Dark Perimeter: True Cybersecurity Stories
Every major cyberattack has a story behind it. A vulnerability no one patched. A phishing email someone clicked. A nation-state with a motive. Dark Perimeter goes beyond the headlines to explore the true stories of the hacks, breaches, and cyber operations that shaped history - told in narrative form for security professionals and curious minds alike. No guests, no panels, no filler. Just the story.
Dark Perimeter: True Cybersecurity Stories
Mythos: The Model That Scares Anthropic
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Anthropic described its own upcoming model as posing unprecedented cybersecurity risks - then accidentally leaked that description. Cole Drayden sits down with former federal threat intelligence analyst Marcus Hale to work through what Mythos actually is, what it can do, and what happens when that capability reaches the wrong hands.
When a company that sells itself as the most safety conscious AI laboratory in the world tells the government that its own product could trigger a wave of cyber attacks that defenders cannot keep up with, you pay attention. When that same company accidentally leaks the existence of that product into a publicly searchable data store before they were ready to announce it, you pay very close attention. And when the formal announcement finally made on their own terms describes a model that found tens of thousands of vulnerabilities in every major operating system and web browser, including a flaw that had been sitting undetected in the Linux kernel for decades. You start to understand that we are not talking about a better version of a product you already know. We are talking about something that changes the fundamental math of attack versus defense. This is a dark perimeter. I'm Cole Draden. My guest today spent eight years doing threat intelligence work for a federal agency he is not going to name, followed by six years in the private sector advising critical infrastructure operators on offensive threat modeling. His name is Marcus Hale. Marcus, thanks for coming on. Let's start with the model itself and what we actually know. Walk listeners through what Mythos is based on what has been publicly confirmed.
SPEAKER_01So Anthropic has a lineup of AI models. Their most capable tier has been called Opus. That's been their flagship, the most powerful thing they offer to paying customers. What the Leaks revealed, and what Anthropic subsequently confirmed, is that they have been quietly building something above Opus, a new tier. The internal names for it were Capybara and Mythos. They appear to refer to the same underlying model, and the public facing name is now Claude Mythos. Anthropic described it to Fortune as a step change in AI performance and their most capable model to date. The leaked draft blog post described it as larger and more intelligent than anything in the Opus line, with dramatically higher scores on software coding, academic reasoning, and cybersecurity benchmarks. That last one is the one that matters for this conversation. The model is not available to the public. It is currently in a restricted preview that Anthropic is calling Project Glasswing, twelve partner organizations and about forty organizations total with access. All of them are working on defensive cybersecurity. That restriction is not a business decision, it is a safety decision, and Anthropic has been unusually explicit about why.
SPEAKER_00Their own leaked draft said the model poses unprecedented cybersecurity risks. That's not a phrase a company uses lightly when they're talking about their own product.
SPEAKER_01No, it isn't, and to Anthropic's credit, they didn't bury it. The full quote from the draft is that Mythos presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders. They wrote that themselves. They were not trying to downplay the risk. They were apparently trying to get ahead of it with an honest safety disclosure. The irony is that the disclosure itself leaked before they were ready to make it. The specific numbers that came out of Project Glasswing testing are the part of this story that I don't think has gotten enough attention. In testing, Mythos Preview found bugs in every major operating system and every major web browser. Some of those vulnerabilities are believed to be decades old. They survived years of human security audits without being found. Mythos found them. The model found a 27-year-old vulnerability in OpenBSD, an operating system that powers critical infrastructure globally, that would allow an attacker to remotely crash any machine running it in the Linux kernel, which runs the majority of the world's servers. It found multiple flaws and then autonomously chained them together into a working exploit that would give an attacker complete control of any affected machine. And the success rate on exploit development, 83.1% first attempt success at reproducing a vulnerability and creating a working proof of concept. That is not a benchmark score, that is operational capability.
SPEAKER_00For context, what did the previous generation look like on that same metric?
SPEAKER_01Anthropic's Opus 4.6, which is currently their best publicly available model, and which, by the way, recently topped the Terminal Bench 2.0 leaderboard with a score of 65.4%, found approximately 500 zero-day vulnerabilities in open source software. That was already a significant number. Mythos found what Anthropic described as tens of thousands. Logan Graham, who heads Anthropic's Frontier Red Team, told Axios that Mythos has the skills of an advanced security researcher, not an entry-level researcher, not a tool for script kitties, an advanced one. The gap between what was best in class six months ago and what Mythos represents is not incremental. It's a step function.
SPEAKER_00Let's talk about the offense side of this. Because I think that's where the real listener question is. The way it's being deployed right now is for defense. Finding vulnerabilities so they can be patched before attackers find them. But the same capability works in both directions.
SPEAKER_01Completely. These are documented incidents. That is the baseline we are starting from with models that are a generation behind what we're talking about today. What is a reasonable inference? If you take the capabilities Mythos demonstrated in controlled testing and ask what happens when a model with those capabilities is accessible to a threat actor, a nation state, an organized criminal group, a well-resourced individual, the math changes significantly. Mythos found tens of thousands of vulnerabilities. It chained Linux kernel exploits autonomously. It achieved an 83% first attempt success rate on proof of concept exploits. A human team doing that kind of work would need months, significant expertise, and significant resources. Mythos does it continuously, doesn't sleep, and scales horizontally.
SPEAKER_00When you say scales horizontally, unpack that for people who aren't coming from an operational background.
SPEAKER_01A human red team, the people who do offensive security research professionally, might be five to twenty people. They work sequentially, they have limits on attention and time, they get tired. An AI system doesn't have any of those constraints. You can run multiple instances simultaneously, each one scanning a different target or a different code base around the clock. The throughput of vulnerability discovery and exploit development goes from something that takes a skilled team, weeks, to something that takes minutes to hours, and importantly, the expertise floor drops. You no longer need a team of highly skilled offensive security researchers to do this kind of work. You need access to the tool. That democratization of offensive capability is the core concern. It doesn't just make existing sophisticated threat actors more dangerous. It potentially brings less sophisticated actors up to a level of capability they couldn't have achieved on their own.
SPEAKER_00Anthropic is privately briefing government officials about this. CISA, the Commerce Department. What does that tell you about how seriously they're taking it internally?
SPEAKER_01It tells me they are genuinely worried, and that they have done enough internal testing to justify being genuinely worried. Government briefings at that level, CISA and Commerce specifically, are not a routine part of a product launch. You do that when you believe the implications extend beyond your own organization's risk tolerance. Anthropic is essentially saying we have built something that has implications for national security infrastructure, and we are telling the people responsible for that infrastructure before we release it broadly. That is actually the responsible thing to do. I want to be clear about that because it's easy to frame this as anthropic creating a problem. They are also trying to solve it. Project Glasswing, giving the model first to defensive security organizations, providing a hundred million dollars in usage credits to those partners, four million dollars to open source security foundations. That's a structured attempt to give defenders a head start before the offensive use cases become available to bad actors. The question is, whether the head start is long enough, and whether the defensive deployment can actually outpace what's coming.
SPEAKER_00I want to ask you about OpenAI here, because this is not just an anthropic story.
SPEAKER_01No, it's not. And this is a crucial point. Anthropic is not building something no one else can build. OpenAI has a model, internally codenamed SPUD, that is reportedly comparable to Mythos and is being rolled out through a similar restricted program called Trusted Access for Cyber. Google is building toward the same capability. The open source Chinese models are expected to reach comparable performance within months. So even if Anthropic holds Mythos back indefinitely, which they can't, the economic pressure to eventually release it is enormous and it's genuinely useful for defense, the capability is going to exist in the world regardless. The question is not whether models with this level of offensive cyber capability become accessible. The question is who gets access first and under what conditions. That's why Anthropics Heads start strategy for defenders matters. If Project Glasswing works, if defensive security organizations use Mythos to find and patch the vulnerabilities in critical infrastructure before the next generation of models becomes accessible to threat actors, then the window of advantage matters enormously. If it doesn't work fast enough, or if a comparable offensive capability becomes available first through a leak, an open source release, or a foreign lab, then the window closes.
SPEAKER_00Let's talk about specific threat scenarios. I don't want to turn this into a how-to. That's not what this show does. But for security professionals listening, what does the threat landscape look like if a mythos class model becomes accessible to serious threat actors? What changes?
SPEAKER_01I'll give you three categories, moving from near-term to speculative. Near-term and realistic, ransomware operations become significantly more capable. Current ransomware groups already use AI to write phishing emails, to automate parts of their operations, to negotiate ransom payments. A model with mythos level vulnerability discovery capability means those groups can find entry points into target networks that would have previously required a skilled human operator to identify. The sophistication floor for ransomware attacks rises, and the volume of attacks that can be run simultaneously increases. We have already seen ransomware as a service, organized criminal groups licensing their infrastructure to less skilled operators. Mythos class capability accelerates that market. Medium-term and speculative, critical infrastructure becomes a more realistic target for a wider set of actors. Right now, attacking power grids, water treatment systems, hospital networks at a sophisticated level requires nation state resources or something close to it. The technical barrier is high enough to limit who can realistically attempt it. A model that autonomously chains kernel, exploits and finds vulnerabilities in legacy industrial control systems, the kind of systems that run a lot of critical infrastructure and that haven't been patched in years because patching them requires taking the system offline, could lower that barrier significantly. Longer term and more speculative, the combination of mythos class vulnerability discovery with the autonomous agent architecture that was revealed in the Claude Code Source Code leak. I covered that in a previous context. When you pair an AI that can find and chain exploits autonomously with an agent that can operate continuously in the background without direct human supervision, that's an attack capability that has no real precedent. It's not a tool a human operator is wielding. It's a system running an attack campaign with minimal human involvement, adapting in real time to what it encounters.
SPEAKER_00That last scenario, I want to push on it a little because it sounds like science fiction to people who haven't been tracking the technical developments closely. How far are we from that actually being a real threat?
SPEAKER_01Closer than most people think, farther than the most alarming headlines suggest. The components exist separately right now. Autonomous agent architecture is built and waiting to ship. We know that from the clawed code leak. Mythos class vulnerability discovery is built and in restricted testing, the integration of those two capabilities into a coherent offensive system is not something Anthropic has done, or at least not something they've disclosed. But the fact that both components exist and are being developed in parallel at the same organization means the path to that integration is shorter than it would have been a year ago. The more near-term version of this that I think is actually underappreciated. You don't need full autonomous attack campaigns for the threat to be serious. You just need AI-assisted human operators who are significantly amplified by the tools. A nation-state cyber team of 50 people using Mythos class capability effectively is not 50 people anymore. They are something larger and faster and more capable than anything that team could do unaided. China's documented use of Claude for the campaign that hit 30 organizations. That was with the public version of Claude, not Mythos. Scale that up.
SPEAKER_00Anthropic's own statement mentioned that their goal with Project Glasswing is to give defensive organizations a shot in the arm and help keep pace with this long-standing trend where offense exploitation had an advantage. Do you think defense can actually keep pace?
SPEAKER_01I think that framing offense versus defense as a race is the right one, and I think the outcome of that race is genuinely uncertain. Here's the honest version of what I believe Mythos, in the hands of defensive security teams with the mandate and resources to act on what it finds, is potentially the most powerful vulnerability remediation tool ever built. If anthropics claim that it can find tens of thousands of zero days is accurate, and the early Project Glasswing results suggest it is, then the opportunity to systematically harden software that has been quietly vulnerable for years or decades is real. That is not a small thing. A lot of what makes critical infrastructure attackable is legacy code that no one has had the time or resources to audit properly. A model that can do that audit at scale, with an 83% first attempt rate on identifying exploitability, could genuinely change the baseline security posture of systems that have been sitting exposed for a long time. The problem is the asymmetry of who benefits when the capability becomes more broadly accessible. Defenders need to find all of the vulnerabilities and patch all of them. Attackers only need to find one that hasn't been patched yet. That asymmetry doesn't go away because AI got better. It might actually get worse because the volume of vulnerabilities being discovered simultaneously by both defenders and eventually attackers may outpace the organizational capacity to remediate them. Finding a vulnerability is fast, patching it across enterprise infrastructure, testing the patch, deploying it, confirming deployment, that is slow. The window between discovery and remediation is where attackers live. Mythos may widen that window even as it finds more vulnerabilities.
SPEAKER_00Last question.
SPEAKER_01That assumption is being built on a threat environment from eighteen months ago. The tools available to attackers are not the tools from eighteen months ago. Concretely, inventory your legacy systems, especially anything that interfaces with public networks and hasn't been patched recently. Understand where your high value data actually lives and who actually has access to it. And if you are in critical infrastructure, Power Water, Healthcare, Finance, get in contact with CISA now about whether you might qualify for early access to defensive AI tools under programs like Project Glasswing or its equivalents. The Head Start Anthropic is trying to give defenders is only useful if defenders actually use it. The window where defense has the advantage is open right now. It will not stay open indefinitely.
SPEAKER_00Marcus Hale, former federal threat intelligence analyst and private sector offensive threat modeling consultant. This has been an extraordinary conversation. Thank you.
SPEAKER_01Thanks for having me keep the signal high on this one.
SPEAKER_00Marcus Haley. That is a company that has consistently been more cautious in its public statements than its competitors. When they use language like that about their own product, the appropriate response is to take it seriously. Stay vigilant, stay informed. I'm a cold writer, this is dark perimeter.