This partial transcript was computer-generated. While our team has reviewed it, there may be errors.
Mina Kim: Welcome to Forum. I’m Mina Kim. It seems Anthropic and the Trump administration are talking again after the company angered the Pentagon for putting boundaries on the way its technology could be used. But fears over the capabilities of Anthropic’s new AI model, Claude Mythos, prompted the reengagement. The San Francisco company says Mythos can find and exploit weaknesses in systems faster than humans can address them, creating new opportunities for defense, but also new levels of opportunity for bad actors to launch cyberattacks on governments, hospitals, banks, and the power grid. Anthropic has held back on releasing its AI model publicly, but what happens when it does? How worried should we be?
This hour, we put those questions and yours to cybersecurity expert Alex Stamos, a lecturer at Stanford and chief product officer at Corridor. Alex, thanks so much for joining us.
Alex Stamos: Hey. Thanks, Mina.
Mina Kim: So can you just start by helping me understand what Mythos is capable of, as you understand it?
Alex Stamos: So Mythos is a model that Anthropic has not released publicly. They’ve provided it to a very small number of large companies to use privately, as well as to some very important open-source projects to use. So Anthropic has been doing work on open-source security for a little while. They’ve been working on the Linux kernel. They’ve been working on Firefox. So this isn’t totally new. But with this new model, what they announced is that they believe that it is a large step change from the capabilities that have existed in the past, that they’ve now been able to find thousands of vulnerabilities instead of just dozens or hundreds, and that they believe that Mythos has a level of capability that is well beyond even the best human testers. So what we’ve seen in the past is that these things are really good at finding bugs, and they’re much faster than humans. But now Mythos is even better than the best human security consultants and security engineers.
Mina Kim: Yeah. I read that Anthropic was saying that it found holes in systems that have been scoured countless times and never found before. It’s that good.
Alex Stamos: It is. And from my perspective, the big change here actually started last year, probably with the release of Opus 4.5, which happened last November. That’s when we started to see these models really kind of at least pull even, or pull a little bit ahead of, the best human researchers in finding flaws in systems I’ve looked at over and over again. Nick Carlini, who’s a researcher at Anthropic, gave a talk at a conference earlier this year, a conference called Impromptu, where he showed a vulnerability in the Linux kernel. You know, the Linux kernel being the software that runs on billions of devices around the world. Every Android phone, lots and lots of embedded devices that run streetlights, cars, and many things that people don’t even think about actually run Linux. This software—the bug that it found—is older than a lot of my coworkers at the startup I work at. It’s 23 years old, older than almost all my students. And the code has been looked at by hundreds of engineers and probably by the people who find bugs and write exploits at pretty much every major government agency that does this in the United States, China, and Russia, because it’s in a part of the code that you would absolutely want to attack if you’re at the NSA, if you’re at China’s Ministry of State Security or the People’s Liberation Army. You would look here for a bug, and all those people missed it. And this was just Opus—it wasn’t Mythos. So these are models you can access right now from Anthropic. So if Mythos is that much better, then we are definitely entering a totally new era.
Mina Kim: Yeah. And I want to ask you about what that era could look like. So first, what you’re describing, I could see, on one hand, as an incredible tool to find bugs, holes, and issues that we have not seen before so that we can defend against them. So why is it scaring people so much?
Alex Stamos: Well, it’s scaring people because the first step in attacking a system is finding flaws in that system. In the cybersecurity world, we use a term called the kill chain. This is a term we borrowed from the military. When the military uses it, it refers to discovering an asset, doing reconnaissance, and figuring out how to deliver a weapon on a target. In the cyber world, the kill chain involves reconnaissance, finding a flaw in a system used by a target, weaponizing that flaw, delivering the exploit, establishing command and control of the system, exploring the network, moving through it, and then doing whatever you want—whether that’s stealing data, shutting down a system, or encrypting it for ransom. One of the first steps is finding the flaw.
Now what we’ve seen is that AI is getting really good at that. At the same time, attackers have been exploring how to use AI to improve the other parts of the kill chain as well. That’s the other kind of research we’ve seen over the last year. Major AI companies, Anthropic and OpenAI, have released threat reports—building on earlier efforts from companies like Facebook and Google—showing how people use these platforms for malicious activity. Those reports show that advanced threat actors are using AI to automate other parts of the attack process, like exploring networks, breaking in, and establishing control channels.
What we’re seeing is attackers taking tasks that used to require human effort—and therefore had limits—and using AI to make them faster and cheaper.
Mina Kim: And I imagine that our ability to patch or defend against these activities pales in comparison, or am I wrong? Do the patches exist, and are they easy to implement?
Alex Stamos: This is where AI can help. AI can find flaws, and it can also write patches. That’s the good news. That’s why Anthropic is providing Mythos to companies and open-source maintainers—not just to find bugs, but to fix them.
What we’re trying to do as an industry right now is fix vulnerabilities before adversaries can exploit them. There’s a race underway. The most advanced models—what we call foundation models, like those from Anthropic, OpenAI, and Google—are currently ahead of open-weight models, many of which are developed by Chinese companies. They’re about six to twelve months ahead.
Right now, if you use a model like Opus 4.7, GPT-5.4, or the latest Gemini models to do something malicious, you’re leaving logs on company servers, which can be accessed by law enforcement. That makes it risky for attackers. But once open-weight models catch up, attackers will be able to run them locally, without oversight. That’s when things get much more dangerous.
Mina Kim: We’re talking with Alex Stamos, chief product officer at Corridor and a lecturer at Stanford, about Mythos from Anthropic.
Listeners, I want to invite you into the conversation. What are your questions about Mythos? How worried are you about it or other AI models that can assist and advance cyberattacks? What are your questions about how AI bug-finding works? Do you work in AI or IT? How are you preparing for AI-powered cyberattacks? Call us at 866-733-6786. Again, 866-733-6786. You can also find us on Discord, Bluesky, Facebook, or Instagram at KQED Forum, or email forum@kqed.org.
And just remind us why we all need to care about this—why we all have a stake in this race and in succeeding, because we have seen what cyberattacks can do. Can you remind us of the scale of disruption this could cause in our lives?
Alex Stamos: I don’t want to be alarmist, but there are a lot of people working to mitigate risks to everyday users. That said, over the last three or four months, there has been a significant uptick in serious cyber incidents, even if they haven’t gotten a lot of coverage.
Some of that is tied to major geopolitical events, like the war in Iran. Iranian cyber actors have carried out significant attacks against American targets. They’ve breached organizations like Lockheed Martin and exposed communications from public figures like Kash Patel. But much of it is also financially motivated. These actors have become extremely sophisticated, possibly with the help of AI.
We’re already seeing real impacts on individuals’ privacy, and that trend is likely to continue as AI makes ransomware and extortion attacks more effective.
Mina Kim: We’ll have more with Alex and with you, listeners, after the break. You’re listening to Forum. I’m Mina Kim.
