Frontier AI meets cybersecurity: threat, catalyst, or both?

Financial authorities typically do not convene emergency meetings regarding software releases. But that’s exactly what followed the limited release of Claude Mythos, Anthropic’s artificial intelligence model.

Regulators and banks in the US, UK, South Korea and Japan held urgent discussions about the potential cyber risks posed by this model.

Notably, the release of Mythos not only upset regulators, but also investors. The market began to worry that AI-native companies like Anthropic, with models as capable as Mythos, would eventually make traditional cybersecurity vendors obsolete.

How powerful is Mythos? Are the concerns justified?

What is the Claude myth?

Mythos Preview, a limited internal release of Anthropic’s latest AI models, represents a major shift in what AI can do in cybersecurity, especially on the attack side. This model can identify and exploit zero-day vulnerabilities (security flaws that are unknown and unpatched to developers) across all major operating systems and web browsers.

In some cases, vulnerabilities have been discovered that are decades old and extremely difficult to detect, such as a 27-year-old bug that is now patched in OpenBSD, an operating system widely praised for its security.

Mythos is also known for its speed and sophistication. Exploits that would take a skilled human hacker weeks to develop can be generated in hours.

Even more concerning is the ability to chain multiple low-severity vulnerabilities into a single critical exploit. In one demonstration, Mythos linked four separate vulnerabilities to bypass the browser’s security layers.

Importantly, Mythos is not alone in evolving these features. Other frontier AI models, such as OpenAI’s GPT-5.4-Cyber ​​and Google’s Big Sleep, have shown similar potential, and more models are likely to follow.

Recognizing these risks, Anthropic has decided not to make Mythos publicly available. Instead, we launched Project Glasswing, a managed partnership involving organizations such as Amazon, Microsoft, JPMorgan, Google, CrowdStrike, and Palo Alto Networks to grant access to our models to help secure critical systems.

Not an immediate threat to the cybersecurity field

Some investors interpret Mythos as a threat not just to software security, but to cybersecurity companies themselves.

The concern is that given the capabilities of the Frontier model, AI-native companies like Anthropic could eventually replace traditional vendors. However, we believe this concern is overstated.

First, there is a fundamental difference between discovering vulnerabilities and preventing breaches. Mythos, at least in its current form, can find and exploit weaknesses in code, but it doesn’t provide the end-to-end protection that enterprises need.

Effective cybersecurity requires real-time threat detection, rapid response, and system-wide integration. This is where established cybersecurity companies continue to provide value.

Second, large-scale language models (LLMs) still exhibit high error rates, especially in complex real-world environments. Palo Alto CEO Nikesh Arora pointed out that LLM has a false positive rate of about 30%.

Cybersecurity cannot tolerate such errors. Businesses can be disrupted when AI systems falsely flag benign activity, and breaches can occur when true threats are missed. Until their reliability is significantly improved, AI models such as Mythos will not be viable as a replacement for established cybersecurity platforms.

Third, Mythos is more likely to act as a catalyst for increasing rather than reducing cybersecurity spending. For years, boards have tolerated chronic underinvestment in security infrastructure. That dynamic is now changing as frontier AI models significantly enhance the capabilities of malicious attackers.

Vulnerabilities that once went undetected for years can now be discovered and exploited almost instantly, reducing the time between discovery and attack. This significantly increases the urgency of cybersecurity investments and strengthens the board-level belief in allocating more budget to mitigating increasingly direct business risks.

Bain & Co estimates that many large companies may need to increase their cybersecurity spending by up to two times to protect against AI-driven threats. This is much higher than the approximately 10% annual increase that most companies currently plan for.

In this sense, AI is not a substitute for cybersecurity solutions, but a powerful demand driver.

Potential for long-term disruption

That said, the possibility of long-term disruption cannot be ruled out.

Certain sectors of the cybersecurity industry may be under pressure. For example, vulnerability management companies such as Tenable, Qualys, and Rapid7 focus on identifying and prioritizing vulnerabilities. As frontier AI models become able to perform these tasks faster and more effectively, some of their value proposition may be lost over time.

At the same time, AI-native players such as Anthropic and OpenAI are likely to expand into adjacent security services and compete more directly with traditional providers.

However, platform leaders are structurally well-positioned to withstand such disruptions.

Companies like Palo Alto Networks and CrowdStrike are not single-product vendors. These provide a unified platform across endpoint, cloud, and identity security, among others. This breadth makes them inherently more resilient to disruption, as their value lies in coordinating multiple layers of defense rather than a single feature.

Importantly, both companies are not only deeply embedding AI into their products, but also partnering with Anthropic on Claude Mythos. This puts businesses at the forefront of the transition and ensures they remain leaders as the cybersecurity landscape continues to evolve.

Importantly, these companies also have a key advantage: data. Effective AI-powered cybersecurity relies on vast, high-quality datasets that capture how systems behave during both normal operations and malicious activity.

These datasets have been accumulated through years of deployment and are extremely difficult to replicate. New entrants seeking to build competing AI-powered defense systems will face significant data disadvantages, even if they have access to similarly sophisticated models.

Impact on investment

Taken together, Frontier AI will not replace cybersecurity incumbents, but will reshape the competitive landscape. The short-term impact is likely to be an increase in demand, and the long-term disruption will not be uniform across companies.

Investors with a higher risk tolerance may consider focusing on platform leaders like CrowdStrike and Palo Alto Networks, which are well-positioned to integrate AI and leverage the benefits of data.

On the other hand, more conservative investors may prefer to diversify their exposure through cybersecurity exchange-traded funds, which capture sector-wide growth while mitigating company-specific risk.

The author is a research analyst in the Research and Portfolio Management team at FSMOne Singapore, the B2C division of iFast Financial.