{"id":235406,"date":"2026-06-23T00:05:00","date_gmt":"2026-06-23T04:05:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/23\/what-states-need-to-know-about-mythos\/"},"modified":"2026-06-23T00:10:10","modified_gmt":"2026-06-23T04:10:10","slug":"what-states-need-to-know-about-mythos","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/23\/what-states-need-to-know-about-mythos\/","title":{"rendered":"What States Need to Know About Mythos"},"content":{"rendered":"<p><a href=\"https:\/\/www.governing.com\/management-and-administration\/what-states-need-to-know-about-mythos\">What States Need to Know About Mythos<\/a><\/p>\n<p><a href=\"https:\/\/www.governing.com\/management-and-administration\/what-states-need-to-know-about-mythos\">https:\/\/www.governing.com\/management-and-administration\/what-states-need-to-know-about-mythos<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-23 00:05:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.governing.com\">www.governing.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>                                    In April, AI company Anthropic announced it had created an AI tool called \u201cMythos\u201d that was extremely adept at finding vulnerabilities in software.In the wrong hands, such powerful AI models might lead to a flood of sophisticated cyber attacks. Experts expect to see other, similarly advanced AI models emerge in coming months.\u00a0States can act now to shore up their cyber defenses, however. That includes tackling cybersecurity basics like limiting Internet exposure and keeping close tabs on their vendors\u2019 cybersecurity practices.In April, AI company Anthropic announced it had created Claude Mythos Preview, an AI model so good at finding and exploiting software vulnerabilities that the company would, for the time being, only be allowing a select group of users to access it. The initial group included organizations behind \u201cthe world\u2019s most critical software,\u201d like Amazon Web Services and the Linux Foundation, so they could use Mythos to discover and patch up flaws in their software before hackers could discover them.The creation of Mythos set off a firestorm of speculation about how AI could fundamentally change the cybersecurity landscape.\u201cGiven the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely,\u201d Anthropic said of Mythos at the time. \u201cThe fallout \u2014 for economies, public safety, and national security \u2014 could be severe.\u201dIn June, Anthropic announced it was releasing to the public a similarly powerful AI model called Fable 5, that would have built-in safeguards to prevent it being used for malicious cybersecurity purposes. Just days later, the White House said it feared a national security threat and ordered the company to block any foreign nationals in or outside the U.S. \u2014 including Anthropic employees \u2014 from accessing Mythos-level AI models. To comply, Anthropic suspended all users\u2019 access to Mythos or Fable.Anthropic isn\u2019t the only company working in this space, of course. Others are announcing their own limited-access AI models, and experts anticipate it\u2019s only a matter of time before more similarly powerful AI tools enter the scene.The New State of Cyber ThreatsMythos is different from other tools in several ways.For one, it can discover software vulnerabilities that human researchers miss. Anthropic reports that its tool found a vulnerability that had gone undiscovered for 27 years and which could\u2019ve been used to cause any machine running a particular operating system to crash.The AI model can also discover such software flaws very quickly. And it can very quickly and autonomously come up with ways to take advantage of those flaws to then launch attacks.\u201cAttack cycles\u201d \u2014 or the time between an IT vulnerability being discovered and an attacker using it to exfiltrate sensitive data \u2014 could shrink from days or hours to minutes or seconds, says TJ Sayers, senior director of threat intelligence at the Center for Internet Security.Plus, these kinds of AI tools can make it easier to launch attacks, meaning more people will do it. You no longer need to have coding skills, or pay someone else with coding skills, to be able to hack. Bad actors could use natural language to prompt powerful AI tools to conduct attacks, so long as they phrased their instructions to get around the model\u2019s safeguards, Sayers says.The AI model also can launch attacks in ways that would be difficult for human hackers. The tool can \u201cchain exploits\u201d \u2014 that is, take advantage of several different vulnerabilities at precisely timed intervals, to create the maximum effect. Normally, that would require multiple people acting in a tightly coordinated way.\u201cWhat we&#8217;ve seen is vulnerabilities being discovered that would normally take multiple people working in concert together, which is very hard to accomplish, because you&#8217;re not a total mind meld,\u201d says Sayers. \u201cThey&#8217;re also able to exploit in a coordinated fashion, that would [for] a human exploiter [be] very, very challenging to do.\u201dAs such, vulnerabilities typically considered to pose low-level threats could now be used in combination to pose a much graver threat. That will make it harder for defenders to determine which vulnerabilities to prioritize for patching, says Michael Klein, senior director for preparedness and response at the Institute for Security and Technology.What Governments Can DoIn the hands of the good guys, tools like Mythos will lead to many more vulnerabilities being discovered and fixed.Mozilla was given early access to the tool and said it used Mythos to scan a version of its Firefox web browser before releasing it. Mythos found nearly 300 vulnerabilities, far more than had been discovered by a less-advanced AI model used to scan an earlier browser version the month before. That model had only discovered nearly two dozen significant vulnerabilities.Governments rely on a lot of third-party software, and so should push providers \u2014 especially those behind critical IT systems \u2014 to check their offerings for vulnerabilities using these kinds of powerful frontier AI systems, Klein says. Governments can stipulate that in requests for proposals or when making or renewing contracts.Because Mythos is so good at discovering software flaws, organizations can expect to receive a flood of reports about vulnerabilities. Governments that develop their own software will need to make sure they have an automated way to receive these reports and process all that information, Klein says. They should also have procedures in place to help guide how they go about patching the flaws, Klein says.While automation can help with patching, the work cannot simply be handed over to AI. Human professionals need to test any new software patches to make sure that they don\u2019t fix the flaw in a way that causes something else to break, says Randy Rose, vice president of security operations and intelligence at the Center for Internet Security. Involving professionals is also important because patches need to be applied carefully to old complicated software or to highly sensitive equipment.State governments should also be ready to help local governments patch their systems, Klein says. Some states partner with university-based cyber teams that can assist, have cyber teams embedded in their national guards or have vetted cybersecurity volunteers who can mobilize to help in an emergency, for example. Having a tool like Mythos to help detect vulnerabilities only goes so far, Klein says \u2014 states also need to make sure the vulnerabilities then get fixed, and that means having a plan for how to help less-resourced local governments.\u201cWe can have the best vulnerability detection tool in the world, and it&#8217;s not going to matter if we haven&#8217;t answered the much more boring question of who is actually responsible for getting in to fix the schools or the county health office,\u201d Klein says.In the end, defenders will never be able to patch vulnerabilities as quickly as AI can discover them, even defenders using AI-embedded tools, Rose says. But getting core cyber measures in place \u201ccan actually defeat a lot of this stuff,\u201d he says. That includes knowing what systems and assets are in the digital environment, keeping IT systems updated, conducting security monitoring and minimizing what\u2019s connected to the Internet.Looking AheadThe next year could be a rough adjustment period.Mythos was just the first of these kinds of highly sophisticated models. Other AI labs will release their own, and not all of them will limit initial access. Some developers create \u201copen weight\u201d AI models, which means they publicly release their models\u2019 core components, so anyone can download the model and tweak it to suit their needs. These organizations\u2019 progress tends to lag behind that of the most cutting-edge private labs, but may catch up. In three to six months, we can expect to see \u201csignificantly more capable versions\u201d of some open weight models, Klein expects. The public nature means both good and bad actors can get their hands on this kind of AI, if they have access to a computer powerful enough to run it.Ultra-advanced AI models will lead to a flood of vulnerabilities being discovered \u2014 and exploited \u2014 in the next six to 12 months, Sayers says. Hopefully, developers will review their new code using Mythos-level tools before releasing the software, meaning their offerings should become more secure. Once enough of the codebase goes through this vetting, attacks should decline.\u201cYou&#8217;ll see a spike in vulnerabilities and exploits, and then hopefully we&#8217;ll kind of get back to a baseline over the next six to 12 months,\u201d Sayers predicts.It can feel like everything is moving too fast, Rose says, but that\u2019s normal with new, quickly developing technologies. At some point the technology will reach the limit of what it can do and how quickly it can evolve, and people will be able to adjust.\u201cWe\u2019re really at the base right now of what LLMs can do, so it feels really scary because we&#8217;re looking up this hill that looks pretty steep, but there will be a plateau,\u201d Rose says. \u201cWe\u2019re going to hit a point where a lot of the stuff that we&#8217;re feeling today is going to normalize. \u2026 For those of us that are able to stick it through and manage our risks appropriately, when we get to that plateau, there&#8217;s going to be a lot of benefit.\u201d<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What States Need to Know About Mythos https:\/\/www.governing.com\/management-and-administration\/what-states-need-to-know-about-mythos Publish Date: 2026-06-23 00:05:00 Source Domain: www.governing.com&#8230;<\/p>\n","protected":false},"author":1,"featured_media":235407,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/erepublic.brightspotcdn.com\/dims4\/default\/cedb203\/2147483647\/strip\/true\/crop\/3000x1458+0+0\/resize\/1440x700!\/quality\/90\/?url=http%3A%2F%2Ferepublic-brightspot.s3.us-west-2.amazonaws.com%2Fde%2F92%2F65fab1a1408cbe414e0409d85a25%2Fbiz-trump-anthropic-feud-explainer-filepic-get.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,31,27],"class_list":["post-235406","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/235406"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=235406"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/235406\/revisions"}],"predecessor-version":[{"id":235408,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/235406\/revisions\/235408"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/235407"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=235406"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=235406"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=235406"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}