Anthropic Unveils Mythos: A New Frontier AI Model for Cybersecurity Defense

The landscape of artificial intelligence and cybersecurity is shifting once again. This week, Anthropic introduced a preview of its latest and most advanced AI system, dubbed Mythos. This frontier model marks a significant step in applying sophisticated AI to the critical task of protecting digital infrastructure. While not exclusively designed for security, its initial deployment is focused on a groundbreaking defensive initiative called Project Glasswing.

Project Glasswing: A Collective Defense Initiative

So, what exactly is Project Glasswing? In essence, it’s a collaborative security effort where a select group of twelve leading organizations will harness the power of the Anthropic Mythos AI model. Their mission is clear: to conduct defensive security work and secure vital software systems. This means deploying the model to scan both proprietary and open-source code for hidden weaknesses. The goal isn’t just to find bugs, but to create a more resilient software ecosystem for everyone.

Therefore, the initiative is built on a principle of shared knowledge. Partners, which include tech giants like Amazon, Apple, Microsoft, and security leaders like CrowdStrike and Palo Alto Networks, will ultimately pool their insights from using Mythos. This collective intelligence is intended to benefit the wider technology industry, raising the baseline for security practices. Access to the Mythos preview remains limited, with only 40 organizations outside the core partnership gaining entry.

The Power and Purpose of the Mythos Model

Building on this collaborative framework, the Anthropic Mythos AI model itself is a general-purpose system within the Claude family. Anthropic classifies it as a frontier model, representing their most sophisticated and high-performance offering to date. It’s engineered for complex tasks that require advanced reasoning and agentic capabilities, particularly in coding. This makes it uniquely suited for the intricate work of parsing millions of lines of code to identify subtle flaws.

In fact, the early results are striking. Anthropic reports that in just a few weeks of testing, Mythos identified thousands of previously unknown zero-day vulnerabilities, many classified as critical. Remarkably, a significant portion of these security holes had lurked undetected in codebases for ten to twenty years. This demonstrates the model’s potential to audit legacy systems that human teams might struggle to review comprehensively. For more on how AI is transforming code analysis, see our article on the future of automated code review.

From Leak to Launch: The Mythos Backstory

The path to Mythos’s official announcement was unconventional. News of the model first surfaced last month due to a data security incident reported by Fortune. A draft blog post, which referred to the model under the codename “Capybara,” was inadvertently left in an unsecured, publicly accessible data cache. The leaked document was unequivocal, calling it “by far the most powerful AI model we’ve ever developed” and noting it far exceeded the capabilities of their current public models in areas like software coding and cybersecurity.

This leak highlighted a core tension in developing such powerful technology. The same capabilities that make Mythos a potent tool for defense could, in theory, be weaponized by malicious actors to find and exploit vulnerabilities instead of fixing them. Anthropic has acknowledged engaging in discussions with federal officials regarding the model’s use, though these talks are reportedly complicated by an ongoing legal dispute with the Pentagon over supply-chain risk designations.

Navigating the Risks of Advanced AI Development

Consequently, the rollout of Mythos occurs against a backdrop of heightened scrutiny for AI labs. The accidental exposure of source code files in a recent Claude software update serves as a reminder of the operational challenges these companies face. As they push the boundaries of capability, ensuring robust internal security and responsible deployment becomes paramount. The controlled, partner-focused launch of Project Glasswing appears to be a deliberate strategy to mitigate potential misuse while maximizing defensive benefits.

Ultimately, the debut of the Anthropic Mythos AI model represents more than just a technical milestone. It signals a growing trend of applying frontier AI to systemic, real-world problems like cybersecurity. By focusing its initial power on a collaborative, defensive mission, Anthropic is attempting to set a precedent for how the most advanced AI systems can be integrated into critical infrastructure safely and effectively. The success of Project Glasswing could redefine industry standards for proactive software defense. Learn about other enterprise AI security projects shaping the market.

US Agencies Warn of Escalating Iranian Cyberattacks on Critical Infrastructure

A stark warning from America’s top security agencies signals a dangerous new phase in cyber conflict. The FBI, the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Energy have jointly revealed that Iranian government-backed hackers are actively targeting the nation’s most vital systems. Their goal is not just espionage, but to inflict tangible disruption on American soil.

A Shift Towards Disruption and Damage

This represents a significant tactical escalation. Historically, many state-sponsored cyber operations focused on intelligence gathering. Now, the advisory indicates a clear intent to cause “operational disruption and financial loss.” The hackers are specifically going after the operational technology that keeps the country running: programmable logic controllers (PLCs) and supervisory control and data acquisition (SCADA) systems. These are the digital brains behind water treatment plants, power grids, and local government facilities.

Consequently, the threat is no longer theoretical. Reports confirm that attackers have successfully manipulated information displayed on these critical devices and tampered with project files that store essential configurations. This level of access could allow them to alter chemical levels in water, disrupt energy flow, or shut down vital public services.

Understanding the Iranian Hacking Threat Landscape

The advisory points to the broader geopolitical context as a catalyst. This cyber offensive appears linked to ongoing tensions, including recent military actions. In response, Iranian cyber units have shifted from stealthy intrusions to overtly disruptive attacks.

Building on this, a group known as Handala has been particularly active. This state-backed entity has been implicated in several high-profile incidents beyond infrastructure. For instance, they were blamed for a major breach at the medical technology company Stryker, where they used the firm’s own security tools to remotely wipe thousands of employee devices. They have also been linked to the leak of sensitive emails from an FBI official’s account.

Which Sectors Are Most at Risk?

The joint advisory explicitly names water and wastewater systems, the energy sector, and local government facilities as primary targets. These sectors often rely on older, internet-connected industrial control systems that were not designed with today’s advanced threats in mind. Their operational disruption carries immediate public safety and economic consequences.

Therefore, securing these environments is paramount. Organizations must move beyond traditional IT security and adopt frameworks designed for industrial control systems. For more on protecting operational technology, read our guide on industrial control system security.

How Should Organizations Respond?

In light of this warning, immediate action is required. The agencies recommend several defensive measures. First, critical infrastructure operators should conduct thorough inventories of all internet-facing PLC and SCADA devices. Second, implementing robust network segmentation is crucial to isolate industrial control systems from corporate IT networks. Third, applying all available security patches and updates for these specialized systems can close known vulnerabilities.

This means that proactive monitoring for anomalous activity on these networks is no longer optional. Security teams need to look for signs of unauthorized configuration changes or unusual access patterns. For a deeper dive into threat detection, explore our resource on advanced network anomaly detection.

The Broader Implications for National Security

The warning underscores a troubling convergence of physical and digital warfare. Alongside these cyber campaigns, Iran has also conducted missile and air strikes against U.S.-associated data centers in the region, causing widespread cloud service instability. This multi-domain approach aims to maximize pressure and demonstrate capability.

Ultimately, the advisory serves as a urgent call to action for both the public and private sectors. Defending critical infrastructure from Iranian hackers requires a coordinated, resilient, and well-funded strategy. The security of the nation’s water, power, and essential services depends on the ability to adapt to this evolving threat faster than the adversaries can innovate their attacks.

FBI Report Reveals $17.7 Billion Cyber Fraud Losses as AI Scams Surge

The financial toll of online crime has reached a staggering new peak. According to the latest data from the FBI, victims in the United States suffered cyber fraud losses exceeding $17.7 billion in 2025. This alarming figure, detailed in the bureau’s annual Internet Crime Report, represents a significant increase from the $16 billion lost the previous year and underscores a rapidly escalating threat landscape.

Building on this trend, the FBI’s Internet Crime Complaint Center (IC3) fielded more than a million complaints last year. This translates to nearly 3,000 reports of suspected cybercrime every single day, a sharp rise from the 859,532 complaints recorded in 2024.

Cryptocurrency Scams Top the List of Financial Losses

So, which schemes are draining the most money from victims? Cryptocurrency investment fraud sits firmly at the top. This single category was responsible for a colossal $7.2 billion in losses. Typically, these scams lure individuals with promises of extraordinary, guaranteed returns. Instead of profits, victims find that the fraudsters—and their funds—vanish without a trace.

Business Email Compromise Remains a Major Threat

In addition to crypto scams, Business Email Compromise (BEC) continues to be a highly effective tool for criminals. This method, which involves compromising or spoofing corporate email accounts to authorize fraudulent wire transfers, accounted for over $3 billion in losses in 2025, securing its place as the second costliest cybercrime.

Tech Support and Identity Theft Round Out Major Threats

Meanwhile, fake tech or customer support scams defrauded Americans of more than $2 billion, making it the third-largest source of cyber fraud losses. Other persistent threats like identity theft, data breaches, and ransomware also contributed significantly to the year’s devastating financial totals.

The Rising Cost of AI-Enabled Cyber Fraud

Perhaps the most ominous development in the 2025 report is the formal recognition of artificial intelligence as a weapon for fraudsters. For the first time in its 25-year history, the Internet Crime Report included a dedicated section on AI-enabled crime. Victims lost nearly $893 million to these sophisticated schemes, with the IC3 receiving 22,364 related complaints.

“AI-enabled synthetic content is becoming increasingly difficult to detect and easier to make,” the report states. This allows criminals to craft highly convincing fraud schemes targeting individuals, businesses, and financial institutions. The technology is being used to generate phishing emails and create full-fledged audio and video deepfakes. These tools empower everything from romance scams to elaborate plots where fake personas are used to secure remote jobs, only to defraud the company from within. For more on evolving digital threats, see our guide on understanding modern phishing attacks.

Therefore, the line between reality and digital fabrication is blurring, creating unprecedented challenges for security.

A Call for Vigilance in a Digital Age

In response to these evolving dangers, the FBI has issued a stark warning. “It has never been more important to be diligent with your cybersecurity, social media footprint, and electronic interactions,” said Jose A. Perez, operations director for the FBI’s Criminal and Cyber Branch. He added that cyber threats will continue to evolve as the world adopts new technologies like AI.

Consequently, proactive defense is no longer optional. Earlier this year, the FBI launched Operation Winter Shield, an initiative outlining critical actions organizations must take to bolster their defenses. This move highlights the need for a shift from reactive to preventative security postures. Learn how to strengthen your organizational defenses with our resource on protecting against Business Email Compromise.

Ultimately, the data paints a clear picture: while technology creates opportunity, it also opens new avenues for exploitation. The record-breaking cyber fraud losses of 2025 are a powerful reminder that awareness, skepticism, and robust digital hygiene are essential personal and corporate responsibilities.