AI och cyberresiliens

Background

Short history and context

Computer assistance for identifying vulnerabilities in software, specifically to strengthen security of software is common. Modern generative AI has quickly become very capable in coding and is now used to identify vulnerabilities and also find valid exploits. This accelerates the process of finding problems in the software on which our systems rely, and can provide strong offensive capabilities to non-technical adversaries. Much of the Mythos Preview news (discussed below) pertains to this use-case—vulnerability or exploit discovery.

A steady increase in AI-assisted offensive cyber capabilities has been observed in general hacking abilities through capture-the-flag exercises, penetration testing, and malware uses. Notably, the first in-the-wild cyber campaigns by generative AI were found in November 2025 [13] and regular occurrences of autonomous AI-driven hacking have been reported in 2026.

What important information was released about Mythos Preview? 

Anthropic’s evaluations of Mythos Preview revealed that the model possesses significant offensive cyber capabilities, effectively acting as a highly sophisticated, automated red-teaming agent. The model has, according to reports, autonomously exploited all major operating systems by discovering zero-day vulnerabilities that have evaded human researchers and automated tests for years [0, 1, 3]. Examples described include a 27-year-old vulnerability in OpenBSD, an OS that is considered very secure. Disclosure of details of some of these vulnerabilities (that have been patched in response) are provided as evidence. 

Importantly, the new model is not claimed to identify new attack techniques, but rather string together known attack techniques into very sophisticated and complex sequences to achieve a single exploit. The Mythos Preview reports indicate it is a transformational step in identifying vulnerabilities in code and likely a disruptive step in writing working exploits over previous automated (AI) methods. In tests for exploiting Firefox browser, Mythos Preview exhibited a more than 12x increase in the number of vulnerabilities over the previous model [3].

To mitigate the immediate risks of these capabilities proliferating before global defenses are ready, Anthropic delayed the public release of the model and launched Project Glasswing [2]. This initiative grants early access to a select set of 12 US companies, 40 additional organizations, and a slowly growing list of other organizations to get access. The Glasswing project is meant to allow these organizations to use the model defensively, allowing them to harden vital software systems before malicious actors can deploy similar AI tools [0, 1, 2, 11].

The UK's AI Security Institute (AISI) has evaluated the Mythos Preview model in an environment where it can autonomously attempt cyber campaigns on a network [5]. (Note, this is different from giving the model software code and asking it to identify vulnerabilities and write exploits, although exploits may be procedures used in a multi-step hacking campaign). AISI’s findings were that Mythos Preview was comparable to OpenAI's GPT-5.4, i.e., state of the art, but not a large advancement in these tests. AISI also noted that the experimental environment involved an un-secure and not-actively-defended network. 

Is this just marketing hype? 

The model is not released yet, and most information comes from Anthropic, the vendor. While Anthropic undoubtedly benefits from the marketing surrounding these announcements, security experts and industry actions suggest the threat is highly credible. Although AI companies have a history of exaggerating capabilities, analysts point out that Anthropic's claims are substantiated by key facts. Most notably, the specific technical details shared—such as release of hash codes of the vulnerabilities for public verification, and discussion of the resources (dollar and token costs) required—lend significant technical weight to the announcement, moving it beyond mere hype [6]. The discovery of validated decades-old flaws in historically secure systems provides evidence of the model’s disruptive exploit abilities. Next, the immediate mobilization of major tech competitors and infrastructure providers to join Project Glasswing indicates that industry leaders have seen sufficient proof to take the threat to their own software seriously. Adding further credibility, veteran tech entrepreneur and prominent critic of Silicon Valley hype Anil Dash has characterized the situation as "Y2K 2.0"—arguing that this is not a flashy product pitch, but rather a systemic infrastructure crisis requiring a massive, coordinated, and unglamorous engineering effort to fix [7]. Finally, the authors find that Anthropic’s technical reports have a history of trustworthiness.

Information on government responses

The discovery of Mythos's capabilities prompted immediate, high-level crisis meetings within the United States government [4]. Furthermore, the UK's AI Security Institute (AISI) has evaluated the model, noting its advanced ability to carry out complex cyberattacks and bringing regulatory attention to the forefront [5]. Domestically, Swedish defense analysts have emphasized that this represents a fundamental shift in the global cyber balance of power. The consensus is that Sweden cannot afford to rely solely on allied defense structures, implying in part that other nation states likely have or will be developing similarly capable models; we must urgently build our own proactive domestic capabilities to harden national infrastructure before these tools proliferate [4].

Key takeaways

The AI "microscope" effect: Hard evidence indicates that all software contains vulnerabilities. AI models act as powerful microscopes, finding critical structural flaws and exploits at a rate and depth that manual human research simply cannot match [0, 1, 3].

A continual evolution: While Mythos represents a significant leap forward in automated vulnerability analysis and exploit creation, it is part of an ongoing, anticipated evolution of AI in cybersecurity. This capability may have arrived sooner than expected, but the outcome remains the same: we will see a higher volume of discovered vulnerabilities, an increase in exploited zero-days, and a drastically compressed timeline from vulnerability discovery to active exploitation.

Expected surge in vulnerability identification: When models with these capabilities are inevitably released or matched by competitors, we expect a rapid, massive increase in the number of identified software vulnerabilities.

Obsolescence of current disclosure models: The traditional processes for verifying a claimed vulnerability, developing a patch, and managing public disclosure are too slow to keep pace with automated exploit tools. These processes must be fundamentally streamlined to handle the high rate of discovery [0, 1].

Current economic barriers: The computational cost to identify these exploits remains high, but will fall soon, we expect. This cost barrier suggests that the immediate short-term threat may be initially limited to well-resourced state actors targeting high-value infrastructure [0, 1], but soon may be widely available.

Software risk re-evaluation: Although AI's cyber capabilities have evolved steadily, the automation of vulnerability discovery and exploitation alters existing software risk profiles. The previous assumption that discovering and exploiting vulnerabilities requires significant time and manual human effort is no longer reliable. Consequently, software must be re-evaluated under the assumption of automated, machine-speed adversarial testing [10].

Need for lifecycle automation and investment: The traditional, end-to-end process of vulnerability discovery, disclosure, patching, testing, and reporting is under-funded and overly reliant on manual human effort. Because it cannot keep pace with automated, machine-speed adversaries, this entire security lifecycle must be systematically modernized and automated to handle the impending surge in threat volume and velocity.

What does this mean for me?

For the general public

Recognize that the acceleration of AI in cyber applications is not unexpected news for the cybersecurity community, which has actively followed this continual evolution. The Mythos Preview AI model has not been publicly released, and the current cost to run it makes it impractical for widespread, random attacks. Recent trends in model capabilities suggest that we should expect models with similar capabilities to emerge in the near future.

As these tools become more common, software security and general cybersecurity may undergo a broader shift. You can increase resilience by practicing strong, basic cyber hygiene:

• Turn on automatic updates: Software developers will be pushing out security patches more frequently as AI helps them find flaws. Always accept and install updates for your phone, computer, and applications immediately.
• Use strong, unique passwords: Utilize a password manager and enable multi-factor authentication (MFA) wherever possible.

Stay vigilant: Continue to be cautious of phishing emails, suspicious links, and unexpected requests for personal information.

For decision makers with enterprise networks

If you are a decision maker in a technical organization (CIO, CISO, chief architect, etc.) within a company or a governmental agency, this new paradigm applies directly to your responsibilities. Recent industry guidance [8-12] offers specific strategies for this scenario. Importantly, this is not a time for panic, but a time for action. 

To quote a recent article Mozilla Used Anthropic’s Mythos to Find and Fix 271 Bugs in Firefox, “The Firefox team doesn’t think emerging AI capabilities will upend cybersecurity long term, but they warn that software developers are likely in for a rocky transition” [14].

Chances are that you manage a system park with extensive legacy code developed over decades [11]. Unfortunately, in many cases, structural security work may have historically been a secondary priority. This means there is likely a substantial amount of vulnerabilities—either identified in a backlog or still entirely undiscovered—within your direct code and third-party dependencies. While these flaws might not have posed a concrete risk in the past, automated AI discovery means they will very soon turn into active threats [10, 11, 12]. 

You must urgently invest in resilience across several domains:

• Map and minimize your attack surface: Take stock of your exact risk exposure. Conduct thorough vulnerability inventories and threat modeling. Understand your dependencies, and actively limit them wherever possible, paying particular attention to overly permissive access roles and exposed cloud credentials [12].
• Shift metrics to "Time to remediate": Move away from measuring the "stock of identified vulnerabilities." Instead, adopt "time to remediate" as your primary guiding KPI.
• Automate and balance patch management: Evolve your patch management practices, automating processes where possible. Balance the urgent need for quick patching (to protect data confidentiality) against the need for well-tested deployments (to protect system availability). Always stay actively informed about known, actively exploited vulnerabilities.
• Adopt a defense-in-depth posture: Assume that your network will be breached [10]. Architect your systems to make it exceptionally difficult for an intruder to move laterally, while ensuring their actions are easy to detect. This limits the blast radius of any individual exploit.
• Establish AI-assisted vulnerability detection: Invest in your organization's capacity to identify flaws by establishing your own internal capabilities to detect vulnerabilities in both your proprietary code and third-party dependencies [11]. Defenders maintain an advantage when they use AI to audit their own internal architectures.
• Upgrade active defense and detection: Invest heavily in active cybersecurity defenses. Evolve your detection capabilities through Security Operations Centers (SOCs) equipped for advanced intrusion detection that leverage AI to mitigate alert fatigue [10].
• Exercise incident response and continuity: Evolve your incident management and business continuity procedures. Crucially, practice these plans on a regular basis through realistic, high-pressure simulation exercises.

Next steps

To address this new landscape, AI Sweden is coordinating to raise cybersecurity awareness, and work proactively to support the community in the rapid transition. The key contributors are Näringsvärnet, Accigo, Centigo, Försvarsmakten, Lindholmen Science Park, Nexer, Google Cloud, Omegapoint, Sweden’s National Cybersecurity Center (NCSC), AI Sweden, and unnamed organizations(s).

Our response plan is structured around two goals:

1. Educate

• Provide a webinar on April 24, 2026 | Sign up to the webinar
• Provide this webpage that will be periodically updated as warranted

2. Preparation for advancing Swedish cyber defense

(Details are to be determined)

• Itemize changes needed, and map out the “who, how, and what”
• Provide pointers to existing resources and solutions and identify gaps requiring collaboration and innovation

References

[0] Anthropic (April 2026). Claude Mythos Preview Model Card.
https://www-cdn.anthropic.com/08ab9158070959f88f296514c21b7facce6f52bc.pdf

[1] Anthropic Red Team Report (April 2026). Claude Mythos Preview.
red.anthropic.com/2026/mythos-preview/

[2] Anthropic Official Announcement (April 7, 2026). Project Glasswing: Securing critical software for the AI era.
anthropic.com/glasswing

[3] SOFX Report (April 17, 2026). Explainer: The Anthropic Mythos Threat, Simply Explained.
sofx.com/anthropic-mythos-problem-simply-explained/

[4] Dagens Nyheter / Oscar Jonsson (April 2026). Den nya AI-modellen Mythos fick USA:s statsledning att kalla till krismöte.
dn.se/ledare/oscar-jonsson-den-nya-ai-modellen-mythos-fick-usas-statsledning-att-kalla-till-krismote/

[5] UK AI Security Institute (AISI) (April 2026). Evaluation of Mythos Preview.
https://www.aisi.gov.uk/blog/our-evaluation-of-claude-mythos-previews-cyber-capabilities 

[6] Times of India (April 2026). Claude Mythos can hack anything, Anthropic says. Should we believe them?
timesofindia.indiatimes.com/technology/tech-news/claude-mythos-can-hack-anything-anthropic-says-should-we-believe-them/articleshow/130239318.cms

[7] Anil Dash (April 10, 2026). Y2K 2.0: AI Security.
anildash.com/2026/04/10/y2k-2.0-ai-security/

[8] Omegapoint (April 2026). Apropå Mythos: När AI vrider upp tempot i cyberhoten.
omegapoint.se/artiklar/apropa-mythos-nar-ai-vrider-upp-tempot-i-cyberhoten/

[9] Cloud Security Alliance (CSA) & SANS Institute (April 2026). The “AI Vulnerability Storm”: Building a “Mythos-ready” Security Program.
labs.cloudsecurityalliance.org/wp-content/uploads/2026/04/mythosreadyv95.pdf

[10] Mandiant Threat Intelligence / Google Cloud (April 14, 2026). Defending the Enterprise Against AI-Accelerated Vulnerability Discovery.
https://cloud.google.com/blog/topics/threat-intelligence/defending-enterprise-ai-vulnerabilities

[11] Anthropic Security Team (April 8, 2026). Preparing Your Security Program for AI-Accelerated Offense.
https://claude.com/blog/preparing-your-security-program-for-ai-accelerated-offense

[12] Wiz Research Team (April 16, 2026). Claude Mythos: What Cloud Defenders Need to Know.
https://www.wiz.io/blog/claude-mythos

[13] Anthropic (November 13, 2025) Disrupting the first reported AI-orchestrated cyber espionage campaign.
https://assets.anthropic.com/m/ec212e6566a0d47/original/Disrupting-the-first-reported-AI-orchestrated-cyber-espionage-campaign.pdf 

[14] Wired (April 21, 2026) Mozilla Used Anthropic’s Mythos to Find and Fix 271 Bugs in Firefox.
https://www.wired.com/story/mozilla-used-anthropics-mythos-to-find-271-bugs-in-firefox/