On April 7, Anthropic announced Claude Mythos Preview, a model it said was too dangerous to release publicly. In the weeks since, the CISO community has produced three distinct reactions to that announcement. Each is defensible. Each is incomplete on its own. Reading all three, and synthesizing them, is what I’ve been telling clients to do.
Reaction 1: The Sky Is Falling #
Anthropic’s framing was dramatic, and it was effective. The public claims, directly from the company:
- Mythos finds and exploits zero-day vulnerabilities in every major operating system and every major web browser.
- Anthropic engineers with no formal security training asked Mythos to find remote code execution bugs overnight and woke up to working exploits.
- The model has surfaced thousands of vulnerabilities across operating systems and browsers, of which over 99% remain unpatched.
- Mythos is the first model to clear ASL-3 under Anthropic’s Responsible Scaling Policy, a tier requiring “Hardened Air-Gaps” and “Restricted Dissemination” controls.
- Rather than public release, access is gated through Project Glasswing, a consortium of AWS, Apple, Google, JPMorgan Chase, Microsoft, Nvidia, and others, with parallel briefings to CISA and the U.S. AI Safety Institute.
Major outlets covered the announcement as a cybersecurity inflection point. Within a week, “Mythos-ready” was a marketing category, patch, EDR, and attack-surface-management vendors all rushed out guides explaining what their products do about it. Reading only security news in early April, you could be forgiven for thinking a new era of AI-accelerated exploitation had arrived and you were behind.
Some of this was substantive. Most of it was reflexive vendor amplification. That doesn’t make all of it wrong, it just makes it hard to separate signal from hype.
Reaction 2: The Practitioner Playbook #
On April 14, SANS Institute, the Cloud Security Alliance, [un]prompted, and the OWASP GenAI Security Project released a joint strategy briefing titled The AI Vulnerability Storm: Building a Mythos-Ready Security Program. The credentials are significant: 60 named contributors, reviewed by more than 250 CISOs, co-authored by Gadi Evron, Rob Lee, and Rich Mogull, with signatories including Jen Easterly, Bruce Schneier, Chris Inglis, and Google CISO Heather Adkins.
The briefing is not a panic document. It is an operational one. It includes:
- A 13-item risk register mapped to OWASP LLM Top 10 2025, OWASP Agentic Top 10 2026, MITRE ATLAS, and NIST CSF 2.0
- An 11-item priority actions table with aggressive timelines
- 10 diagnostic questions to triage your current security program
- A board-ready executive briefing section
It takes Mythos seriously as a capability demonstration without endorsing the vendor framing: assume the operational environment has shifted, then act accordingly with a grounded risk register mapped to frameworks you already use.
If you only have time to read one AI security document this month, this is the one.
Reaction 3: The Technical Rebuttal #
A week after the announcement, Davi Ottenheimer published a forensic reading of the Mythos system card, the 244-page technical document Anthropic released alongside its announcement. His findings complicate the framing.
The system card barely addresses cybersecurity. Only 7 of its 244 pages directly address cyber claims. The rest covers responsible scaling policy, alignment, and model welfare, less than three percent of the supporting document is actually about cybersecurity evidence.
The headline effectiveness number collapses under scrutiny. The system card reports a 72.4% “Final Compromise Effectiveness” rate against a curated vulnerability corpus. But when the top two most-exploitable vulnerabilities are removed, the rate falls to 4.4%, a fact shown in the very next figure and rarely mentioned in press coverage.
An independent reproduction achieved similar results on open-weights infrastructure. AISLE demonstrated comparable capability using a 3.6-billion-parameter open-weights model at $0.11 per million tokens. As AISLE put it: “The moat in AI cybersecurity is the system, not the model.”
Glasswing is a private-sector classification regime. As Ottenheimer notes, a single private company has positioned itself as “a de facto clearance-granting body for an ‘uplift’ of vulnerability knowledge, without a statutory basis, without congressional oversight.”
Ottenheimer’s summary is direct: the threat narrative is “ALL marketing and basically no evidence.” His practical advice is clearer still: “Your patching SLA, EDR coverage, network segmentation, MFA enforcement, and asset inventory are still the things that determine your exposure.”
The Middle Ground #
Here is why all three reactions matter: the rebuttal and the playbook are not actually in conflict. They are answering different questions.
Ottenheimer is answering: “Is Anthropic’s headline threat claim well-supported by its own documentation?” His answer is no, and he’s right. The announcement’s dramatic framing is not matched by the evidence in the system card. The governance model is worth questioning. The threat narrative is thinner than the coverage suggested.
The coalition is answering: “What should security leaders actually do about the broader AI-era threat environment?” Their answer is grounded: here is a risk register, here are priority actions, here are diagnostic questions. They take the capability demonstration seriously without buying the existential framing.
These two answers compose into a coherent program:
- Don’t panic. Ottenheimer is correct that the specific Mythos claims don’t justify rebuilding your roadmap.
- Don’t stand still. The coalition is correct that the AI-era threat surface is real, it’s expanding, and existing programs need updated controls for it.
- Keep executing on the fundamentals. Patching SLAs, EDR coverage, network segmentation, MFA enforcement, and asset inventory still drive most of your exposure reduction. That hasn’t changed. It isn’t going to.
- Layer in the AI-specific actions from the coalition briefing. The 13-item risk register and 11-item actions table are the right place to start, AI tool inventory, third-party AI app governance, and updated incident response playbooks for AI-accelerated scenarios.
Fundamentals and the coalition’s additions. Not one or the other.
What This Means for You #
Whether you lead security at your organization, report to someone who does, or are the business leader who gets asked “should we be worried about this?” when a story breaks, the practical steps are the same:
- Read the SANS/CSA/OWASP briefing. The 10 diagnostic questions are worth an hour with your team this month.
- Read Ottenheimer’s analysis. Let it calibrate how much weight you give vendor-sourced threat claims going forward, not just from Anthropic, from anyone selling fear.
- Don’t let your roadmap get pulled into Mythos-specific panic. Do let it get pulled toward better AI governance, tighter third-party AI app controls, and updated incident response playbooks.
- Treat frontier AI vendors as third parties. Same diligence as any other SaaS provider, scope of access, data handling, incident notification, exit options.
The Bottom Line #
The most useful posture in an AI hype cycle is neither “the sky is falling” nor “this is all marketing.” Both positions are easy. Neither is correct.
The middle ground, execute the fundamentals harder and faster, adopt the coalition’s risk register for AI-era additions, and calibrate your skepticism against vendor-sourced threat models, is where mature security programs live. If yours isn’t there yet, that’s a fixable problem, not a permanent one.
That’s what I’m telling clients. That’s what I’d tell you.