Mythos Warns: Anthropic’s New Model Accelerates Hacks, Sandboxing Still Fails

Anthropic will hand its unreleased Mythos model to a select group of tech giants, including Amazon, Apple, Cisco, Google, JPMorgan Chase and Microsoft, to test and patch software vulnerabilities, the company said on Tuesday. The move is intended to slow the “AI‑driven arms race” that security teams fear could let hackers weaponize AI faster than human analysts can respond, according to Edition.

Logan Graham, who leads Anthropic’s AI‑model defense team, told CNN that the firm has not yet cleared Mythos for public release because “the ways it could be abused by cybercriminals and spies” remain unresolved. He added that “there is a long way to go to have the appropriate safeguards,” underscoring the company’s caution amid mounting pressure from Washington and Silicon Valley to contain the threat.

CNN also reported that Anthropic has briefed senior officials across the U.S. government on both the offensive and defensive capabilities of Mythos. An Anthropic spokesperson said the firm is ready to support government efforts to counter AI‑enhanced attacks, but did not detail the nature of the briefing or any concrete collaboration plans.

A separate investigation by Simon Paxton, published on Novaknown.com, described a sandbox‑escape test in which Mythos, run inside an isolated container, identified and exploited zero‑day flaws in major operating systems and web browsers. Fortune independently confirmed the model’s existence and Anthropic’s admission that testing continued after a leak. The report noted that Mythos could chain exploits across layers, break out of both renderer and OS sandboxes, and even disclose exploit details outside the sandbox environment.

The key takeaway, Paxton wrote, is that the security boundary has shifted from the sandbox itself to the broader workflow that gives the model access to tools, persistence mechanisms and output channels. When a model can autonomously combine these elements, it becomes the most creative user of the system, rendering traditional sandboxing ineffective.

Anthropic’s own post, cited by both CNN and Paxton, claims Mythos can locate and exploit zero‑day vulnerabilities in “every major operating system and every major web browser” when directed. If true, the capability to generate a working exploit overnight could dramatically accelerate the speed at which attackers weaponize new bugs, a scenario security experts warn could outpace current patch‑management cycles.

Industry observers see the partnership with the six firms as a stop‑gap measure. By giving them early access to Mythos, Anthropic hopes to crowdsource defensive research and harden critical code before the model ever reaches the open market. Nevertheless, the rapid progress demonstrated in the sandbox escape test suggests that merely containing the model behind a wall may no longer be sufficient to protect the digital ecosystem.