This whole thing wasn’t supposed to go public the way it did. Back in late March, security researchers found Anthropic’s draft blog post sitting in an unsecured, publicly searchable data store. Their content management system had default settings set to “public” — nobody flipped the switch.

About 3,000 unpublished blog assets were discoverable. The draft described Claude Mythos as “by far the most powerful AI model we’ve ever developed” with capabilities that are “currently far ahead of any other AI model in cyber capabilities.”

Anthropic called it “human error.” But the cat was already out of the bag.

Days later, a second leak exposed nearly 2,000 source code files and over 500,000 lines of Claude Code for about three hours. That leak also revealed a security bypass that worked when you fed the AI more than 50 subcommands at once.

Between you and me — a company that builds the world’s best bug-finding AI getting hit by two embarrassing config mistakes in one week? That’s the kind of irony you can’t make up.

Nobody trained this thing to hack. Anthropic says the cyber capabilities “emerged as a downstream consequence of general improvements in code, reasoning, and autonomy.” It just got smart enough that breaking things became natural.

Here’s what it pulled off during testing:

→ Browser exploit chain: Wrote a web browser attack that chained four separate vulnerabilities together, escaping both the browser sandbox AND the operating system sandbox. That’s like picking two locked doors simultaneously.

→ Linux privilege escalation: Found and connected multiple tiny race condition bugs in the Linux kernel to go from regular user to full root access. Autonomously. Nobody told it where to look.

→ FreeBSD remote takeover: Built a 20-step attack (a ROP chain split across multiple network packets) that gave full root access to anyone on the network — no password needed.

→ The overnight test: Engineers at Anthropic with zero security training asked Mythos to find remote code execution bugs overnight. They woke up to a complete, working exploit the next morning.

That last one is what keeps security people awake. It means you don’t need to be a hacker anymore. You just need access to the model.

Anthropic (official blog): “The powerful cyber capabilities of Claude Mythos Preview are a result of its strong agentic coding and reasoning skills… the model has the highest scores of any model yet developed on a variety of software coding tasks.”

Anthropic CEO Dario Amodei visited the White House for what both sides called a “productive” meeting. The NSA is reportedly now using Mythos.

Treasury Secretary Scott Bessent + Fed Chair Jerome Powell called an emergency closed-door meeting with major bank CEOs specifically to discuss the cybersecurity risks of this model. That’s how seriously Washington is taking this.

The UK AI Security Institute said Mythos was the first AI model to complete their full network takeover simulation — though they noted their test environments didn’t have the same defenses as real-world systems.

The skeptics have a point too: independent researchers took the specific bugs Anthropic showcased and fed the relevant code to small, cheap, open-weight models. 8 out of 8 models detected the flagship FreeBSD exploit — including one with only 3.6 billion parameters. So some of these findings might not be as unique to Mythos as Anthropic implies.

This isn’t just about one model. Anthropic’s own leaked blog post warned that Mythos “presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders.”

Here’s the thing that matters: if Anthropic figured out how to do this by accident (they didn’t train for it — it emerged), then every other frontier lab is probably months away from similar capabilities. OpenAI, Google DeepMind, Meta — they’re all pushing the same levers. Better code understanding + better reasoning + longer autonomous runs = better hacking. It’s a package deal.

The 90-day + 45-day responsible disclosure window means Anthropic tells affected companies about the bugs they find, gives them 90 days to fix it, then another 45-day grace period before going public. That’s the same timeline Google’s Project Zero uses.

But between you and me — when the model is this far ahead, the question isn’t whether defenders can patch fast enough. It’s whether the next version of a similar model will show up at a lab with fewer safety principles.

Here’s what you do: the Fortune 500 companies are covered — they’re in Project Glasswing. But the thousands of mid-size SaaS companies, fintech startups, and e-commerce platforms? They’re terrified right now and have zero access to Mythos. Position yourself as a security auditor who uses the best available AI tools (Claude Opus 4.6, GPT-4, open-source models like CodeQL) to do “Mythos-style” deep vulnerability scans on their codebases. You’re not Mythos — but you’re 10x better than what they have, which is usually nothing.

Example: A freelance security consultant in Estonia started cold-emailing Nordic SaaS startups the week after the Mythos announcement, offering “AI-powered codebase audits” at €2,000/pop using Claude Opus and Semgrep. Booked 7 clients in 12 days. Most had never had a security audit at all.

Timeline: First paying client within 2 weeks. Recurring revenue once you offer quarterly re-scans.

Every CISO (the person responsible for security at a company) just had a very bad week. Their boards are asking questions. They need answers in plain English. Here’s what you do: create a paid newsletter or Substack that translates AI security developments into “what your board needs to hear” one-pagers. Think: two-page PDF, weekly, $49/month per company. Target the 10,000+ companies with 50-500 employees who don’t have a dedicated security team.

Example: A former IT admin in the Philippines started a Telegram channel called “AI Threat Brief” after the Glasswing announcement, posting daily one-paragraph summaries of AI security news with action items. Hit 4,000 subscribers in 3 weeks. Now charging ₱2,500/month ($45) for a “premium tier” with board-ready slide decks. Revenue: ~$3,200/month and growing.

Timeline: Build audience for 3-4 weeks with free posts, then gate the premium content.

Here’s the angle nobody’s talking about: Anthropic committed $4M to open-source security orgs through Project Glasswing. That money is going to fund better free tools. The projects that will get funded — OSS-Fuzz, Semgrep, CodeQL — are all learnable RIGHT NOW. And there’s about to be a massive demand spike for people who actually know how to use them. Most developers have never touched a fuzzer in their life. Be the person who already knows.

Example: A 23-year-old CS student in Nairobi spent two weeks learning OSS-Fuzz and Semgrep from free YouTube tutorials. Applied to three bug bounty programs on HackerOne using AI-assisted code review. Found a medium-severity auth bypass in a fintech API within his first month. Payout: $3,500. He’s now doing it full-time.

Timeline: 2-4 weeks to learn the tools. First bounty submission within a month.

Here’s the play: dev teams at normal companies just found out that an AI can find bugs in their code faster than they can write it. They’re scared and their managers want them “upskilled.” Create a 2-hour live workshop called something like “Defending Your Code in the AI Era” and sell it to engineering managers through LinkedIn outreach. Cover: how AI finds bugs, the three most common vulnerability patterns Mythos exploited (race conditions, sandbox escapes, memory corruption), and how to write code that doesn’t have these problems. Price: $500-$1,500 per team session on Zoom.

Example: A security engineer in Bucharest who’d been doing free conference talks pivoted to paid corporate workshops after the Mythos announcement. Posted one LinkedIn carousel showing the 181 vs 2 exploit stat and got 14 DMs from engineering leads. Booked 5 workshops at €800 each in the first two weeks. Now has a waiting list.

Timeline: Build the slide deck over a weekend. First workshop within 2 weeks of outreach.

Between you and me, here’s the play most people won’t see: Mythos costs $25/$125 per million tokens and isn’t even publicly available. But those independent researchers proved that small open-weight models with 3.6 billion parameters detected 8 out of 8 of Mythos’s showcase exploits. That means you can build a “budget Mythos” security scanning pipeline using free/cheap models on Ollama or Together AI → chain them with Semgrep → sell the output as “AI-powered vulnerability scanning.” Your costs: near zero. What you charge: whatever the market panic supports.

Example: A two-person dev shop in Medellín, Colombia built a pipeline using Llama 3 70B + CodeQL + a custom prompt chain that mimics Mythos-style analysis. They’re running it against smart contract code for DeFi projects on Immunefi. Found two critical bugs in their first week. Combined bounty: $18,000. Total compute cost: $12.

Timeline: Pipeline buildable in a weekend if you know Python. First scan results within days.