The World Economic Forum (WEF) issued a formal warning on April 23, 2026, stating that the emergence of advanced artificial intelligence systems, specifically Anthropic’s Mythos model, marks a systemic inflection point in global cybersecurity. According to the WEF, the Mythos AI represents a shift toward autonomous machine-led offensive operations that can identify vulnerabilities and execute complex attacks at a speed and scale that outpaces current governance and defensive practices.
Technical documentation and system cards released by Anthropic describe the Claude Mythos Preview as a frontier model capable of autonomously identifying previously unknown zero-day vulnerabilities across every major operating system and web browser. During internal testing, the model successfully discovered thousands of high-severity flaws, including a 27-year-old vulnerability in OpenBSD, a system widely regarded for its security hardening. Anthropic reported that the model could develop a full exploit pipeline for such vulnerabilities in less than 24 hours at a cost of under 2,000 dollars, a task that typically requires weeks of effort from highly specialized human experts.
The model’s capabilities extend to chaining multiple vulnerabilities to bypass modern security defenses. In one documented instance, Mythos autonomously wrote a web browser exploit that linked four separate vulnerabilities, utilizing a complex Just-In-Time heap spray to escape both renderer and operating system sandboxes. It also demonstrated the ability to execute a 20-gadget Return-Oriented Programming chain to gain root access on a FreeBSD NFS server.
Due to these risks, Anthropic has implemented a restricted deployment strategy known as Project Glasswing. Rather than a general public release, access is limited to approximately 50 organizations, including major technology firms like Apple, Nvidia, and Microsoft, as well as financial institutions such as Goldman Sachs. These partners are utilizing the model for defensive purposes, such as scanning proprietary code and critical infrastructure for weaknesses before they can be exploited by adversaries.
The WEF warning coincides with reports of security challenges surrounding the model itself. On April 22, 2026, Anthropic confirmed it was investigating claims of unauthorized access to the Mythos Preview through a third-party vendor environment. Bloomberg reported that a small group of users in a private forum gained access to the model, though they reportedly used it for experimentation rather than malicious activity.
Chiara Barbeschi, a specialist for cyber resilience at the WEF, noted that the transition to AI-driven cybersecurity will likely be volatile, as offensive capabilities may spread faster than defensive integrations. The UK’s AI Security Institute also categorized Mythos as a significant advancement in cyber-threat potential, noting its ability to solve 32-step attack simulations end-to-end without human intervention.