Anthropic’s new AI model, Claude Mythos, has sent shock waves through the cybersecurity world after demonstrating what experts describe as unprecedented capabilities in identifying software vulnerabilities and turning them into practical attack methods.
The model, recently unveiled by Anthropic, is not being released to the general public. Instead, the company has given a limited group of organizations early access to its findings through an international coalition called Glasswing, in an effort to give companies time to build defenses and issue patches before the vulnerabilities become widely known.
To understand the scale of the threat, its immediate implications for Israeli companies and the broader shift toward a world in which AI attacks AI, ynet spoke with Omer Or, senior manager and head of cyber at consulting firm KPMG.
Asked what makes Claude Mythos different from previous cyber tools, Or said the danger lies not only in the model’s ability to identify flaws, but in its ability to weaponize them.
“This is a model that presents capabilities orders of magnitude beyond anything we have known before when it comes to identifying and discovering security vulnerabilities across a wide range of software systems,” he said. “The most significant and dangerous breakthrough is its ability to take those vulnerabilities and translate them in practice into what we call an attack vector. In other words, it creates an immediate and practical attack capability.
“Anthropic understood that this model could be used as a lethal cyberattack weapon that the world is still not prepared for, and therefore acted responsibly by not releasing it to the general public. Instead, it established an international coalition called Glasswing, which includes 12 leading companies and about 40 other organizations that received exclusive access to the model’s outputs for 90 days. The goal is to allow them to develop barriers and fixes before the vulnerabilities are exposed.”
According to Or, companies will begin feeling the impact soon. The short-term risk begins in early July, when Anthropic’s 90-day window ends and the vulnerabilities identified by the model, along with their fixes, are expected to be published.
“The threat is divided into the short term and the long term,” he said. “In the short term, starting in early July, when Anthropic’s 90-day period ends, the company is obligated to publish the vulnerabilities that were discovered alongside their fixes.
“From early July, we are expected to see massive publications of thousands of vulnerabilities and security patches across an enormous range of systems, and this will continue on an ongoing basis every day or every week. Organizations today are simply not prepared to deal with such volumes and such speeds of security updates.”
Although the model’s code has not leaked, Or said the long-term risk is no less serious. Documents about it have reportedly been exposed, and the pattern in the AI industry suggests that major companies, as well as hostile states, will try to reproduce similar capabilities.
“The code has not leaked, but many documents about it have been exposed,” he said. “The history and evolution of the AI world teach us that other tech giants, and more importantly hostile countries such as China, Russia, Iran and North Korea, will invest enormous resources and develop similar capabilities within a year to a year and a half.
“Ultimately, we will be left in a reality in which our enemies hold automated attack tools with capabilities and scale that do not exist today even among the most skilled human attackers.”
Companies must move before July
Or said companies should immediately bring the issue to senior management and boards of directors, especially risk committees, and present the implications and an initial action plan.
He said organizations must also reinforce resources and staffing ahead of the expected July wave of vulnerability disclosures, including updating and strengthening service-level agreements with cybersecurity providers so response times are much faster than usual.
A third urgent step, he said, is mapping legacy and operational technology systems, including systems that companies often assume are stable or too old to be attractive targets.
“We recommend several urgent steps,” he said. “The first is immediate reflection to management and the board of directors. The implications and initial action plan must be presented to companies’ risk committees and boards.
“The second step is reinforcing resources and manpower. Ahead of early July, it is important to update and strengthen service-level agreements with cybersecurity providers to ensure response times that are much faster than usual.
“The third step is mapping legacy and operational technology systems. Mythos’ enhanced capabilities do not distinguish between ordinary computing networks and operational systems. The model has already found a 27-year-old vulnerability in the OpenBSD operating system, which was considered especially stable and secure. Companies must take into account legacy systems and operational endpoints such as security cameras, air conditioners and lighting systems.”
The deeper change, Or said, is conceptual. Companies can no longer rely mainly on prevention. They must assume breaches will happen and design systems that can contain intrusions, isolate damage and recover quickly.
“We must move from an almost exclusive focus on defense and prevention to an approach focused on resilience, business continuity and containment, cyber as something that contains and recovers,” he said. “If we compare the organization to a castle where the most valuable assets are kept, the walls and guards are still necessary. However, in the new reality, the board’s assumption must be that the walls will be breached and an intrusion will occur.
“The name of the game is: Does an attacker who entered one room in the castle now have free access to the entire kingdom? The organization must build its architecture so that the breach can be isolated immediately, the truly sensitive secrets can be protected, and it has a very rapid recovery capability, like a contractor on standby who closes the wound the moment the attacker is repelled.”
AI attackers will require AI defenders
If the speed and scale of attacks increase dramatically, Or said human cybersecurity teams will not be able to keep up on their own. Security operations centers that rely on manual processes will be overwhelmed.
The only answer, he said, is to deploy defensive AI agents that continuously scan networks, detect vulnerabilities in real time and, in some cases, fix or block threats autonomously.
“They won’t be able to, and that is the major long-term challenge,” he said. “The only solution is integrating AI agents and tools on the defender’s side. Security operations centers that rely on manual and human processes will simply be flooded and collapse. The defender will have to deploy AI tools that run continuously on the network, identify vulnerabilities in real time, and in some cases carry out the repair and blocking work autonomously.
“We are moving into a world in which the attacker’s AI will fight the defender’s AI, under human supervision. We are already encountering companies that are beginning to implement such automated tools, which display an online resilience dashboard instead of slow manual surveys.”
But adding more AI to corporate systems also creates new risks. AI tools can themselves become attack vectors, including through prompt injection or training biases that lead to unlawful or discriminatory conclusions.
“There is definitely a risk, because AI itself is a vector for attacks and vulnerabilities, whether through prompt injection or through learning biases that could lead to illegal or discriminatory conclusions,” he said.
“That is why organizations will have to ensure that the deployment of AI agents is done securely and under supervision. What is needed here is close cooperation, the creation of alliances and coalitions between companies and regulators, exactly as Anthropic did with Glasswing, in order to pool resources against the shared threat.”
From privacy breaches to life-threatening attacks
For ordinary users, Or said, the threat appears in almost every interaction with a company or organization. At the basic level, it could mean mass leaks of customer details, ID numbers or credit card information. At the higher end, the danger could be life-threatening.
“The end user encounters this threat in almost every interface with an organization or company,” he said. “At the basic level, this is a serious threat to privacy, with leaks of thousands of customer details, ID numbers or credit cards. At the higher level, this is a real threat to human life. We have already seen hospital hacks that shut down systems and moved work to manual mode, causing critical delays in admitting patients.
“In the new era, the great fear is direct harm to life-saving systems, such as robots performing surgery in real time. Shutting down or disrupting such a robot during a surgical procedure would be a catastrophic event. That is why the state and regulators must focus first and foremost on securing critical infrastructure: energy, water, health and security bodies.”
Or said executives who still calculate that it may be cheaper to absorb the damage from a breach than invest heavily in advanced defense, need to revisit that equation. The risk has changed, he said, and boards must now weigh reputational collapse, lawsuits and regulatory sanctions.
“That definition is correct, and ultimately this is a business decision by the board of directors, not by technology people,” he said. “But our central argument is that the risk equation has changed completely. The calculations on which management relied in recent years are no longer relevant. The threat has increased dramatically, and the board is obligated to seriously reexamine the calculation.
“They must ask themselves whether the organization is prepared to absorb severe reputational damage. Is it ready for potential massive lawsuits and sanctions over failure to comply with regulation? Whoever acts quickly, invests in resilience, business continuity and continuous AI-based defense systems that live online against the attacker, will ensure the relevance of their organization and even turn this major challenge into a business opportunity.”