What is Claude Mythos and why it stirs such emotions

Claude Mythos Preview is the next generation of Claude language models from Anthropic — a direct competitor to OpenAI's ChatGPT. While previous models like Claude Opus 4.6 or Opus 4.8 excelled at programming and basic bug detection in code, Mythos, according to Anthropic itself, represents a significant step forward.

"You can present the model with a massive amount of source code and simply say: look for security gaps. And it actually finds them," explains Professor Tramèr, head of cybersecurity research at ETH Zurich. "Previously this required highly specialized experts or very complex tools. Now surprisingly little human expertise is needed."

As part of its Project Glasswing, Anthropic revealed that Claude Mythos found over 10,000 critical vulnerabilities in a single month of testing — including bugs that previous tools had overlooked for years. The model identified vulnerabilities in the Linux operating system, the Firefox web browser, and other widely used programs.

One hacker, thousands of attempts

The greatest risk, according to Tramèr, is not that Claude Mythos is a cyber weapon in itself. The problem lies in the multiplier effect. "A single hacker can suddenly try thousands of attack variants. When one fails, they try another. This dramatically increases the risk for companies, government institutions, and ordinary users," he warns.

Tramèr emphasizes, however, that discovering a vulnerability does not yet mean a successful attack. "There is often a complex path between finding a bug and a working exploit. Specialized knowledge is still needed for an attacker to bypass protective mechanisms." Even so, he says, these models will help even less experienced attackers achieve much more than before. "And that is precisely where the real danger lies."

Does it help defenders or attackers more?

According to Tramèr, this is the crucial question to which there is no clear answer yet. "In an ideal scenario, AI systems would identify critical bugs before hackers discover them. Software would become more secure overall. In the worst case, however, so many new vulnerabilities will emerge that defenders won't be able to patch them all in time."

The key problem remains slow software updates. "Many people and organizations either don't install updates at all, or do so with considerable delay. When suddenly many more critical holes are uncovered, the risk of massive exploitation of unprotected systems rises sharply," Tramèr warns.

Debates about whether it helps defenders or attackers more are also ongoing in the broader expert community. Anthropic itself admits that it does not yet know the full scope of the model's capabilities — and that is precisely why it is keeping it under lock and key.

Europe out of the game: Anthropic only grants access to American companies

A controversial aspect of the entire project is that Anthropic has so far made Claude Mythos available only to selected American technology companies. Giants like Google, Microsoft, and Apple are participating in Project Glasswing, but European institutions — including top universities like ETH Zurich — remain on the sidelines.

"Anthropic appears to be following a strongly America-centric security logic for now. Europe plays only a marginal role in it," Tramèr comments. "Models of this type have potential significance for national security, intelligence services, and the military. If access remains restricted to American entities, these entities will gain an advantage for some time."

At the same time, he adds that in AI development we repeatedly see how other commercial providers and the open-source community catch up relatively quickly. "The question is, how quickly."

For Czech companies and institutions, this means one thing: do not rely on AI to find vulnerabilities for you. With the arrival of models capable of finding bugs on a massive scale, the time to react is dramatically shrinking. Investments in your own tools for automated security testing are no longer optional.

It wasn't trained for hacking — it learned it on its own

An interesting detail that Tramèr emphasizes in the interview is how these capabilities emerged. Anthropic did not train Claude Mythos specifically for cybersecurity, but for programming in general. Programming is an ideal discipline for AI training — results are easily verifiable, code either works or it doesn't. Moreover, millions of developers actively use Claude, which has given Anthropic an enormous amount of valuable training data.

"Claude Mythos is an extremely large and expensive model — something that currently lacks commercial viability for the general public," Tramèr notes. That also explains why the model is not yet publicly available. Its operation would be too costly for everyday deployment.

According to Platformer, cybersecurity experts agree that similar capabilities will likely soon appear in competing models or open-source alternatives in some form.

What it means for the average user

For the end user, the basic security rules remain unchanged: regularly update your software, be careful with access permissions, and don't install unknown programs. What is changing, however, is the scale and speed of threats. Attacks will be more targeted, more numerous, and more sophisticated.

For companies that develop or operate software, security is becoming even more important — and more expensive — than before. Claude Mythos, according to Tramèr, is not a complete upheaval, but it sends a clear signal: the fundamental rules of cybersecurity are changing.

Claude is available in the Czech Republic through the web interface at claude.ai and the API. The model understands Czech, although it primarily communicates in English. Claude Mythos itself, however, remains locked to selected partners, and we will have to wait for its public release.