Shalini S Sharma
The North Block of the Secretariat Building in New Delhi usually hums with the dry, rhythmic sound of staplers and the shuffle of files. But on the afternoon of April 23, the air felt electric, charged with a tension that hadn’t been seen since the 2016 demonetisation. Finance Minister Nirmala Sitharaman stood before a closed-door assembly of the Indian Banks’ Association (IBA) and top officials from the Ministry of Electronics and IT.
She didn’t speak of inflation or fiscal deficits. Instead, she spoke of an “invisible arrow.” She spoke of Mythos.
“In our ancient texts,” she remarked, her voice steady but grave, “the Brahmastra was a weapon that once released, could not be recalled. It sought its target through the ether, bypassing all physical armour. Today, cyberspace has found its own Brahmastra. And it is named Mythos.”
Digital Brahmastra
To understand why the Finance Minister was sounding the alarm, one must look at the genetic code of Mythos. For decades, the world of cybersecurity was a game of cat and mouse. Hackers (the mice) found a hole; developers (the cats) patched it.
This was the era of the “Trojan” and the “Ransomware”— tools that were fundamentally human-driven. They required a coder to sit in a dimly lit room, scanning lines of C++ or Python, looking for a mistake.
Mythos changed the rules of the game because it stopped being a tool and started being a hunter.
Developed by Anthropic as part of their internal frontier research, Claude Mythos Preview was never intended to be a weapon. It was designed to be the ultimate auditor — a model so profoundly capable of understanding software architecture that it could “reason” through logic flaws the way a grandmaster reasons through a chessboard.
How is Mythos different from other viruses?
Traditional viruses are like biological pathogens: They need a specific “lock” to fit their “key.” If one changes the lock (patch the software), the virus dies. Mythos, however, is generative and agentic. It doesn’t carry a payload; it ‘invents’ one.
When Mythos encounters a banking firewall, it doesn’t just try a list of known passwords. It analyses the entire codebase of the bank’s digital infrastructure in milliseconds. It looks for “Zero-Days” — vulnerabilities that the developers themselves don’t know exist yet. It is the difference between a thief who has a stolen key and a thief who can rewrite the atoms of the door to make it turn into mist.
What makes Mythos lethal?
The lethality of Mythos lies in its autonomy and scale. In April, during a controlled “red-team” test, Mythos identified a 27-year-old security flaw in OpenBSD — an operating system famous for being “unhackable.” It found the flaw, wrote the exploit, and executed a multi-step bypass in under four minutes.
A human team of elite hackers would have taken months to find that same needle in the haystack. Mythos doesn’t get tired, it doesn’t need a salary, and it can attack ten thousand targets simultaneously, tailoring a unique “arrow” for every single one.
Brain as a weapon
The story of Mythos is not a story of a virus. It is the story of humanity’s transition into an era where intellect is the primary weapon.
In the ancient epics, the Brahmastra was said to be so powerful that its use could cause a 12-year drought and destroy the fertility of the land. In the 21st century, the digital Brahmastra threatens the “fertility” of our trust — our belief that our money is safe, our data is private, and our systems are secure.
The Finance Minister’s warning to the banks was a call to arms. Not for more firewalls, but for a new kind of digital wisdom. Because in a world where Mythos exists, the only way to survive the “invisible arrow” is to become the light that reveals the archer.
The age of the hacker is ending. The age of the AI-sovereign has begun.
Anatomy of a hunter
To understand the “lethality” of Mythos, one must look at its Recursive Logic Engines. Unlike previous Large Language Models (LLMs) that predicted the next word in a sentence, Mythos utilises a proprietary architecture known as “Reasoning-Trace Execution.”
How it works: When Mythos is presented with a software system — say, a bank’s core transaction ledger — it doesn’t just read the code. It creates a “digital twin” of the environment in its hidden latent space. It then runs millions of simulated attacks against this twin.
Step 1: Deep discovery. It identifies “dormant code” — segments written decades ago that are still active but rarely audited. These are the “ancient ruins” of the digital world.
Step 2: Logic inversion. It asks, “If I were the developer, what assumption did I make that is logically impossible to verify?” It might find that the system assumes a “user ID” can never be a negative number, then proceeds to force a negative number into the buffer.
Step 3: Multi-vector exploitation. This is where the Brahmastra analogy becomes literal. If a firewall blocks one path, Mythos doesn’t stop. It uses the first “crack” to gain information to find a second, third, and fourth crack. It links these minor flaws together into a “chain of doom” that results in total system takeover.
In the world of cybersecurity, this is called Autonomous Exploit Generation (AEG). For 30 years, AEG was a theoretical nightmare. With Mythos, it became a reality. The model can identify vulnerabilities in every major web browser and operating system currently in use. It is effectively a master key to the modern world, capable of “unmaking” the security of any system it is pointed at.
When the news of Mythos broke, Anthropic took an unprecedented step. They refused to release the model to the public. Instead, they announced Project Glasswing, a restricted initiative where only a “handful” of Tier-1 companies — Microsoft, Google, JPMorgan Chase, and a few others — would have access.
How feasible is the assurance of restricted use?
Anthropic’s claim that usage will be limited is, in the short term, technologically feasible. They host the model on their own servers; one does not “download” Mythos, one “talks” to it via a heavily monitored API.
However, history suggests that “secrets” of this magnitude have a half-life. By late April, rumours had already begun circulating on private Discord servers that a third-party vendor’s credentials had been compromised.
A small group of unauthorised users reportedly gained “preview” access. While Anthropic downplayed the breach, it highlighted the fundamental flaw: The more powerful a tool is, the more gravity it exerts on those who want to steal it.
Will it be available for everyone in the long run?
The short answer is, yes. Because of the rule of inevitable proliferation.
While Anthropic might keep the ‘original’ Mythos under lock and key, the “recipe” is now out. Other labs in nations with different ethical frameworks are already racing to replicate the results. By 2028, we should expect “Mythos-class” models to be available on the dark web. Just as nuclear technology eventually spread despite the most stringent controls, the “weights” of these models — the digital brains — will eventually leak or be independently reinvented.
Beyond ransomware
Most viruses are the work of digital pirates — mercenaries looking for a Bitcoin payout. Mythos is different. It was not created by a hacker in a basement; it was created by scientists aiming for Artificial General Intelligence (AGI).
The “ransomware” model is actually too small for Mythos. If one has a weapon that can collapse a national power grid or rewrite the records of a central bank, one is not looking for a few million dollars. You are looking at geopolitical sovereignty. Mythos represents a “state-shifting” capability. It is not about stealing money; it is about the power to decide who ‘has’ money.
The shield in Brahmastra
If Mythos is the ultimate weapon, why did Anthropic build it? The answer lies in the ‘Dual-Use Paradox’. In cybersecurity, the “sword” and the “shield” are forged in the same fire.
The benefits of Mythos-class AI
The great patching: For every vulnerability Mythos finds to exploit, it can also write the fix. We are currently living in a world of “vulnerability debt,” where billions of lines of old, insecure code run our hospitals and power plants. Mythos could, in theory, crawl through the world’s infrastructure and “heal” it in a weekend — patching bugs that would have taken human civilization another century to find.
Autonomous defence: Imagine a “guardian AI” that sits on a bank’s server. When a new attack pattern emerges, the guardian (powered by Mythos-level reasoning) recognises it instantly and rewires the network’s topology in real-time to isolate the threat.
Lowering the cost of security: Currently, high-end cybersecurity is only affordable for the Fortune 500. A “democratised” defensive version of Mythos could provide world-class protection to small businesses, NGOs, and individual citizens who are defenceless against state-sponsored actors.
The moral dilemma
To make an AI that is a perfect defender, one has to teach it how to be a perfect attacker. One cannot recognize a “zero-day” unless one knows how to find one. This is why Anthropic’s “limited release” is so controversial. By giving the tool to only a few “trusted” companies, they are essentially deciding who gets the best shield, leaving the rest of the world vulnerable to whoever eventually steals the sword.
Can there be any benefits of Mythos?
As the Finance Minister concluded her briefing to the bankers, her tone shifted from warning to opportunity. “We must not just fear the Brahmastra,” she said. “We must master the science that created it.”
The benefits of Mythos-class technology are profound if harnessed correctly:
Infrastructure resiliency: Mythos can be used to “stress-test” national grids, finding the one loose bolt in a sea of millions before a natural disaster — or a terrorist — finds it.
Software evolution: By identifying the fundamental “DNA flaws” in how we write code, Mythos is teaching humans how to build a more robust digital civilisation. It is forcing a “great cleanup” of the messy, insecure internet we built in the 1990s and 2000s.
Financial integrity: In the banking sector, Mythos can analyse trillions of transactions to find the subtle “ghost patterns” of money laundering or terror funding that are invisible to current algorithmic filters.