From November 2025-February 2026 at least nine Mexican government organizations were breached. Gambit Security reported that millions of confidential records were stolen from hundreds of servers. This is categorically bad, but scary security news is abundant.
Director of Services Innovation at Advania UK.
For instance, Supply Chain attacks are becoming increasingly common, exposing the tooling that should keep software components reliable and trustworthy. But when source code is compromised, the impact of that damage is widespread and cascading.
Supply Chain compromise is the latest issue to keep the security profession up at night. Against that backdrop, why are the findings from the Mexican government breach so noteworthy?
Generative exploitation
This brutal campaign sets precedent for the scale of real-world exploitation with commodity Generative AI.
After building a map of resources, server data was passed through OpenAI’s APIs to GPT-4.1 for analysis, producing ~2500 reports which were fed back into Claude Code for exploitation. ~400 custom scripts were written to broaden and accelerate the attack.
Roughly 75% of the commands were generated and executed by Claude Code’s tools, including creation of a data exfiltration API and a complex tax certificate forgery tool. The report is clear that safety measures slowed the attack routinely, but never comprehensively enough to prevent it.
This is a view of offensive capability with a very capable scaffold and models released in 2025. AI helped the attacker move faster, discover weaknesses, build custom tools to exploit the weaknesses, and finally exploited more of those weaknesses.
In the interval between this attack and the Mythos Preview announcements, models such as GPT-5.3-Codex and Opus 4.6 already made measurable progress beyond 2025 models on Multi-Step Cyber Attacks.
Is Anthropic’s decision to withhold Mythos Preview a marketing stunt?
Withholding a model has been a long-standing lever in Frontier Lab safety plans. Before Mythos Preview and Glasswing, OpenAI launched their Trusted Access for Cyber program for GPT-5.3-Codex (their first model to reach “High” cybersecurity capability). Anthropic have now launched their similar Cyber Verification Program.
What’s unique in Mythos Preview?
The UK AI Security Institute (AISI) put it best with this summary, “Mythos Preview represents a step up over previous frontier models in a landscape where cyber performance was already rapidly improving”.
The AISI recently created an evaluation which tests model capability on a network attack simulation spanning 32 stages of an attack chain (estimated to take a human 20 hours to complete).
Mythos Preview is the first model to solve this challenge from start to finish, succeeding on 3 of 10 attempts with a 100 million token budget. AISI expect greater budget would improve results further.
Mythos Preview excels at lengthy orchestrated tasks. Anthropic has been explicit that Mythos Preview wasn’t explicitly trained for cybersecurity capabilities; this leap stems from training for coding, specifically by focusing on improvements for long-running execution.
This is the first lesson we should take from Mythos Preview: coding capability and cybersecurity capability are equally linked to context, reasoning and orchestration.
If we review the rest of what can be disclosed (comprising roughly 1% of all findings in the Mythos Preview cybersecurity assessment), some other themes emerge.
Mythos Preview is better at finding and exploiting vulnerabilities, capable of finding things where humans wouldn’t look (scaling in ways that humans won’t), capable of finding things in code that humans have looked at thousands of times (but haven’t identified for decades), produces more accurate vulnerability findings and severity assessments, and is better at recommending fixes to the vulnerabilities it finds.
The Project Glasswing question
This final point brings us to Project Glasswing, Anthropic’s coordinated effort to share Mythos Preview vulnerability findings with the “world’s most critical software” vendors before the fuller findings are published.
This collaboration aims to remediate, “thousands of high-severity vulnerabilities, including some in every major operating system and web browser.”
Anthropic has committed up to $100 million in Mythos Preview usage credits to the Glasswing vendors (for additional scanning and remediation) and $4 million in donations to OSS organizations.
With this level of mutual commitment (backed by messages from these vendors) we can be clear that this is not a marketing stunt. We will learn much more about the current findings once they can be disclosed.
Project Glasswing also seeks to produce concrete recommendations for a new era of AI-driven vulnerability discovery and remediation, possibly encompassing processes like vulnerability disclosure and software updates mechanisms (including OSS and wider supply chains), secure development practices, industry-specific standards, and automation for triage and scaling.
Anthropic concludes the Mythos Preview announcement by contrasting the difficulty of this moment with the last twenty years of, “stable security equilibrium”. Most cybersecurity practitioners would take issue with that characterization.
To cite a counterexample from the UK Government’s Cyber Action Plan, “Nearly a third (28%) of the government technology estate is estimated to be legacy technology, and therefore highly vulnerable to attack.”
But another of the closing statements sets the scene well, “we should prepare with the belief that the current trend is likely to continue, and that Mythos Preview is only the beginning.”
Anthropic’s report is bold, but their claims are backed by some of the most trusted voices in cybersecurity, including CSA (co-authored by Bruce Schneier, OWASP and SANS), NCSC and NIST.
If this is only the beginning, what’s next?
The post-Mythos Preview developments have already begun. As promised with the Mythos Preview, Anthropic have launched their first newer model with cybersecurity de-training in Opus 4.7.
When defenders have access to the fully trained model, this forms a two-prong strategy to advantage defenders. However, we can expect other Frontier AI Labs to release their own more powerful models, and that less strictly controlled models will continue to improve their offensive cybersecurity capabilities.
Two unrelated Anthropic events will also shape the future. The Claude Code source code leak will yield a global uplift in AI capability, because many capability improvements come from this scaffold, rather than in the models.
The success of some of those (often simple) approaches will certainly be mimicked widely, which will effectively democratize cybersecurity improvements.
Also, the DeepSeek, Moonshot, and MiniMax distillation attacks might have already been a factor in Anthropic’s decision to withhold the Mythos Preview release. If true, release rates might slow even while the rate of improvement accelerates.
AI as the differentiator for defenders
Some security experts have suggested that true cybersecurity tradecraft is found in chaining everything together, or evading discovery, or they emphasize that the human was still needed.
While that is all true, the barrier to carrying out attacks like these has been lowered dramatically, and the number of facets requiring human expertise are shrinking rapidly. As an example, the bug bounty profession has already changed dramatically.
It’s encouraging that Anthropic, the Project Glasswing vendors, and the authorities like CSA are all singing from the same hymn sheet.
Generative AI will accelerate remediation, and new security technologies will help defenders in some of the same ways it helps attackers, but all parties agree that security fundamentals will be the meaningful differentiator, even when some of the authors represent security vendors.
For many organizations, this should catalyze effort where it is often de-prioritized. The unglamorous work of improving these fundamentals may finally have its moment. Using AI tools to accelerate those adaptations may be the crucial differentiator for defenders.
We’ve featured the best encryption software.
This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit
