On April 7, artificial intelligence company Anthropic announced the development of a new AI model named Mythos, designed to autonomously identify cybersecurity vulnerabilities. Due to its advanced capabilities, the firm has chosen not to release Mythos publicly but will instead share it selectively with organizations responsible for critical software infrastructure. The move reflects growing concerns about the potential risks posed by AI models that can detect and exploit so-called “zero-day” vulnerabilities—flaws unknown to software developers and unpatched in existing systems.

Anthropic’s initiative, labeled Project Glasswing, has prompted cybersecurity discussions among government officials and industry leaders, including key Indian authorities studying the model’s implications. Experts caution that the arrival of AI systems like Mythos marks a significant shift in vulnerability discovery, threat development, and cybersecurity defense.

Aseem Jakhar, an industry analyst, noted that Mythos represents a leap beyond earlier AI tools by operating with greater autonomy in identifying and potentially exploiting bugs. Jakhar emphasized that while the postponement of Mythos’s general release addresses immediate security concerns, similar technologies will inevitably become more widespread. The ability of such models to independently detect, prioritize, and even weaponize vulnerabilities could empower underground markets and vendors trading zero-day exploits, thereby altering the cyber threat landscape.

Sharda Tickoo, a cybersecurity practitioner, highlighted that while AI’s presence in cybersecurity is not new, the scale and speed at which Mythos-like tools operate compress the traditional lifecycle of vulnerability management—from discovery through exploitation. However, Tickoo cautioned that vulnerability discovery has not historically been the primary obstacle for enterprises; rather, the main challenge lies in effective execution, including patch prioritization and scaling defensive measures. She stressed that an accelerated discovery process must be matched by faster and smarter protective actions to manage the increased threat effectively.

The integration of large language models (LLMs) and AI tools into cybersecurity is expected to reshape the profession itself. Jakhar predicted that over the next five to ten years, AI will streamline vulnerability detection and reduce the need for highly specialized technical skills such as reverse engineering. Professionals who adapt by incorporating AI into their workflows may enhance their efficiency, while routine tasks risk becoming automated and commoditized.

Tickoo echoed this outlook but underscored the enduring importance of human expertise, particularly in contextualizing vulnerabilities, assessing business impact, and strategizing defenses. While AI can assist in uncovering threats more rapidly, human researchers will remain vital in validating which vulnerabilities are genuinely exploitable. Regarding bug bounty programs, where individuals report security flaws to organizations for rewards, Tickoo suggested AI will increase efficiency but not eliminate the need for human participants.

The advent of AI tools like Mythos also raises questions about their impact on state-sponsored cyber operations, which often rely on exclusive zero-day exploits. Jakhar remarked that while both offensive and defensive actors will gain access to advanced AI tools, the cost of zero-day exploits may decline due to easier and cheaper identification. This shift could disrupt existing exploit markets but will likely spur adversaries to innovate further.

Tickoo added that although widespread vulnerability detection may shorten the useful life of zero-day exploits, sophisticated threat actors will adapt by accelerating attack timelines and focusing on more complex tactics, such as chaining multiple vulnerabilities and exploiting misconfigurations. She noted that many successful attacks today still leverage known but unpatched vulnerabilities, underscoring that the broader challenge remains effective vulnerability management rather than discovery alone.

Together, these analyses highlight the dual-edged nature of advanced AI in cybersecurity: while offering powerful new tools for defense and vulnerability research, models like Mythos also introduce complexities that governments, enterprises, and security professionals must address proactively.