding the sector. In either case, according to the National Cyber ​​Security Centre, the British cybersecurity body, the most important thing we can do now is not to panic and instead focus on the need to fix basic cybersecurity. After all, most hackers don't need artificial superintelligence tools to breach systems — much simpler attacks are usually sufficient. "For some this is an apocalyptic event, for others it seems too far-fetched," Martin told the BBC. But he said that, whether this tool or subsequent ones developed by Anthropic or competitors, beyond the risks there is an opportunity to build a safer online world. "In the medium term, there is an opportunity to use these tools to patch many of the internet's underlying vulnerabilities," he said. In late April, Anthropic announced that it was investigating a report that a small group of people gained access to Claude Mythos. "We are investigating a report of unauthorized access to Claude Mythos Preview through one of our third-party vendor environments," the company said in a statement. The statement was in response to a Bloomberg report, which revealed that users on a private forum were able to access the model without the necessary permissions. We use artificial intelligence to translate this report, originally written in English. The text was reviewed by a BBC journalist before publication. Find out more here about how the BBC is using artificial intelligence (link to English text). The AI company that took on the Pentagon in the US — and why it affects the whole world How Elon Musk can become a trillionaire with SpaceX stock offering on the stock market Pope Leo 14's message about artificial intelligence in his first 'business card' upon completing one year of his pontificate