Anthropic, the US-based AI firm behind the Claude family of models, has released a preview of its most advanced system yet—Claude Mythos Preview—that can autonomously plan and execute sophisticated cyber operations with minimal human guidance. Independent tests show the model can surface thousands of previously unknown software vulnerabilities, some undetected for up to 27 years, across every major operating system and popular web browser.
The implications for Asia are immediate. The region hosts some of the world's most interconnected financial systems, from Singapore's banking hub to Tokyo's exchange and Mumbai's digital payment networks. A successful cyber breach could disrupt payments, freeze access to funds, and erode public trust in banking systems across the Indo-Pacific.
The UK's AI Security Institute, part of the Department for Science, Innovation and Technology, tested Mythos Preview on a benchmark called The Last Ones—a series of challenges designed as the final hurdle for AI systems to demonstrate full automation of real-world cyber attacks. In ten independent runs, Mythos achieved full success three times, making it the first AI model to solve the entire attack chain end-to-end. A skilled human operator would typically need around 20 hours to complete the same exercise.
“The results show genuine autonomous chaining of complex sequential actions,” the institute noted. Mythos Preview thus represents a major leap from AI as a powerful assistant to a genuinely autonomous operator, capable of planning and executing multi-step tasks over extended periods with minimal human intervention.
Dual-Use Dilemma for Asia's Digital Economies
Rather than releasing the model publicly, Anthropic has restricted access through its Project Glasswing initiative, giving selected technology companies and critical infrastructure providers—including Apple, Google, Microsoft, Cisco, and Amazon—controlled access. The stated goal is to “secure the world’s most critical software” by identifying and fixing security weaknesses before they can be exploited.
This creates a classic dual-use dilemma. On the positive side, Mythos-class models could enable defenders to discover and patch thousands of previously unknown vulnerabilities at unprecedented speed and scale, potentially making critical software far more secure. Many current cybercrimes, such as ransomware, succeed by exploiting known weaknesses in unpatched systems—these could be significantly reduced if such models are widely used for defensive vulnerability discovery.
However, more sophisticated attacks—especially those using stolen credentials, social engineering, or already-compromised accounts—are far less likely to be affected, as they often bypass traditional software vulnerabilities. On the negative side, the same capabilities could dramatically lower the barrier for malicious actors, allowing them to find and chain weaknesses much faster than human teams.
There is no public evidence that Mythos Preview has reached criminal groups or nation-state adversaries—yet. But the history of cybersecurity technology suggests that well-resourced actors, either state-sponsored or criminal, may develop comparable systems or gain indirect access within the near future. For Asian nations like South Korea, which is experiencing an AI boom that masks deep structural vulnerabilities, the stakes are particularly high.
In the short term, governments across the region are likely to revise their cybersecurity protocols and incident-response frameworks to incorporate mandatory AI-assisted vulnerability scanning. This would require organizations to continuously scan their systems using AI, rather than relying on occasional human checks. While this could dramatically improve security, it raises costs and carries risks of system slowdowns, false alarms, or brief operational disruptions when fixes are applied.
Cyber insurers will almost certainly begin demanding evidence of AI-assisted scanning as a condition for coverage, potentially reshaping the risk landscape for Asian financial institutions and critical infrastructure operators. The finance sector, which relies on highly interconnected digital systems, is especially alarmed. Major UK and US banks are preparing controlled trials under strict safeguards, granting secure, supervised access to the Mythos Preview model in isolated environments—similar to how dangerous viruses are examined in high-security laboratories.
The significance of this technological breakthrough extends well beyond cyber attacks. The same capability could soon allow AI to autonomously manage software development, scientific research, supply chains, or financial operations. As Anthropic prepares for wider deployment, the region's policymakers and industry leaders must grapple with a future where AI crosses the red line from assistant to autonomous operator—with all the promise and peril that entails.
