May 29, 2026 (News On Japan) - Anthropic's newly developed AI system, Claude Mythos, is forcing companies to rethink cybersecurity as it dramatically accelerates the discovery of software vulnerabilities while simultaneously raising concerns about how attackers could exploit the technology.
Yukihiro Katsumura, an editorial writer at Nikkei Cross Tech, said the emergence of Mythos marks a turning point in cyber defense. While the AI is highly effective at identifying software vulnerabilities—security weaknesses that can be exploited by hackers—it can also be used to generate attack programs capable of exploiting those flaws.
In one simulation involving the Firefox web browser, Mythos reportedly identified vulnerabilities in 72.4% of 250 test cases and successfully generated code capable of carrying out cyberattacks. The AI has also uncovered vulnerabilities that had remained undetected for 27 years and identified issues that conventional testing methods failed to find even after millions of attempts.
Because of the potential risks, Mythos has been made available to only about 50 organizations. However, when those companies used the AI to analyze their own software, they collectively discovered more than 10,000 vulnerabilities.
Unlike traditional security tools, Mythos analyzes open-source software (OSS), whose source code is publicly available and widely used across the internet. The AI can rapidly examine programs containing tens of thousands of lines of code, identifying subtle weaknesses that even experienced developers may overlook. By understanding the meaning and structure of code in a way that resembles human reasoning, the system can detect flaws with remarkable speed.
During the past two months alone, Mythos reportedly analyzed more than 1,000 software projects and identified approximately 6,200 high-risk vulnerabilities. Although Anthropic has notified affected organizations about thousands of these issues, less than 1% have been fully addressed, highlighting the growing gap between vulnerability discovery and remediation.
The challenge stems in part from the culture surrounding open-source software development. For decades, developers have relied on public collaboration and peer review to improve software quality and uncover weaknesses. However, advances in AI have shifted the balance, making it easier for a single malicious actor to discover and exploit vulnerabilities at scale.
Experts argue that organizations must respond by deploying AI on the defensive side as well. Cybersecurity specialists say AI can help security teams analyze large volumes of alerts, distinguish genuine attacks from false positives, and correlate suspicious activity with known threat patterns, improving the speed and accuracy of responses.
Another major concern is the shortage of cybersecurity personnel. A survey conducted by KPMG and Nikkei found that roughly 40% of 400 Japanese companies do not have dedicated cybersecurity organizations in place.
While many parent companies have established security teams, their subsidiaries often lack sufficient personnel and resources. Experts warn that strengthening security governance across entire corporate groups, including subsidiaries, will become increasingly important as AI-driven threats continue to evolve.
Without dedicated cybersecurity structures and adequate staffing, companies may struggle to keep pace with the rapidly changing threat landscape, making them more vulnerable to the growing wave of AI-assisted cyberattacks.
Source: テレ東BIZ
