Dutch Government Warns Against Anthropic’s Mythos AI Security Model

The Dutch government has warned organizations about the risks associated with Anthropic’s newly announced Mythos AI model, which is capable of automatically detecting vulnerabilities and constructing full attack chains. The National Cyber Security Centre (NCSC), part of the Ministry of Justice and Security, advised companies to reduce the time it takes to apply security patches and ensure that fundamental protections are in place.

Mythos reportedly identified thousands of zero-day vulnerabilities across major operating systems and browsers, including long-standing flaws in OpenBSD and FreeBSD. The model achieved a 72.4 percent autonomous exploit success rate, a significant increase over Anthropic’s earlier Opus 4.6 system. In internal tests, it generated 181 working exploits targeting Firefox’s JavaScript engine.

Due to its potential misuse, Anthropic is restricting Mythos access through Project Glasswing, a coalition of over 40 organizations such as Amazon, Apple, Microsoft, Google, and the Linux Foundation. These partners can use the model only for defensive cybersecurity purposes. Anthropic is also providing up to $100 million in usage credits and $4 million in direct donations to open-source security groups.

The NCSC emphasized that cyberattacks are becoming faster and more automated, urging organizations to adapt their patch management strategies accordingly. It also noted that details about Mythos had leaked before Anthropic’s official announcement, highlighting the importance of maintaining strong security practices in light of emerging AI capabilities.