The World Economic Forum (WEF) issued a formal warning on April 23, 2026, regarding the cybersecurity implications of Anthropic’s latest artificial intelligence model, Claude Mythos. In a report published by the WEF’s Centre for Cybersecurity, specialists Chiara Barbeschi and Tarik Fayad characterized the model as a systemic inflection point, marking the first time a commercially developed AI has demonstrated the ability to autonomously identify, weaponize, and execute complex cyber operations with minimal human intervention.
Technical documentation released alongside the WEF’s assessment reveals that Mythos possesses a level of reasoning and coding autonomy that allows it to navigate the full lifecycle of a cyberattack. During evaluations by the UK’s AI Security Institute (AISI), the model successfully completed expert-level cybersecurity tasks with a 73 percent success rate. Anthropic confirmed that Mythos has already identified thousands of high-severity zero-day vulnerabilities across every major operating system and web browser. Notable discoveries include a 27-year-old flaw in OpenBSD and a 16-year-old memory corruption bug in FFmpeg. In one documented instance, the model autonomously developed a browser exploit that chained four separate vulnerabilities to escape secure sandboxes.
Anthropic has restricted access to the model through a controlled initiative known as Project Glasswing. This program grants limited testing rights to a select group of approximately 40 organizations, including Amazon, Google, Microsoft, Apple, and JPMorgan Chase, to help secure critical infrastructure before the technology becomes more widely available. However, the WEF warning follows reports of a security breach involving a third-party vendor, which allegedly allowed a small group of unauthorized users in a private online forum to gain access to the Mythos preview.
In an official statement released on Thursday, Anthropic clarified that the model’s offensive capabilities were not explicitly trained but emerged as a downstream consequence of general improvements in reasoning and code generation. The company noted that the same logic that allows Mythos to effectively patch vulnerabilities also enables it to exploit them. An Anthropic spokesperson confirmed that the company is investigating the unauthorized access reports but maintained that its internal systems remain secure.
The WEF has called for an immediate international coordination effort to establish governance standards for offensive-capable frontier models. The report emphasized that the speed of AI-driven threat discovery is rapidly outpacing traditional defensive measures, such as manual patching and standard intrusion detection. As of April 23, 2026, Anthropic has not provided a timeline for a broader commercial release, citing the need for further adversarial red-teaming and the development of more robust safety guardrails.