When Mythos Spooked the Security World: AI That Finds and Exploits Vulnerabilities

Earlier in 2026, before Fable 5 shipped to the public, Anthropic's Mythos-class models reportedly unsettled the cybersecurity world with a superhuman ability to find and exploit vulnerabilities. As someone whose job is finding vulnerabilities, I had complicated feelings about this. Here is what it means when AI gets genuinely good at offensive security, and why the response should be defensive adoption, not denial.

What "good at finding vulnerabilities" actually means

There is a difference between a model that can explain a known vulnerability class and a model that can take an unfamiliar codebase and find the novel bug nobody flagged yet. The first is a study aid. The second is a capability that changes the balance between attackers and defenders.

The Mythos line crossed into the second category well enough that Anthropic kept the unrestricted version (Mythos 5) limited to a small group of cyberdefenders and infrastructure providers, while the public gets Fable 5, the same model with hard safeguards. Those safeguards specifically gate cybersecurity and biology, falling back to a less capable model for high-risk prompts. That product decision is itself the signal: the capability was real enough to wall off.