Earlier this year Anthropic built a model so good at breaking into software that it decided not to release it. The model, referred to as Mythos, can read a codebase, find the weaknesses, and chain them together into a working attack on its own. In testing it succeeded around 72% of the time. The version before it managed close to zero. That is the kind of jump that does not happen often, and when it does, the people who think about security for a living tend to stop what they are doing and pay attention.
What Anthropic has done since tells you something about where all of this is heading. Rather than lock Mythos in a vault or sell it to the highest bidder, the company has been handing out access slowly and deliberately. Around forty organisations now use it, among them Amazon, Apple, Microsoft, Google and the Linux Foundation, under a programme called Project Glasswing. The condition is simple. You may only use it to defend. In a single month, those partners used it to surface more than ten thousand critical flaws in widely used software, including bugs that had been sitting undiscovered for over two decades.
This week the circle widened again. The EU’s cybersecurity agency, ENISA, became the first body inside the European Union to get access, after weeks of negotiation. That matters, because until now Mythos had stayed within the US and UK. What is just as telling is what has not happened. The White House reportedly blocked a plan to extend access to around seventy more companies and organisations. So we have arrived at a point where a piece of software is powerful enough that governments are arguing over who is allowed to hold it.
When I wrote about this a couple of weeks ago, the thing that stuck with me was not the capability itself. It was the question of where the damage actually lands. Big banks and defence contractors will be fine. They have the budgets, the talent and the board-level attention to harden themselves before the worst arrives. The organisations that worry me are the ones we all quietly depend on. Hospitals, GP surgeries, schools, local councils, and the thousands of smaller firms running on three IT staff and a stretched budget. The places already losing the fight against ordinary ransomware are the ones that will feel an AI-shaped escalation first.
Cyber attacks already cost the UK economy somewhere around fifteen billion pounds a year. That is before you factor in what changes when an attacker can rent a model that does the hard part for them. The uncomfortable truth is that the same capability Anthropic is rationing so carefully will not stay rationed forever. Open-source models are catching up fast, and the gap between the frontier and what anyone can download is now measured in months rather than years.
So where does a mortgage firm sit in all this? Closer to the front line than most brokers would like to think. Consider what actually flows through a brokerage on an average day. Income and bank statements, identity documents, property valuations, full credit histories. It is precisely the data an attacker wants, and very little of it sits in systems the firm itself built or controls. It moves through CRMs, sourcing platforms, client portals, document upload tools and a dozen integrations stitched together by third parties. Your security is only ever as good as the weakest vendor in that chain, and most firms have never asked their vendors a hard question about it.
That is the part worth sitting with. When a model like Mythos finds a decades-old flaw in a piece of widely used software, the patch protects everyone who applies it quickly. The exposure lands on whoever is slow. If your client portal runs on a platform that takes three months to ship a security fix, then it is your supplier’s speed that decides your exposure, long before the attacker’s does.
There is a more hopeful side to this, and it deserves equal billing. The same intelligence that can find ten thousand flaws in a month can also fix them. For the first time, patching software at scale is genuinely possible, and the kind of secure systems we have always been promised and rarely received are within reach. Anthropic’s decision to give defenders a head start, before the capability leaks out to everyone, is a bet that the people building the defences can establish a lead while they still can. Whether that lead holds depends on how quickly the rest of us move.
Which brings me to the question I keep coming back to. Most boards I speak to still file cyber under IT. It sits on a list somewhere between the printers and the broadband contract, owned by whoever is most technical in the room, reviewed once a year if at all. The next twelve months may be the moment that framing stops being good enough. Not only because Consumer Duty already expects you to protect clients from foreseeable harm, but because the maths of attack and defence is shifting under everyone’s feet at the same time.
If a tool this capable is being argued over at the level of national governments, the version of that conversation inside your own firm is worth having too. Who is actually testing the platforms you rely on? How fast do they patch when something is found? And when did anyone last ask?
Sources: Financial Times; CNBC (https://www.cnbc.com/2026/06/01/anthropic-eu-ai-mythos-access-advanced-model.html)