Anthropic's most powerful cybersecurity model, Mythos, is about to be fully launched, but its "high price" is causing businesses to complain.

Anthropic's most powerful cybersecurity model, Mythos, is about to be fully launched, but its "high price" is causing businesses to complain.

```

Mythos can identify two dozen critical vulnerabilities in three weeks, but it can also burn through a million dollars of your money in the same timeframe.

According to The Information, Anthropic announced on Thursday that it plans to open its "Mythos-level model" to all customers in the coming weeks. Previously, Mythos was only available for internal testing to a handful of companies due to concerns it could be used to carry out cyberattacks.

This news is significant for the cybersecurity industry. Mythos is considered one of the most powerful cybersecurity-specialized AI models on the market—testing by a UK-based AI evaluation agency showed Mythos significantly outperformed OpenAI’s comparable model GPT-5.5-cyber on complex cybersecurity tasks.

But with greater capability comes greater cost. Anthropic itself admits that Mythos's price per token is about six times that of its existing high-end public model, Opus. And Opus is already considered an expensive product in the market.

Burning a Million Dollars in Three Weeks: The Real Bills of Early Testers

Palo Alto Networks was among the first companies to get access to Mythos for internal testing.

According to Sam Rubin, the company's SVP of Threat Intelligence, Mythos found over a dozen (more than 24) critical vulnerabilities in about three weeks, roughly five times the number typically found with the company's current tools.

At the same time, the company also "very quickly" consumed more than $1 million in token quota.

Another Mythos tester said that simply using the model for a few weeks could result in costs as high as several million dollars.

Notably, Anthropic is currently subsidizing the cost for early testers, so Palo Alto Networks did not pay out of pocket. But once commercialization is in full swing, companies will have to foot the bill themselves.

“Expensive, but worth it”—How Companies Justify the Spend

Cloud security firm Zscaler is also using Mythos to scan its own code for vulnerabilities. EVP Dhawal Sharma admitted that Mythos is "an order of magnitude" more expensive than traditional code scanning tools, but said: "We believe the investment is worth it."

The logic behind this is supported by the numbers: According to the FBI, losses due to cyberattacks in the U.S. last year were nearly $21 billion, a significant rise from $16.6 billion the previous year. Major data leaks can cost companies tens or even hundreds of millions of dollars in legal fines and compensation.

Ryan Downing, CIO for enterprise business at Principal Financial Group, said the buzz around Mythos "is prompting all organizations to re-examine their security posture." The company manages close to $800 billion in assets.

Downing said: "In the past, there was always a time gap between a vulnerability being discovered and being exploited, and many processes were built on this assumption. But that assumption no longer holds."

“Tough Conversations”: CFOs Are Getting Pulled In

IT services firm Veeam has not yet gained access to Mythos, but has already begun increasing its cybersecurity tool budget, including advanced AI models for code vulnerability scanning.

Veeam CISO Gil Vega revealed that this decision triggered some "tough conversations" with the company's CFO.

Ultimately, the company approved a higher budget. The reason is pragmatic: Veeam’s annual revenue exceeds $1 billion, and it serves many federal government clients—"losing customer trust would be an existential threat to the business."

Vega said: "Doing this level of code review with AI tools is extremely expensive. But with so many high-profile hacking incidents lately, we don't want to be next."

This budget pressure is spreading. Sam Rubin said he has spoken with hundreds of corporate security officers, all planning to increase security budgets to address AI-driven hacker threats.

"Mythos has elevated the importance of this to the point where the board, CFO, and CEO are all asking 'Is our security program ready," Rubin said. "CFOs are now more willing to listen to CISOs about security preparedness, so I do think budgets will increase."

Since Mythos was announced in April this year, Palo Alto Networks' stock price has risen by more than 50%.

How Companies Cut Costs: Prompt Engineering and the “Layered Model” Strategy

Faced with high costs, early users have developed cost-reduction methods.

Scott Roberts, CISO of enterprise software company UiPath, revealed that his team’s initial AI task prompts consumed about 150,000 tokens just to “warm up” the model. At standard AI model pricing, each warmup would cost several dollars, adding up to a significant total.

Later, the team optimized the prompt so the warmup stage only used 3,000 tokens. Roberts noted that this kind of “prompt engineering” isn’t unique to UiPath—other companies are using similar methods.

Palo Alto Networks adopted another strategy: letting Mythos plan the “intrusion plan,” but handing off execution of tasks to the cheaper Opus 4.7 model, reducing overall costs.

Nonetheless, UiPath still budgets several million dollars a year for AI tools (including for security purposes) and also buys from startups like Echo to reduce potential vulnerabilities that hackers could exploit.

Anthropic’s Business Logic: High Gross Margin or High Cost?

The general availability of Mythos is a significant move for Anthropic’s business strategy.

Previously, Anthropic’s revenue growth in programming and workplace AI tools had already surpassed OpenAI. The launch of Mythos is a key step in entering the enterprise cybersecurity market.

However, Anthropic admits that Mythos's operating costs are extremely high. While it charges a high premium, the impact of this cost structure on the company’s gross margin is not yet clear.

Meanwhile, OpenAI is also advancing its cybersecurity model GPT-5.5-cyber in a similar manner, currently available for testing only to a handful of companies, not yet officially released.

Notably, both Anthropic and OpenAI have recently had incidents where unpublished models and internal data were accessed by unauthorized users—these two companies, which help others strengthen security, have exposed their own vulnerabilities.

Risk reminders and disclaimerThe market has risks, and investment needs caution. This article does not constitute personal investment advice and does not take into account individual users’ specific investment goals, financial situation or needs. Users should consider whether opinions, views, or conclusions in this article fit their own circumstances. You bear full responsibility for any investments made accordingly. ```