National Cyber Security Centre (NCSC) statement on Anthropic’s Mythos Preview model for defensive cyber security purposes

National Cyber Security Centre (NCSC) statement on Anthropic's Mythos Preview model for defensive cyber security purposes

• From: Department of Justice, Home Affairs and Migration

• Published on: 13 April 2026
• Last updated on: 13 April 2026

The NCSC is aware of Anthropic's announcement of the release of the Claude Mythos Preview and has reviewed the published technical material. The model has not been released to the general public and is currently unavailable for independent testing. It is currently available only to a restricted consortium of major technology companies under Anthropic's Project Glasswing initiative, which is focused exclusively on defensive security work.

The capabilities described by Anthropic appear to represent a significant change in the way hardware and software vulnerabilities are identified and patched. These capabilities confirm the developments the NCSC has been tracking and communicating publicly since 2023. The NCSCs earliest published guidance on AI and cybersecurity identified the potential for advanced AI models to accelerate both offensive and defensive cyber operations.

At present the advantage is with cyber defenders. These new capabilities are in the hands of major technology vendors who are using them to identify and patch vulnerabilities in the hardware and software that underpins critical infrastructure worldwide. There is no indication that a comparable autonomous vulnerability discovery capability is available to threat actors at this time.

Organisations should expect accelerated vulnerability disclosure over coming months as these tools are applied at scale. This may place additional pressure on patch management processes, particularly for organisations running legacy systems or end-of-life software where remediation options may be limited. Now is the time to review asset inventories, prioritise patching discipline, and assess exposure to unsupported components.

Anthropic's decision to restrict the release of the model and to work collaboratively with industry partners is a responsible approach. The NCSC would encourage all frontier AI developers to adopt similar practices widening the availability to trusted global industry and Government cyber security partners. Potentially dangerous capabilities should not be released without putting in place appropriate safeguards, coordinated disclosure arrangements, and meaningful engagement with the security community, including national CSIRTs (Cyber Security Incident Response Teams).

The NCSC continues to monitor developments in AI-enabled cyber capabilities, coordinating with our international partners, and will update national guidance as the situation evolves. Organisations should continue to implement the Cyber Fundamentals (CyFun) framework, maintain robust vulnerability management, and engage with NCSC advisories as they are published.

ENDS…///

Contact:

Press Office, Department of Justice, Home Affairs and Migration

Email: [email protected]

About the National Cyber Security Centre (NCSC)

The NCSC is under the aegis of the Department of the Justice, Home Affairs and Migration. It is responsible for leading in the management of major cyber security incidents across government, providing guidance and advice to citizens and businesses on major cyber security incidents, and developing strong international relationships in the global cyber security community for the purposes of information sharing.