On Tuesday, Dario Amodei, CEO of Anthropic, engaged in a dialogue with Jamie Dimon, CEO of JPMorgan Chase, addressing the increasing cybersecurity threats posed by artificial intelligence’s ability to detect software vulnerabilities more swiftly than they can be addressed.
During an event that lasted nearly two hours and was part of Anthropic’s foray into financial services—including unveiling AI agents designed for tasks like creating pitchbooks, reviewing earnings, and ensuring compliance—Amodei expressed concern about a potential six to 12-month period. This is the time organizations have to remedy tens of thousands of flaws identified by Anthropic’s Mythos model before such capabilities become more widespread.
“The risk involves a significant rise in vulnerabilities, breaches, and financial damages from ransomware attacks on critical institutions like schools, hospitals, and banks,” Amodei highlighted.
This warning follows earlier tests with Mozilla where an initial version of Mythos identified 271 flaws in the Firefox browser in just one pass. This demonstrated AI’s ability to scan large codebases much faster than human researchers can manage.
Anthropic revealed that its model could detect thousands of hitherto unknown vulnerabilities across popular software. Many remain unpatched and thus unresolved.
“Announcing these issues without fixing them would lead to their exploitation by malicious actors,” Amodei pointed out.
In controlled scenarios, Mythos was able to execute multi-step network attack simulations independently, showcasing its capacity to transition from identifying vulnerabilities to exploiting them.
Access to the model has been limited to a select group of partners through Project Glasswing. The aim is to repair these vulnerabilities before analogous tools become more accessible.
Research indicates that aspects of Mythos’s capabilities can be replicated using existing models and open-source methods, hinting that similar technologies might proliferate more rapidly than anticipated.
However, some in the industry have expressed skepticism. In April, Sam Altman, CEO of OpenAI, suggested that concerns about Mythos may be exaggerated and accused Anthropic of employing “fear-based marketing” to underscore risks and justify restricted access to their technology.
“There are numerous ways to rationalize this, and some of it is genuine, such as legitimate safety issues,” Altman remarked. “But if the aim is ‘we need to control AI exclusively because we’re the trustworthy ones,’ I believe fear-based marketing might be the most persuasive justification.'”
Despite this criticism, even amid a public dispute with Anthropic, reports indicate that the U.S. government has been using Claude Mythos to probe classified networks for vulnerabilities and test its cybersecurity defenses, according to Axios. While Amodei did not comment on the ongoing legal conflict, he stated that Anthropic is “beneficial for this country.”
“Anthropic’s stance remains consistent,” Amodei explained. “Regarding politicization, I emphasized being streamlined, systematic, and equitable for all. The essence of laws is to ensure companies are treated uniformly in principle—even though it’s more complex in reality—and we should strive towards that ideal even if perfection isn’t achievable.
Amodei described this as a critical period for action, warning that the speed at which organizations react could determine whether these risks escalate or are managed effectively.
“This is a pivotal moment of danger. If we respond appropriately—and I believe initial steps have been taken—we can emerge into a better world,” Amodei stated. “There’s a finite number of bugs to discover.’