Claude Mythos Preview Exposes Hidden Code Flaws Fast

Claude Mythos Preview Exposes Hidden Code Flaws Fast

https://spectrum.ieee.org/anthropic-claude-mythos-preview-code

Publish Date: 2026-04-27 11:18:34

Source Domain: spectrum.ieee.org

Malicious actors exploiting AI to launch cyberattacks

Generative AI is increasingly being used maliciously to facilitate cyberattacks, including scamming victims through deepfakes, deploying malware developed via AI coding tools, phishing through chatbots, and hacking open source code repositories using AI agents. Anthropic’s Frontier Red Team highlighted significant security risks from its AI models, prompting the creation of Project Glasswing, in partnership with tech giants, to identify and mitigate these threats. While AI can efficiently discover critical code vulnerabilities, such as old bugs in OpenBSD and exploitable web browsers, it also risks generating false positives that complicate triage. Cybersecurity experts stress that striking a balance between AI capabilities and human oversight—enhanced by techniques like adversarial self-review, dynamic threat modeling, and red teaming—is crucial for effectively using AI in security. Scaling vulnerability fixing remains a challenge that will benefit from the next generation of AI-enhanced tools and methodologies.

Key Points:

• Malicious actors are leveraging AI for scams, malware, phishing, and code repository attacks.
• Anthropic’s Frontier Red Team discovered numerous high-severity software vulnerabilities via its AI models.
• AI can expedite finding complex code vulnerabilities, but it risks false positives and can be attacked itself.
• AI tools should undergo adversarial self-review and human verification for effective security.
• Dynamic threat modeling, red teaming, and shifting security measures earlier in software development are advocated for balanced AI use in code security.