Don't panic! Cybersecurity experts: The "hacker panic" caused by Mythos has been greatly exaggerated.

Don't panic! Cybersecurity experts: The "hacker panic" caused by Mythos has been greatly exaggerated.

```

About a month after the release of Anthropic’s AI model Mythos, concerns that it might trigger large-scale hacking attacks are increasingly seen as exaggerated by cybersecurity professionals.

Although the launch of Mythos initially sparked heightened vigilance among governments and financial regulators—with officials from multiple countries urgently assessing risks with the banking sector and the White House considering new regulations to control the release process of AI models—the cybersecurity industry’s response has been much calmer than those from policymakers.

According to the latest Reuters report, several security experts noted that while the capabilities represented by Mythos are real advances, the narrative depicting it as about to trigger a security crisis does not match the actual situation.

This gap in perception impacts both the market and policy direction. On one hand, bank IT teams are actively patching system vulnerabilities and regulators continue communicating with various institutions. On the other hand, the overblown threat narrative has, objectively, amplified Anthropic’s market presence and industry standing.

A Deep Perception Gap Between Practitioners and Policymakers

When Mythos was released in April this year, Anthropic warned that the model had discovered thousands of software vulnerabilities across all mainstream operating systems and browsers, and cautioned that its proliferation could have serious consequences. This statement swiftly led to a chain reaction: government officials from several countries consulted urgently with banks, and the White House began considering restrictions on releasing new models.

However, cybersecurity practitioners’ assessment has been quite different. Isaac Evans, founder and CEO of software security company Semgrep, said, "There’s a huge communication gap between practitioners and policymakers." He acknowledged that Mythos represents "real technological progress," but emphasized that outside reactions "do not align with our understanding of how these capabilities convert in practice."

A researcher with extensive vulnerability research experience who had early access to Mythos told Reuters, "Months, even years ago, we were already using AI to find more vulnerabilities than we knew how to handle." In his view, the real challenge isn’t discovering vulnerabilities, but verifying, prioritizing, and fixing them without breaking systems.

Mythos' Real Capabilities: Lowered Entry Barrier, Not a Disruptive Breakthrough

Security experts do not deny the technical value of Mythos, but provide a more nuanced assessment of its actual impact.

Anthony Grieco, Senior Vice President and Chief Security & Trust Officer at Cisco (CSCO), pointed out that the novelty of Mythos lies in its ability to not only identify vulnerabilities but also scan massive amounts of code faster, and help experienced professionals reduce false positives so defenders can focus on the most urgent risks. He also noted that this model has fewer guardrails than previous ones, enabling users to craft more targeted commands and perform operations that older models couldn’t.

The aforementioned individual with early access also said that Mythos "can discover more vulnerabilities with simpler prompts," meaning the threshold for use has dropped—previous models required more detailed and complex instructions. However, he stressed that most institutions lack the ability to handle and verify large numbers of newly discovered vulnerabilities, which is the bigger challenge brought by Mythos-level models.

Grieco used a racing analogy: "If you have a Formula One car but have only ever ridden a bicycle, you might be able to drive it straight, but you certainly can’t clock the best lap time right away." He pointed out that to fully utilize Mythos’ capabilities, institutions need sufficient computing power and strict "operational frameworks"—that is, the computing environment and command constraint systems that large language models depend on within organizations.

Threat Narratives Amplified Anthropic’s Presence

Notably, Anthropic’s phrasing—and its invitation to certain organizations to participate in a defensive testing project called "Project Glasswing"—has pushed Mythos-related discussions far beyond the usual security circles. Reuters reports that this "all hands response" has amplified perceived threats and raised Anthropic’s industry status, even though the Pentagon classifies it as a supply chain risk, while other government departments are scrambling to gain access.

White House officials told Reuters that they are discussing broader use of its technology with AI labs. An Anthropic spokesperson said the company is "working closely with the US government to rapidly advance shared priorities" and is committed to enabling more parties to access Mythos.

According to a previous Bloomberg report, the Fed and the Office of the Comptroller of the Currency (OCC) have paused certain cybersecurity-related inspections at some major banks to give them time to assess and fix system vulnerabilities exposed by Mythos. Federal Reserve vice chair for supervision Michelle Bowman said regulators will "continue to monitor significant developments, communicate relevant risks to regulated institutions, and continually improve cybersecurity oversight."

The Real Risk: After Discovering the Vulnerabilities

Several experts pointed out that placing Mythos at the heart of a security crisis narrative ignores a basic issue: Using AI to find vulnerabilities is not new—the real challenge comes after the vulnerabilities are found.

Cynthia Kaiser, former senior FBI cybersecurity official and now at Halcyon, said, "Our adversaries have been very capable even without AI. Ransomware attacks can be executed in an hour, and most threats do not depend on AI at all."

Currently, Mythos’ high computing power and infrastructure requirements limit its usage to a certain extent. But experts warn that this barrier won’t last long. Nick Adam of State Street Financial Services said during a Vanderbilt University panel discussion, "The architecture is not yet optimized; the thresholds in computing infrastructure and operational frameworks do exist—but will be resolved soon."

Risk Disclosure and DisclaimerMarkets involve risk; investment should be cautious. This article does not constitute personal investment advice, nor does it take into account the specific investment goals, financial situation, or needs of individual users. Users should consider whether any opinions, viewpoints, or conclusions in this article fit their own circumstances. Invest accordingly at your own risk. ```