Anthropic plans to provide Mythos access to European banks soon, marking an expansion of the powerful vulnerability-detection model beyond its current limited group of critical industry partners.
The Cybersecurity and Infrastructure Security Agency, the country's top cyber defense agency tasked with securing everything from banks to power plants, does not have access to Mythos, even though other government agencies are using it.
Mozilla's early testing of Mythos Preview demonstrated the model's capabilities in concrete terms. The company identified 271 security vulnerabilities in Firefox 150 using the AI tool, compared to only 22 security-sensitive bugs that Anthropic's Opus 4.6 model found when analyzing Firefox 148 last month. Firefox CTO Bobby Holley said the results meant that "defenders finally have a chance to win, decisively" in the ongoing battle between cyberattackers and cyberdefenders.
Holley noted that Mythos eliminated the need to "concentrate many months of costly human effort to find a single bug" in many cases. The vulnerabilities Mythos identified could have been discovered through automated fuzzing techniques or by elite security researchers, but the AI tool made the process far more efficient. Holley told Wired that from now on, AI-aided vulnerability analysis is something that "every piece of software is going to have to engage with, because every piece of software has a lot of bugs buried underneath the surface that are now discoverable."
The NSA is among organizations using Mythos, despite the Department of Defense having declared Anthropic a "supply chain risk." The Commerce Department's Center for AI Standards and Innovation has also been testing the model. National cyber director Sean Cairncross is negotiating broader civilian agency access to Mythos, and Treasury has also been pursuing access.
CISA's acting director Nick Andersen told lawmakers last week that the agency's resources are "more limited than I would like." The agency has already lost more than a third of its workforce and millions in funding.
Mozilla CTO Raffi Krikorian argued in an essay that Mythos could disrupt the existing balance in cybersecurity research. He wrote that open source maintainers who have devoted decades to maintaining critical code "don't have access to Mythos yet. He should."
Anthropic plans to provide Mythos access to European banks soon, marking an expansion of the powerful vulnerability-detection model beyond its current limited group of critical industry partners. The timeline for European bank access remains unspecified in the company's plans, but the rollout signals a shift in how financial institutions will deploy AI-powered security tools.
The decision to expand internationally contrasts sharply with the fragmented access within the U.S. government. The Cybersecurity and Infrastructure Security Agency, the country's top cyber defense agency tasked with securing everything from banks to power plants, does not have access to Mythos, even though other government agencies are using it. An Anthropic official briefed CISA and the Commerce Department on Mythos' capabilities earlier this month, but the agency was not included in the limited release to more than 40 companies and organizations now testing the model.
Mozilla's early testing of Mythos Preview demonstrated the model's capabilities in concrete terms. The company identified 271 security vulnerabilities in Firefox 150 using the AI tool, compared to only 22 security-sensitive bugs that Anthropic's Opus 4.6 model found when analyzing Firefox 148 last month. Firefox CTO Bobby Holley said the results meant that "defenders finally have a chance to win, decisively" in the ongoing battle between cyberattackers and cyberdefenders.
Holley noted that Mythos eliminated the need to "concentrate many months of costly human effort to find a single bug" in many cases. The vulnerabilities Mythos identified could have been discovered through automated fuzzing techniques or by elite security researchers, but the AI tool made the process far more efficient. Holley told Wired that from now on, AI-aided vulnerability analysis is something that "every piece of software is going to have to engage with, because every piece of software has a lot of bugs buried underneath the surface that are now discoverable."
The NSA is among organizations using Mythos, despite the Department of Defense having declared Anthropic a "supply chain risk." The Commerce Department's Center for AI Standards and Innovation has also been testing the model. National cyber director Sean Cairncross is negotiating broader civilian agency access to Mythos, and Treasury has also been pursuing access.
CISA's acting director Nick Andersen told lawmakers last week that the agency's resources are "more limited than I would like." The Trump administration proposed cutting as much as $707 million from CISA's budget in the upcoming fiscal year. The agency has already lost more than a third of its workforce and millions in funding.
Mozilla CTO Raffi Krikorian argued in an essay that Mythos could disrupt the existing balance in cybersecurity research. He wrote that open source maintainers who have devoted decades to maintaining critical code "don't have access to Mythos yet. He should," highlighting the vulnerability of projects that underpin much of the modern Internet but rely on insufficient volunteer maintenance for security.
Highlighted text was flagged by the council. Tap to see feedback.
The sources also report that Firefox CTO Bobby Holley stated Mythos Preview is every bit as capable as the world’s best security researchers.