Anthropic’s launch of Claude Mythos is being described by AI security expert Nanne van ’t Klooster of Rewire as a turning point for cybersecurity, with the model’s arrival signalling the start of an arms race between autonomous AI agents that humans may struggle to match.
The model was released last week but has not been made available to the general public, with access restricted instead to a consortium of technology companies through an initiative called Project Glasswing.
Restricted Release and Early Security Impact
Claude Mythos has delivered significant advances in reasoning, programming and related capabilities. Anthropic has chosen to limit access initially, allowing major organisations including Apple, Amazon Web Services, Google, Microsoft and NVIDIA to use the model before any broader release.
Van ’t Klooster says the reason is already evident in the model’s performance. In a short period, Claude Mythos is said to have identified thousands of critical security vulnerabilities in operating systems and web browsers, including flaws that had remained undetected for as long as 27 years. He says the participating companies are being given an opportunity to strengthen their security and use the model to identify and remediate vulnerabilities in critical software.
FCRF Returns With CDPO, Its Premier Data Protection Certification for Privacy Professionals
Rise of Cybersecurity Agents
According to Van ’t Klooster, the developments around Claude Mythos point to a fundamental shift in the cybersecurity landscape. Tasks once handled by human experts, including penetration testing, ethical hacking, vulnerability detection and remediation, can now be carried out by AI agents that continuously scan systems for weaknesses.
He says that organisations will soon be able to deploy their own agents to search constantly for emerging threats and vulnerabilities. They also describe a growing capability for such agents to systematically explore available pathways, write code independently, expand access rights and gain additional privileges. Van ’t Klooster says these actions can take place unnoticed, with agents showing considerable creativity in executing evasive manoeuvres in real time.
Keeping Humans in the Loop
Van ’t Klooster argues for a structured model in which organisations build both offensive and defensive AI teams that continuously challenge one another. At the same time, he warns that overreliance on automated systems could create a serious weakness if people no longer understand how their own security systems work.
His view is that human involvement remains essential even as AI agents take on a larger role. He also describes the arrival of Claude Mythos as a wake-up call for organisations experimenting with their own AI agents, arguing that many pilot projects remain focused on potential return on investment while giving too little attention to security. His warning is that the question is no longer whether an organisation will be targeted, but when, and whether it will be prepared.
About the author – Rehan Khan is a law student and legal journalist with a keen interest in cybercrime, digital fraud, and emerging technology laws. He writes on the intersection of law, cybersecurity, and online safety, focusing on developments that impact individuals and institutions in India.
