Anthropic’s Mythos Preview model now operates as a defensive cybersecurity tool across power grids, water systems, healthcare networks, and communications infrastructure in more than 15 countries. The deployment follows evaluations by the UK AI Security Institute confirming the model can solve multi-step cyber range exercises designed to simulate real attacks on critical systems. That capability, paired with the model’s discovery of at least one open-source software vulnerability, has opened a sharp debate: whether an AI system powerful enough to autonomously crack simulated infrastructure defenses can be reliably confined to the defender’s side of the line.
Confirmed capabilities and the vulnerability trail
The strongest piece of independently verifiable evidence tying Mythos Preview to real-world security work is a National Vulnerability Database record, a vulnerability entry affecting wolfSSL, a widely used open-source cryptographic library embedded in Internet-of-Things devices, automotive firmware, and industrial controllers. Anthropic references this CVE as a concrete example of what Mythos Preview can find when pointed at production codebases. The NVD entry itself confirms the vulnerability exists, though the record does not attribute the original disclosure to Anthropic or to any specific AI-assisted workflow.
Separately, the UK government’s dedicated AI safety body, accessible via the AI Security Institute site, has published evaluation results showing Mythos Preview solving cyber ranges, the controlled attack-and-defend environments that governments and militaries use to stress-test infrastructure defenses. Anthropic cited those AISI findings in its own May 22 update as third-party validation of the model’s defensive value. The evaluation framework sits under the UK Department for Science, Innovation and Technology, whose broader remit and regulatory context are outlined on the department’s official government pages, which house the structures governing frontier AI assessments in the UK.
On the academic side, Anthropic pointed to ExploitGym, an exploit-development benchmark published on arXiv, as additional proof of Mythos Preview’s performance against prior models. The arXiv listing provides task definitions and evaluation criteria for measuring how well an AI system can generate working exploits from vulnerability descriptions. Anthropic’s summary references ExploitGym scores, but the academic paper itself does not contain independently reported Mythos-specific performance numbers, leaving those claims dependent on Anthropic’s own reporting.
Gaps in the public record
Several claims central to the headline remain difficult to verify through primary sources. No publicly available AISI dataset or UK government publication names the specific countries, grid operators, water utilities, or hospital networks currently running Mythos Preview. The “more than 15 countries” figure originates from Anthropic’s own communications rather than from an independent audit or regulatory filing. Without a disclosed operator list, outside researchers cannot confirm the geographic or sectoral scope of the deployment, or assess whether deployments cluster in a few allied jurisdictions or span a more diverse set of regulatory environments.
The CVE-2026-5194 record, while real, does not include a timeline linking Anthropic or Mythos Preview to the discovery or responsible disclosure of the wolfSSL flaw. Standard NVD entries credit reporters and assign disclosure dates, but the current record does not attribute the find to an AI system. That gap leaves open the question of whether Mythos Preview identified the vulnerability autonomously, assisted a human researcher, or was credited after the fact as part of a broader internal tooling stack. It also complicates efforts to evaluate how often Mythos Preview contributes to novel, previously unknown vulnerabilities versus re-identifying issues already under investigation.
Access controls around the model also lack public documentation. Bloomberg reported in April that Apple and Amazon received early access to the Mythos system during the initial Glasswing launch phase, establishing a pattern of controlled rollout through large technology partners. That reporting, however, did not include contract language, usage restrictions, or details about how access expanded from corporate partners to operators of water treatment plants or electrical grids. The mechanism by which critical infrastructure defenders gained access, and under what safeguards, has not been made public by Anthropic or by any regulator, leaving a blind spot around how tightly usage is constrained to defensive purposes.
Separating primary evidence from promotional framing
Readers tracking this story should distinguish between three tiers of evidence. The first tier consists of independently maintained records: the NIST NVD entry for the wolfSSL vulnerability, which anyone can inspect, and the AISI evaluation reports, which carry the weight of a government-affiliated testing body. These sources confirm that the vulnerability is real and that the UK’s AI safety apparatus has tested Mythos Preview against structured cyber exercises designed to approximate real-world infrastructure attacks.
The second tier is institutional reporting. Bloomberg’s account of Apple and Amazon gaining early Mythos access provides dated, sourced context about the rollout sequence and suggests a strategy of seeding the model with large, well-resourced partners before moving toward more sensitive environments. The ExploitGym benchmark on arXiv offers a methodological framework for measuring exploit-generation skill, though it functions as an upstream academic tool rather than a direct scorecard for Mythos. Together, these sources sketch a plausible technical and commercial backdrop without directly verifying Anthropic’s most expansive claims.
The third tier is Anthropic’s own characterization of its deployment footprint and model performance. The company’s May 22 update ties these threads together into a narrative of defensive AI protecting infrastructure across continents and sectors. That narrative is consistent with the supporting evidence but not fully grounded in independently verifiable disclosures. The load-bearing claim-that Mythos Preview is actively defending networks in more than 15 countries-rests primarily on Anthropic’s word rather than on operator confirmations, procurement records, or regulatory filings.
Understanding these tiers matters because they map directly onto risk. If Mythos Preview truly performs as described in AISI’s cyber ranges, then it represents a powerful new instrument for defenders struggling to keep pace with increasingly automated attacks. Yet the same capabilities that allow it to chain together multi-step exploits in a controlled environment could, in principle, be redirected toward offensive operations if access controls fail or if the model leaks beyond its intended user base.
The dual-use dilemma for defensive AI
The central tension is not whether Mythos Preview is technically capable; the available evidence from government testing and vulnerability discovery strongly suggests that it is. The unresolved question is whether institutions can reliably constrain such a system to defensive roles when its core competency-rapidly understanding and exploiting complex systems-is inherently dual-use. Cyber ranges, by design, reward the same behaviors attackers prize: lateral movement, privilege escalation, and creative chaining of misconfigurations into workable attack paths.
Anthropic’s framing emphasizes guardrails, internal red-teaming, and partnerships with public-sector bodies as mitigations. However, absent detailed public documentation of access pathways, monitoring regimes, and incident response procedures, outside observers are left to infer those safeguards rather than evaluate them. For critical infrastructure operators, that opacity complicates procurement decisions: they must weigh the potential uplift in defensive capacity against the possibility that a misconfigured deployment, insider threat, or compromised API key could turn a defensive asset into an accelerant for attackers.
Regulators face a parallel challenge. Bodies connected to the UK’s AI oversight architecture have begun building testbeds and evaluation protocols, but they have not yet articulated a comprehensive framework for certifying or licensing AI systems that directly interface with operational technology. In the absence of such a framework, much of the responsibility for safe deployment rests with individual vendors and operators, whose incentives may not always align with broader systemic risk reduction.
For now, the public record supports a cautious but incomplete picture: Mythos Preview appears technically capable of high-end cyber operations and has at least one documented touchpoint with real-world vulnerability discovery, while its deployment across critical infrastructure remains largely self-reported and opaque. Whether this model ultimately strengthens global cyber resilience or deepens the attack surface will depend less on its raw capabilities than on the governance, transparency, and oversight structures that grow up around it.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
