Overview
- Anthropic is keeping its Claude Mythos model in a tight preview for roughly 40 to 50 major tech, security, and finance partners under Project Glasswing, as it probes reports that a third‑party contractor let in unauthorized users.
- India’s cyber agency CERT‑In issued a high‑severity alert that tells organizations to treat new flaws as exploitable within hours and to apply critical patches within 24 hours, prompting reviews by major telcos and fresh coordination across banks and regulators.
- Staff at the U.S. Cybersecurity and Infrastructure Security Agency say they do not have access to advanced AI tools like Mythos or OpenAI’s vetted cyber models, citing a federal supply‑chain restriction on Anthropic and agency leadership hurdles that slow approvals.
- Security experts warn that Mythos‑class tools can read code, chain small bugs into full system break‑ins, and move through networks on their own, which shortens the gap between discovery and exploitation and can overwhelm teams that cannot verify and fix issues fast.
- Debate continues over how novel Mythos is and how often it flags false problems, as the UK urges businesses to prepare, Chinese state media acknowledges “unprecedented” attack potential, and sectors with legacy gear such as energy, telecom, and manufacturing face the greatest risk to everyday services and data.