Saša Zdjelar is Chief Trust Officer at ReversingLabs, a leader in software supply chain, AI, malware, and threat intelligence security.
getty
Recently, Anthropic announced Claude Mythos and then announced it would not be released. Mythos has found thousands of zero-day vulnerabilities in major operating systems and browsers, including a 27-year-old bug in OpenBSD, an operating system known for being hard to break. Anthropic decided the capabilities were too dangerous and handed preview access to a small consortium under Project Glasswing.
The coverage has framed this as restraint, a responsible lab choosing safety over revenue and giving defenders a head start.
I've spent two decades on the buying side of this industry across energy, technology and now private equity, and that framing strikes me as dangerously comforting.
Nation-state programs have been investing in AI for years at a scale rivaling the commercial sector, and we have seen it twice in public.
DeepSeek's R1 caught the industry flat-footed in January 2025 by matching frontier systems on a fraction of the compute, and Reuters confirmed last week that its next model will run entirely on Huawei Ascend chips, putting a parallel compute stack outside U.S. export controls. If two surprises can come from one Chinese company in 15 months, the assumption that the first Mythos-class capability is uniquely American is almost certainly wrong.
Even if Anthropic is first, the Glasswing model of containment in the open is a delay function with an unknown decay rate, because every additional handle is another seam for leaks or reverse-engineering. As Daniel Miessler observed, Mythos is a general frontier model, not a cyber tool, which means any lab training a sufficiently capable general model is a candidate for the same risk. And the threat is the kill chain compressing to machine speed in a market where exploitation already precedes disclosure, and disclosure often arrives only alongside the patch.
Mythos is best read as a past-due notice rather than a head start, and any organization still planning to fix software quality next quarter has already lost the argument.
The industry treats software quality as a cost center. Vulnerabilities get triaged instead of fixed, SBOMs become a compliance checkbox, and security tools deployed with deep privileges are assumed safer than the things they watch. I've watched this from the buyer's chair.
The questions a CISO asks about third-party software today are the ones I asked early in my career, and the answers are still assurances and attestations that close the procurement cycle without looking inside the box. A model that autonomously chains four bugs into a browser sandbox escape treats those rationalizations as just another target list.
The answers have not changed because the incentives have not. Software is still the only product category where a vendor can knowingly ship defects, disclaim liability in the EULA, cap damages at fees paid, and leave the buyer to absorb the fallout. Every other industry that matters has passed through that phase and out of it, from automotive to medical devices, and software is the holdout.
A year ago at RSA, JPMorgan Chase's Pat Opet sent his software vendors an open letter under his own name making clear their security work was no longer acceptable. He recently shared the result at RSA: JPMC vendors now close findings 45 to 90 days ahead of the industry because JPMorgan tied contract renewal to supplier security. Joe Levy, CEO of Sophos, said "secure by design" only works if "secure by demand" makes it happen, and the only thing that ever moved a line item in a vendor's budget is a purchase order.
Other forcing functions are taking shape, including the EU Cyber Resilience Act and revised Product Liability Directive on the regulatory side, the SEC's cyber disclosure rules and the SolarWinds enforcement action on the personal-liability side, and cyber insurance underwriting on the coverage side. All matter because they converge on the same mechanism: attaching economic consequence to software failure rather than the buyer's books, and none does it fast enough yet to override the contractual liability shields vendors rely on.
Every buyer can do one thing at their next vendor review, which is to ask for a contractual warranty that vendor software meets a defined, verifiable standard. The standard has to cover what every CISO knows matters, from the absence of malware and tampering to leaked information and known-exploited vulnerabilities. It should also extend to emergent concerns like poisoned AI and ML models.
Most vendors will offer a SOC 2 report or a secure-by-design signature instead, but a warranty creates real legal exposure when software fails, while a pledge binds nothing. The realistic version is not an absolute guarantee against every vulnerability, which no competent vendor counsel will sign. It is a tiered warranty covering malware, tampering, leaked secrets and known-exploited vulnerabilities at delivery, with penalties tied to exploitability thresholds in CISA's Known Exploited Vulnerabilities catalog, which lists vulnerabilities being actively exploited in the wild rather than every theoretical defect. That is something a competent vendor can commit to and a court can enforce, and asking the question is the entire argument: Will they warrant their software free of malware, tampering, leaked information and known-exploited vulnerabilities?
Mythos did not create the problem so much as make the deferral untenable. Builders won't fix it on their own because 20 years of incentives have rewarded shipping over fixing, and CISOs and procurement leaders can act this quarter.
The next 12 months will determine whether the past-due notice Anthropic just handed the industry gets paid, or filed alongside SolarWinds, Log4j and CrowdStrike as warnings the industry chose not to act on.
The leverage has always belonged to buyers, and Mythos has removed the last excuse for not using it: the belief that the threat was still theoretical and the timeline still comfortable.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。