Australia Now Has Access To Anthropic's Claude Mythos. It May Improve Cyber Safety But Not For Everyone

(MENAFN- The Conversation) Artificial intelligence (AI) giant Anthropic has expanded access to a highly advanced model deemed too dangerous for public release, including Australia in the select handful of users.

The large language model, known as Claude Mythos, is now being rolled out to an additional 150 organisations across 15 countries, including the Australian government and several local businesses, as part of Project Glasswing.

In an era where large-scale AI launches are happening on a day-by-day basis, this limited, gradual release may seem particularly surprising. But Mythos is not like most other AI systems. Instead it's an automated tool for assessing software to find critical bugs and vulnerabilities.

This managed release is deliberate, as the discovery of vulnerabilities in computer systems is useful for those who want to defend them and those who want to hack them.

However, the real nature of the impact of AI systems on cybersecurity is significantly more complex.

Finding hundreds of severe vulnerabilities

Under initial testing, Mythos has been able to identify multiple new high-risk vulnerabilities. Left unfixed, such flaws allow attackers to easily steal data or induce system crashes.

While these reports are promising, the raw data needs context. Of the 23,000 vulnerabilities flagged by Mythos, only 6,200 were estimated as high-risk by Mythos. However AI isn't perfect, as human experts could only validate two in every three of these vulnerabilities as high-risk. Even still, the nature and severity of identified vulnerabilities has led developers to say that with Mythos“defenders finally have a chance to win, decisively”.

And winning this battle is extremely valuable.

Over the last few years, Australians have repeatedly been the victims of costly cybersecurity incidents, including Optus, Medibank Private, the Melbourne International Film Festival, and Canvas.

This barrage of attacks likely explain why the Australian Signals Directorate welcomed Australia's inclusion in Anthropic's Project Glasswing. While this AI-driven security offers huge potential benefits, the government so far has been tight-lipped on the specifics of how Mythos will actually be used.

Dangerous in the wrong hands

While discovering vulnerabilities is useful, defenders need to be able to respond to them. This is problematic when tools like Mythos produce large numbers of false reports, which have the potential to overwhelm unprepared cybersecurity teams.

More concerningly, while access to Mythos is currently tightly controlled, it will not be long until similar tools are available to help support hackers.

And it's not just the vulnerabilities that AI can discover that pose risks.

AI systems more broadly are incredibly vulnerable to being tricked or exploited, with highly damaging consequences.

Just this week, hackers used Meta's AI powered chatbot to gain access to high-profile Instagram accounts, including Barack Obama's. They did so by tricking AI chatbots into changing account details. And, even after Instagram announced it fixed the issue, within hours there were reports of further accounts being compromised.

A similar attack known as Echoleak last year revealed how tying Microsoft Copilot to email accounts could introduce significant risks. This was made possible by sending emails to accounts monitored by Copilot's AI. These emails tricked the AI into leaking large amounts of private and confidential information, without the email ever needing to be opened by a human. No longer do we live in a world where hackers need to convince users to click a malicious link, if they can instead convince the AI that reads emails to act dangerously.

Both Echoleak and the Instagram hacks underscore the risks we face as more and more organisations tie their critical functions to AI systems that are difficult to audit, and easy to exploit – even by just being persuasive.

A new balance point

All of this suggests the current cybersecurity landscape might be shifting to a new balance point, where defenders and hackers race to develop and exploit powerful AI tools.

Tools like Mythos aren't a silver bullet. While they provide defenders with an additional set of eyes on where to look, it still will require expertise to work out what is real, and what isn't.

But the advent of the AI era has already fundamentally changed the risks associated with poor cybersecurity practices. Every day a user or service provider delays a software update on one of their devices is a day where a vulnerability can be exploited.

For cybersecurity teams, ensuring compliance is already a difficult enough process that will only get worse when the speed of vulnerability discovery increases.

While they are high value targets for hackers, large organisations will likely remain safe, as they will have the resources to access and deploy tools like Mythos. But smaller, less resourced companies will likely not have the capacity to access these tools – or to react to the upcoming tsunami of cybersecurity updates.

And if they fall behind on these updates, these smaller companies will likely find themselves at far more risk than they ever have been before.

The cybersecurity divide between those with and without resources will only grow. Bridging this gap is not just an IT challenge – it's a public safety concern that will affect us all.

MENAFN04062026000199003603ID1111214465