On 7 April 2026, the American AI company Anthropic did something no frontier AI developer has done before. It published more than 300 pages of technical documentation about a new artificial intelligence model — and simultaneously announced that it had decided not to release it. The model, named Claude Mythos, is understood to be the most capable AI system the company has ever built. By any conventional commercial logic, it would be expected to generate tens of billions of dollars in revenue. Anthropic has chosen instead to keep it behind closed doors.

The reason, set out in considerable detail across the company’s system card and risk report, is that Mythos has demonstrated a capability for finding and exploiting security flaws in software that is, in Anthropic’s own judgement, too dangerous to make generally available. That is a remarkable statement for any commercial enterprise to make about its own product. It deserves serious attention from anyone who buys, sells, or advises on cyber insurance — and from any business that depends on digital infrastructure, which, in practice, means every business.

What Mythos actually is — and what it has already done

Claude Mythos is a general-purpose AI model with exceptionally strong coding and reasoning capabilities. Anthropic’s interest, and ours, lies in what it has been doing with those capabilities. Given a piece of software and asked to find security flaws, Mythos performs the work of a highly skilled human security researcher — but autonomously, at machine speed, and in parallel across many copies of itself.

Three findings from Anthropic’s own report stand out.

Mythos identified a 27-year-old vulnerability in OpenBSD, an operating system that has a global reputation as one of the most security-hardened in existence and which is widely used to run firewalls and other critical infrastructure. The flaw allowed an attacker to crash any machine running the software simply by connecting to it. It had sat undiscovered since 1999.

It identified a 16-year-old vulnerability in FFmpeg, a piece of video-handling software embedded in countless other applications, in a line of code that existing automated security tools had examined five million times without ever catching the problem.

And it autonomously discovered and chained together multiple vulnerabilities in the Linux kernel — the software that runs most of the world’s servers — in a sequence that allowed an attacker to escalate from an ordinary user account to total control of the machine.

Anthropic has stated that it used Mythos to find thousands of previously unknown vulnerabilities — known in the industry as “zero-days” — in every major operating system and every major web browser. Critically, it was able to do this largely without human direction. Anthropic engineers with no formal cybersecurity training have reportedly been able to ask the model to find serious exploits overnight and wake to a working proof-of-concept the next morning.

These capabilities are reflected in the model’s benchmark scores. The UK Government’s AI Security Institute, which evaluated Mythos independently, found that on expert-level capture-the-flag cybersecurity challenges it succeeded 73 per cent of the time — and that it became the first AI model ever to complete, end to end, a 32-step simulated corporate network attack exercise. On the industry-standard SWE-bench Verified coding benchmark it scores 93.9 per cent.

The real story: an offence–defence asymmetry that has shifted decisively

The temptation with any report of this kind is to treat the most dramatic finding as the story. It isn’t. The 27-year-old vulnerability is memorable, but the story is structural. What Mythos represents is a decisive shift in the balance between cyber attackers and cyber defenders — a balance that has always been uncomfortable for defenders, and has just become markedly more so.

Cybersecurity has long been a contest in which attackers need to succeed only once and defenders need to succeed every time. The economics have always favoured the attacker. The emergence of AI systems that can find sophisticated vulnerabilities autonomously, at scale, and at very low marginal cost compresses the attacker’s working timeline dramatically. The defender’s timeline — patching software, rolling out updates, training staff, waiting for vendor responses — moves at human speed, constrained by operational risk, testing cycles, and the sheer inertia of installed systems.

“The window between a vulnerability being discovered and being exploited by an adversary has collapsed — what once took months now happens in minutes with AI.”

— Elia Zaitsev, Chief Technology Officer, CrowdStrike

Nikesh Arora, CEO of Palo Alto Networks, has described the prospect succinctly: a horde of AI agents methodically cataloguing every weakness in a business’s technology infrastructure, constantly. That is not science fiction. It is a reasonable extrapolation of a capability that already demonstrably exists in at least one laboratory, and which, by the industry’s own track record, is likely to be replicated by competing developers within months.

What this means for the cyber insurance market

The implications for cyber insurance, both for those who buy it and those who underwrite it, are substantial. Five points are worth drawing out.

Frequency and severity assumptions will come under pressure. Cyber insurance pricing rests on historical claims data. If AI systems compress the window between vulnerability discovery and exploitation from months to minutes, and if they dramatically increase the pool of actors capable of launching sophisticated attacks, historical frequency data will, by definition, understate forward-looking risk. Underwriters are already modelling this; buyers should expect the conversation at renewal to evolve.

Accumulation risk moves sharply up the agenda. A single zero-day vulnerability in a piece of software as widely used as the Linux kernel, FFmpeg, or a major web browser could in principle trigger thousands of simultaneous claims across a reinsurer’s book. Cyber reinsurers have been wary of this for several years; the Mythos disclosures will sharpen that wariness. We expect to see continued evolution in the use of event limits, systemic event wordings, and reinsurance treaty structures.

The war exclusion debate will intensify. The Anthropic report and accompanying commentary from the Council on Foreign Relations note that state-sponsored actors from China, Iran, North Korea, and Russia have strong incentives to acquire comparable capabilities. The long-running legal arguments about how cyber policies respond to state-sponsored attacks will only become more pointed as AI-enabled attacks blur further the line between criminal and state-aligned activity. Policy wordings will continue to evolve, and businesses should expect to pay attention to the detail.

Underwriting questions will change. Expect insurers to ask increasingly pointed questions about patching cadence, software bills of materials, use of AI-assisted defensive tooling, detection and response capability, and third-party supply-chain dependencies. Businesses that can demonstrate a mature posture on these questions will, we expect, increasingly see that reflected in terms. Those that cannot may find capacity harder to access on acceptable terms.

The same AI capabilities are being deployed defensively. Anthropic has launched Project Glasswing, a consortium that includes Amazon Web Services, Microsoft, Google, Apple, Cisco, CrowdStrike, JPMorgan Chase, NVIDIA, Palo Alto Networks, and the Linux Foundation, specifically to use Mythos to find and fix vulnerabilities in critical infrastructure before they can be exploited. There is a credible argument that AI-assisted defensive tooling will meaningfully improve the baseline security of commonly-used software over the coming year — which is a direction of travel that favours policyholders as well as insurers.

What this means for UK businesses today

The practical implications differ by size and maturity, but some themes are common to organisations of every scale.

For smaller and mid-sized commercial businesses — the backbone of our client base — the most important point is that the fundamentals have not changed. The controls that reduce cyber risk today are the controls that will continue to do so. Multi-factor authentication on all remote access. Prompt patching, particularly of any internet-facing system. Offline, tested backups. Staff training on phishing and social engineering, which remain the most common initial vectors by a considerable margin. A documented incident response plan, even a simple one. These measures do not become less important because AI has entered the threat landscape; they become more important, because the tolerance for error narrows.

For larger and corporate organisations, the agenda is broader. A Mythos-era risk posture should include an honest assessment of legacy software exposure, given that many of the vulnerabilities Mythos has surfaced have been present in widely-used systems for decades. It should include serious engagement with software supply chain risk, recognising that the security posture of third-party vendors is now effectively part of the organisation’s own. It should include consideration of AI-assisted defensive tooling, which is increasingly available from established vendors and is no longer the preserve of the very largest security operations. And it should, candidly, include a review of cyber insurance programme adequacy against a threat landscape that has clearly moved.

For every organisation, regardless of size, we would make one further observation. The Mythos disclosures are a useful prompt to revisit the basic question of whether cyber cover is in place at all, and whether the limits purchased reflect the business’s actual exposure. A material proportion of UK small and medium-sized businesses still carry no cyber cover, or carry limits that bear little relation to the potential cost of a serious incident. That position was difficult to defend before Mythos. It is harder to defend now.