How Anthropic’s Mythos AI has exposed India to a cybersecurity worry with sovereignty implications

What was particularly disconcerting was that since some of the bugs had been around for decades, they are deeply embedded in many of the critical systems we rely on. This includes a 27-year-old vulnerability in OpenBSD, an operating system believed to be unhackable, and a 16-year-old flaw in FFmpeg, a video library used by billions of devices and that has passed millions of security tests.

The model also demonstrated how attackers could assume complete control of a machine by chaining together vulnerabilities in the Linux kernel; when asked to try to escape a sandbox and contact a researcher, the model succeeded effortlessly, posting details of its actions on public-facing websites without being asked.

These are just the bugs Anthropic was willing to talk about. Over 99% of the vulnerabilities the AI firm discovered are yet to be patched and so details about them have been withheld. The question is not whether these bugs will be fixed, but who gets to decide when, and for whom.

Given the “substantial leap” in the model’s cybersecurity capabilities, the company has granted a small number of organizations (several of the world’s top tech companies) access to its capabilities so they can scan and patch their systems before these vulnerabilities are exploited.

This is, without a doubt, the responsible thing to do. But even as I applaud Anthropic for its restraint, I cannot help but reflect on what this means for everyone else. The small group of organizations with access to Mythos will likely address vulnerabilities in their own systems. But there is a long tail of smaller developers that will not have access to these capabilities, whose software is just as likely to have critical bugs that affect a disproportionately large number of people.

The bigger risk is what happens next. Now that thousands of bugs have been identified in testing, it is a matter of time before these vulnerabilities fall into the hands of those looking to misuse them.

The moment it announced that it had identified all these vulnerabilities, Anthropic painted a big target on its back. We must assume that hackers and malevolent non-state actors alike are already doing all they can to access this information now that they know that this trove of vulnerabilities exists.

One might think that as a leading tech company, Anthropic is probably better equipped than most to keep this information secure. But if there is one thing we know, it is that even the best among us have their moments of weakness.

Just weeks before the official Mythos announcement, a mis-configuration in its own content management system exposed nearly 3,000 internal documents to the open internet, including draft blog posts that in hindsight appear to describe Mythos itself. That leak was not the work of a sophisticated attacker but the result of a toggle left in the wrong position.

Days later, a second lapse exposed over half a million lines of source code from Claude Code, Anthropic’s AI coding tool, to the public for several hours.

To be clear, I am not pointing this out to suggest that Anthropic is a careless company—what happened to it could happen to anyone. The point I am trying to make is that once knowledge of this information enters the public domain, every minute that passes without these bugs being fixed compounds the risk that they will be used to inflict damage.

But what I worry about the most is what happens when this information reaches rogue actors, who we must presume are already doing everything in their power to gain access to it. Zero-day vulnerabilities have long been a favoured tool in the geopolitical militarization of technology, and many countries have dedicated considerable resources to acquiring them for deployment against their adversaries.

In 2010, the US and Israel used a piece of malware called Stuxnet to destroy roughly a thousand Iranian nuclear centrifuges by exploiting vulnerabilities they had discovered in the Siemens industrial control software that was being used in its operation. The US government operates an active Vulnerabilities Equities Process to decide which software flaws should be disclosed and which should be retained for intelligence and military use.

Stuxnet is just one product created by using these vulnerabilities. It is unlikely to be the last. And while Stuxnet emerged as a result of years of effort by elite teams to identify a handful of exploitable flaws, Mythos can find thousands within weeks.

AI has reached a point of strategic consequence. While cybersecurity may be the first domain where this asymmetry manifests, similar capabilities will be aimed at health systems and military infrastructure before long.

For decades, we have built our critical infrastructure on software that we do not control, and it is distributed by companies we do not influence. Now that their vulnerabilities are being catalogued by tools we cannot access, this is no longer a cybersecurity problem. It is an issue of sovereignty.

The author is a partner at Trilegal and the author of ‘The Third Way: India’s Revolutionary Approach to Data Governance’. His X handle is @matthan.