printer friendly version

Claude Mythos wake-up call

Late last month, the industry learned that Anthropic was developing Claude Capybara, also called Mythos, a powerful new AI model with substantially improved capabilities in vulnerability discovery, exploit development, and multi-step attack reasoning. While the details emerged through a data leak rather than a formal launch, the market response was unmistakable.

Jonathan Zanger, CTO of Check Point Software Technologies.

AI has crossed a critical cybersecurity threshold. The frontier models are accelerating attack lifecycles and will enable attackers to identify and exploit vulnerabilities at scale and speed, through novel methods that were previously the domain of advanced nation-state entities.

For security leaders, this development is both a warning and a call to action. It crystallises a trend we have been closely monitoring and preparing for: the democratisation and industrialisation of cyberattacks.

Two structural shifts redefining cyber risk

Claude Mythos is the early signal of two profound shifts in the threat landscape:

1. Democratisation of advanced attack capabilities

Capabilities that once required elite threat actors or well-funded nation-state teams will be accessible to low-skill actors leveraging AI assistance. We must assume adversaries will wield these capabilities. The paths are already clear: abuse frontier models directly, as threat actors did with Claude Code in September, or wait for the same capabilities to land in open-source, unmonitored models like DeepSeek, where no usage policies or safety layers stand in the way.

This fundamentally lowers the barrier to entry for sophisticated attacks. Organisations that once considered themselves “safe” because they were not targets of advanced nation-state activity are now at risk from newly capable criminal groups armed with AI-powered tools.

2. Industrialisation of Cyberattacks

With the expected advancement in agentic capabilities, threat actors will be able to scan legacy and SaaS technologies at unprecedented frequency and scale. This will lead to a near-continuous flow of novel attack methods targeting enterprise systems, networks, and employees. AI enables threat actors to transition from manual, artisanal operations to repeatable, automated attack pipelines. Attacks are becoming systematic, scalable, and reproducible, like software manufacturing. This is the era of “AI attack factories”.

The convergence of these two forces produces a dangerous outcome: more attackers can execute more sophisticated attacks, simultaneously increasing both attack volume and velocity. The time-to-exploit window will collapse to near zero days.

Why this is important

We all should be alarmed by the leak associated with the new Claude model, but we should not be surprised. Check Point has been continuously evaluating AI model capabilities and anticipating this evolution. We have known that advanced models would eventually demonstrate proficiency in code review, vulnerability discovery, and reverse engineering, and could integrate with tools and APIs that enable penetration testing and exploitation.

What is important to understand is that the gap between writing code and analysing code is narrower than many realise. An AI system capable of generating sophisticated software can be trained or prompted to identify vulnerabilities within it. This capability, combined with exploit development and the ability to chain multi-step attacks, creates an entirely new threat surface.

Reassess your security posture now

In response to this evolving threat landscape, we urge security leaders to conduct a rigorous reassessment of their security foundations. This is not only about implementing new tools. It is also about ensuring that your security tools themselves are secure.

Where to start:

● Assess the security efficacy of your first line of defence. Networks, firewalls, WAF, endpoint, and email security are critical. But are they tuned for zero-day protection? Default security configurations are not optimised to defend against previously unknown exploits. If your perimeter and endpoint security are running standard baselines, you are exposed.

● Evaluate your risk level. Look hard at your security vendors’ CVE history. When AI compresses exploitation timelines to hours, a pattern of frequent critical vulnerabilities is no longer a manageable operational burden; it is a strategic liability.

● Hunt your blind spots: legacy servers, unpatched systems, accounts without MFA, unprotected remote access. The long tail of your infrastructure is where attacks typically land.

● Accelerate your patching cycles and evaluate solutions for automated virtual patching and safe remediation. Time-to-patch becomes increasingly critical as campaign timelines move from weeks to minutes.

● Redefine and reinforce network segmentation to protect your crown jewels. Assume breach, limit lateral movement, and ensure that critical assets are isolated from general network traffic.

Moving forward

The step-change in AI models' offensive capabilities did not happen in isolation. It arrived alongside a sharp increase in open source software supply chain attacks, with both signals pointing to the same conclusion: the speed and surface area of attacks are accelerating.

Whether your organisation has adopted AI or not is irrelevant. Threat actors have, and they will continue to push these capabilities further.

As a security vendor, our mission is to keep adversaries out, keep our solutions resilient, and continuously protect against emerging risks. New models will continue pushing the boundaries of what is possible, for defenders and attackers alike. That is not a surprise; it is the trajectory we have been tracking. What the recent disclosures make clear is that continuous reassessment is no longer optional.

Share this article:

Further reading: