Anthropic: Banks at Risk with AI.

Artificial intelligence is redefining cybersecurity boundaries. It's not just for writing or automating tasks anymore. Now, it's a direct player in defending--and potentially attacking--digital infrastructures.

This is where Anthropic's Claude Mythos Preview comes in. It's not just another model. It's a sign that the game has changed.

The most interesting choice isn't technical, but strategic: Anthropic decided not to make it public.

A model too powerful to be open

Claude Mythos Preview isn't freely available. Access is limited to a select group of companies and organizations. Big names like Apple, Amazon, Microsoft, and Google, along with Cisco, Broadcom, and the Linux Foundation, are involved.

The goal is clear: use the model to find vulnerabilities in critical software before they're exploited.

The initiative, called Project Glasswing, isn't just symbolic. Anthropic has put up to $100 million in credits for using the model. This shows how high the stakes are.

Here's a key point: it's not a commercial choice. It's a risk decision.

The real innovation: finding vulnerabilities before attackers do

This is the leap forward.

Models like Mythos don't just generate code or explanations. They're designed to analyze complex software and find weaknesses quickly and deeply, beyond human teams' reach.

In traditional cybersecurity, you often arrive late:

a vulnerability is discovered because it's already exploited

or it surfaces after long, costly audits

A system that can anticipate this process changes everything.

It means moving from reactive to proactive security.

The obvious problem: the same capability can be used to attack

This is why distribution is controlled.

A model that finds vulnerabilities can also exploit them. This isn't a theoretical risk; it's a direct consequence of its abilities.

So, Anthropic chose to limit access to verified entities with a structural interest in defending digital infrastructure.

The consortium's purpose is clear: maximize defensive use while reducing offensive potential.

Why We Need a Systemic Response

There's something else Project Glasswing shows clearly.

Cybersecurity isn't an isolated problem anymore.

Much of our digital infrastructure relies on shared components, often open source. A vulnerability in one library can quickly spread to hundreds or thousands of systems.

That's why a fragmented approach isn't enough now.

A consortium combining different companies, hardware makers, and critical software managers is a better fit for this complex issue.

Open Questions on Governance

This model, though, raises important questions.

Who decides who can access such a powerful tool? How are discovered vulnerabilities managed? How quickly are they communicated and fixed?

These aren't minor details.

Cybersecurity history shows managing disclosure is often more critical than the discovery itself. A timing or communication error can turn a solution into a problem.

A Shift in AI Mindset

Perhaps the most interesting aspect is another one.

With Mythos, Anthropic explicitly acknowledges some models are too powerful to release without control.

This isn't the first time it's been discussed, but it's one of the first concrete applications.

It marks a mindset shift: model power isn't just a competitive advantage anymore. It's a risk factor to manage.

More Than a Technical Project

Project Glasswing isn't just a security initiative.

It's also a governance experiment.

If it works, it might become a replicable model for other cases where AI capabilities are too sensitive to release freely.

But if problems arise--like slow processes, participant conflicts, or operational difficulties--it'll still help us understand how to manage these technologies in the future.