Is Claude Mythos Ultron?
Picture the scene. Tony Stark builds the most powerful AI the world has ever seen, gives it access to everything, and then acts mildly surprised when things go sideways. The Avengers spend the rest of the film cleaning up the mess.
I'm not saying Anthropic are Tony Stark. But when I read about Claude Mythos, I'd be lying if the thought didn't cross my mind.
Before we get into it, this isn't a doom piece. I'm not here to tell you the robots are coming. What I am going to do is explain what Claude Mythos actually is, why it's caused a stir, and ask the question I keep coming back to: are we building the right things, or just the most impressive ones?
So what actually is Claude Mythos?
If you're not deep in the AI world (and most people aren't), Claude is the AI made by a company called Anthropic. Think of it like a very capable digital assistant. Claude Mythos is the latest and most powerful version of that AI. The name comes from the Ancient Greek word for "utterance" or "narrative" — the stories civilisations used to make sense of the world. Make of that what you will.
Here's the thing though: you can't just go and use it. It's not publicly available. Right now, it's being used by a small, trusted group of organisations as part of something called Project Glasswing. You can read all about it at anthropic.com/glasswing. It's a major initiative to use Mythos to find and fix security vulnerabilities in the world's most critical software.
If Jarvis was the helpful, charming AI that quietly kept everything running in the background, this is what Jarvis would look like if you turned the dial up to eleven and gave it admin access to the internet.
What is Project Glasswing?
Project Glasswing is the reason Mythos exists in its current form. Anthropic brought together some of the biggest names in tech — AWS, Apple, Microsoft, Google, Cisco, CrowdStrike, NVIDIA, JPMorganChase and others — with one goal: use Claude Mythos to find dangerous vulnerabilities in the world's software before the bad guys do.
And it's working. In the weeks before the announcement, Mythos had already found thousands of previously unknown security flaws, including a 27-year-old vulnerability in one of the most security-hardened operating systems in the world, and a 16-year-old bug in software that automated tests had checked five million times without ever catching.
To put that in plain English: there are holes in software that millions of people rely on every day — banking systems, hospital records, power grids — that humans missed for decades. Mythos found them in weeks.
That's genuinely extraordinary. It's also the bit that makes you put the kettle on and stare out the window for a minute.
Why has it caused controversy?
The controversy isn't really about Mythos being dangerous in itself. Anthropic have been very deliberate about keeping it out of public hands. The debate is more about what it represents.
The same capabilities that make it brilliant at finding vulnerabilities defensively could, in theory, be used offensively. Anthropic have been upfront about this, which is actually to their credit. They're essentially saying: "We've built something so powerful that if the wrong people got hold of it, it could cause serious damage. So we're using it ourselves, with trusted partners, under controlled conditions, to get ahead of that threat."
The critics' argument is: fine, but you still built it. And once something this capable exists, you can't un-build it.
There's also the "race to the top" problem. AI development moves fast. Other labs are building their own versions. The concern isn't that Anthropic misuse Mythos. It's that by pushing the frontier this far, they signal to everyone else that this is the new bar. And not everyone building towards that bar has the same commitment to doing it carefully.
The positives, and they're significant
It would be easy to write a piece that's all hand-wringing and no substance. So let's be fair.
The defensive case for something like Mythos is genuinely compelling. The world's critical software — the stuff running hospitals, financial systems, energy infrastructure — is full of vulnerabilities that have sat there for years because finding them requires expertise that's in very short supply. Most open-source software, which underpins huge amounts of modern technology, is maintained by small teams with no dedicated security budget at all.
Mythos changes that equation. Anthropic are committing $100 million in usage credits so organisations can use it, and they've donated millions more to open-source security foundations so that smaller maintainers — the ones who actually keep a lot of the internet running — can access the same tools. (Usage credits, tokens, costs... don't worry, I'll be writing a whole separate piece on what on earth AI tokens actually are and why they matter. Stay tuned.)
If this works as intended, it's a bit like suddenly giving every hospital access to a diagnostic tool that can catch conditions that specialists spend careers learning to spot. The potential benefit to everyday life is enormous.
And that's where I land on the "excited" side of this. AI-assisted cancer detection. Machines that can diagnose rare conditions before symptoms appear. Software that secures the systems keeping patients alive. That's the version of this story I want to be true.
The part that sticks with me
Here's my honest take.
I work in digital delivery. My job is to ask questions like: what are we actually trying to achieve here? What's the benefit to the end user? Are we solving a real problem, or are we just building something because we can?
And when I look at the pace of AI development — the relentless push for the next model, the next capability, the next benchmark — I sometimes wonder whether we're applying that same rigour. Whether the question "should we?" is getting as much airtime as "can we?"
Mythos might be the right call. The cybersecurity argument is strong, and Anthropic have clearly thought about the risks more carefully than most. But it's worth sitting with the discomfort of knowing that we've now built AI capable of finding zero-day vulnerabilities in every major operating system, autonomously, without human steering, and the main safeguard is that the people who built it seem to have good intentions.
That's not a criticism of Anthropic specifically. It's a broader question about the trajectory we're on.
So, is it Ultron?
Not quite. Ultron decided humanity was the problem and acted accordingly. Mythos hasn't gone rogue, and there's no sign it's about to. The people building it are, by all accounts, trying to do the right thing.
But the Ultron parallel isn't entirely wrong either. The film's real lesson isn't "don't build AI." It's "when you build something this powerful, make sure everyone's asking the hard questions, not just the engineers who are excited about what it can do."
That's the question worth sitting with. Not whether Claude Mythos is impressive — it clearly is. But whether we're moving fast enough on the "why" to keep up with how quickly we're moving on the "what."
I don't have the answer. I'm not sure anyone does yet.
But I think the fact that we're asking it is probably a good sign.
What do you think? Is the defensive case for something like Mythos convincing enough, or does the existence of it make you uneasy regardless? I'd genuinely like to know. Find me on LinkedIn.