Claude Mythos: Why OT Systems Are on the Front Line

Key takeaways

• Claude Mythos has discovered thousands of zero-day vulnerabilities across all major operating systems and browsers, including one 27 years old in OpenBSD.
• Over 99% of these vulnerabilities remain unpatched to date.
• The model is, for now, restricted to a consortium of ~40 organizations via Project Glasswing.
• The real threat is not necessarily a total rupture: it is the acceleration and democratization of already existing attack capabilities, with a barrier to entry that is collapsing.
• Mythos and future equivalent models will increase pressure to patch more and faster, while most organizations are already struggling to keep up with the current pace.
• OT/ICS environments, with their legacy operating systems and often limited, or impossible, patch management, are the most exposed.
• Against zero-day exploits generated on the fly, traditional approaches risk falling even further behind: network isolation and comprehensive asset visibility are emerging as a more suitable alternative response.

What Is Claude Mythos, and Why Is It Shaking the Cyber Community So Hard?

Claude Mythos is an artificial intelligence model developed by Anthropic that has reached, for the first time in a documented manner, a level of proficiency in software vulnerability discovery and exploitation comparable to the best human experts in the field.

Beyond the marketing claim, studies, such as those from the UK AI Security Institute (AISI), are beginning to confirm the point. In controlled evaluations, Mythos Preview was able to execute multi-step attacks on vulnerable networks and then autonomously discover and exploit vulnerabilities: tasks that would normally take human professionals several days of work.

What distinguishes Mythos from all previous tools is the combination of three capabilities:

1. Autonomous zero-day discovery. Mythos Preview has found thousands of high- and critical-severity vulnerabilities, notably across all major operating systems and web browsers. A few notable examples: a 27-year-old flaw in OpenBSD, and a vulnerability in video software that had survived five million requests from other automated testing tools without ever being detected.
2. Exploit chaining. Mythos Preview can not only identify a zero-day weakness, but weaponize it and combine it with other vulnerabilities.
3. Accessibility. A basic prompt, with no context, can be used to initiate vulnerability research. Engineers with no formal security training have been able to generate complete, functional exploits.

This last point may be the most destabilizing. The discovery and exploitation of zero-day vulnerabilities will no longer be reserved for highly skilled experts or well-funded state actors.

Project Glasswing: A Race Against the Clock Before the Inevitable

Anthropic acknowledged that it would be irresponsible to make Mythos public immediately given its offensive potential. In response, the company assembled Project Glasswing, a technology consortium including AWS, Apple, Microsoft, Google, CrowdStrike, and Palo Alto Networks, with access granted to approximately 40 additional organizations. The objective: use Mythos to find and fix vulnerabilities in foundational software before attackers develop their own offensive capabilities.

Whether spontaneous or calculated, this initiative deserves recognition. But it remains fragile.

Over 99% of the discovered vulnerabilities have not yet been patched. Anthropic is coordinating responsible disclosure with open-source software maintainers and proprietary vendors. This process can take weeks, sometimes months. Yet according to Anthropic’s own estimates, similar capabilities will be available at other labs or AI providers within six to eighteen months.

The window of opportunity for defenders is therefore narrow. And it will close very quickly.

A Degree of Perspective, All the Same

A part of the cyber community reacted to Mythos as though the apocalypse were scheduled for tomorrow morning. That is understandable, and likely partially grounded. But a few more measured voices deserve to be heard.

On Mythos’s actual capabilities. The AISLE research group ran the vulnerabilities highlighted by Anthropic in its announcement through smaller, open-source models. Conclusion: these models recovered a good portion of the analysis. Their verdict was not that Mythos is overestimated in absolute terms, but that the examples chosen for the public announcement may not reflect the actual gap with what already existed. Mythos’s advantage would stem primarily from the combination of deep security expertise embedded in the model, not from model size alone.

On the marketing dimension. Project Glasswing was announced as Anthropic reached a significant revenue milestone, closed a major deal with Broadcom, and was cited as an IPO candidate by October 2026. According to Joe Saunders, CEO of RunSafe Security, there is a dimension of “marketing charm” to all of this: creating limited distribution is a very effective way to generate attention. This is not incompatible with the reality of the capabilities. Both can coexist.

On the real problem… which is not discovery. This is perhaps the most interesting point, raised notably by David Lindner, CISO at Contrast Security with 25 years of experience in the field: “We have never had a problem finding vulnerabilities. We find them every day. We actually have a backlog of vulnerabilities we simply don’t fix.” The real problem rests primarily on a deficit in the capacity to act on what organizations were already unable to absorb. A model that finds vulnerabilities ten times faster will put even more pressure on already overwhelmed teams.

And yet. None of this means that nothing is happening. The barrier to entry for exploiting a complex vulnerability is lowering. Comparable capabilities will proliferate from other labs or safeguard-free open-weight models. The average time between disclosure and production exploitation, already measured in hours for certain critical CVEs, will continue to compress. What changes with Mythos is less the advent of a new threat than the acceleration and democratization of what already existed: sophisticated attack capabilities previously reserved for state actors or the most well-resourced APT groups.

That is serious enough to act. But the right response is not panic, it is reinforcing the fundamentals.

What This Concretely Means: An Unprecedented Wave of Patches

In the coming weeks and months, CVEs are likely to flood in. Vulnerabilities in the Linux kernel, in OpenBSD, in Windows, in browsers, in open-source components present in millions of systems. When a critical zero-day is discovered in a piece of software, CVEs are published, attack or scanner signatures are updated, and suddenly every organization running that software has a new hot issue to address.

Patch management processes will need to be adapted to build pipelines enabling organizations to patch their systems at machine speed and scale.

For IT teams with mature patch management processes, this represents additional pressure, significant, but manageable. For operational environments, it is an entirely different story.

The Structural Problem of OT: You Don’t Patch a PLC the Way You Patch a Server

Mythos will likely trigger a tsunami of zero-day and other vulnerabilities in IT systems, and the same will be true for OT systems. Yet in OT, managing patches associated with these vulnerabilities is a thorny issue.

On the ground, the reality is often brutally stark:

• Industrial programmable logic controllers (PLCs) running Windows XP or Windows 7, no longer supported by Microsoft.
• Supervisory control systems (SCADA, DCS) whose updates require vendor validation, a maintenance window scheduled months in advance, and a production shutdown.
• Embedded equipment or proprietary software with no update mechanism designed into them.
• Infrastructures where any software modification is subject to qualification processes that last several weeks.

Critical infrastructures (power plants, water networks, transportation systems) have often not been updated for years due to interoperability constraints and the risk of cascading failures. Many organizations responsible for critical infrastructure operate end-of-life equipment or software, some of which are several decades old. Fully replacing these assets is often a large-scale project that cannot be completed in a matter of weeks, nor without massive investment.

Patch management is not a sufficient response for these environments. A different approach is needed.

The Signature-Based Approach, Already Weakened, Continues to Lose Effectiveness

Mythos significantly reduces the time between vulnerability discovery and exploitation. What was previously a matter of days now takes minutes with AI.

Signature-based detection tools (antivirus, IDS/IPS, traditional EDR) rely on prior knowledge of the threat. They detect what they know. Against a zero-day exploit freshly generated by an AI, their effectiveness collapses. Mythos Preview has also demonstrated its ability to bypass established defense-in-depth measures, such as sandboxing and system-level memory protection mechanisms.

What OT Managers Need to Do Now

1. Maintain a comprehensive, up-to-date asset inventory—no compromise, no blind spots.

The threat is even more acute in environments where visibility is limited. OT systems often lack robust asset tracking, leaving blind spots that attackers can exploit.

It is difficult to protect what you do not know. What seems obvious is not reflected in practice. How many industrial organizations genuinely have a complete, up-to-date inventory including legacy equipment, undocumented network flows, and “ghost” assets? Across all cybersecurity methodologies, the inventory is the foundation of any security approach.

✅ Map all OT assets connected to the network or using USB ports, including forgotten equipment.

✅ Precisely identify the firmware and operating system versions of each asset, along with associated vulnerabilities.

✅ Keep this inventory alive: not an annual audit, but a continuous practice.

2. Limit the visibility of sensitive assets: it is always harder to attack what you cannot see.

An attacker, human or AI, typically begins an attack with a reconnaissance phase. They seek to map what is accessible, what responds, what can be reached. An asset that is not visible on the network is an asset that cannot be directly targeted.

Reducing the exposed attack surface is a commonsense measure, but it takes on particular critical significance in a context where models like Mythos can scan, identify, and exploit vulnerabilities at an unprecedented speed.

✅ Verify that no critical OT asset is accessible from the Internet… yes, from the Internet. The recent attack on PLCs in American critical infrastructure, linked to the conflict in the Middle East, once again demonstrated that the Internet exposure of these critical assets is a reality.

✅ Apply the principle of least network privilege: equipment that does not need to communicate outside its segment must not be able to.

3. Segregate operational or critical networks from the IT network.

Logical segmentation (VLANs, firewalls) is necessary but remains permeable against sufficiently determined attackers or those equipped with high-performance AI models. Traditional segmentation equipment filters traffic based on predefined rules. But it can also allow through packets that comply with those rules while being deliberately crafted to exploit vulnerabilities in the lower layers of the OSI model. In critical environments, such segmentation cannot constitute the sole line of defense.

Network isolation, via protocol-breaking gateways, ensures that even a compromise of the IT network cannot propagate laterally into operational or critical systems. Original network packets are destroyed and fully, cleanly reconstructed.

✅ Identify the minimal vital perimeter, MVDI (Minimum Viable Digital Industry). The MVDI is the perimeter containing only the vital assets enabling business continuity.

✅ Strictly control incoming and outgoing flows from this MVDI perimeter, with a protocol-breaking gateway to prevent any network-layer attack.

4. Adopt technologies that are immune to zero-days by design.

Equipment that performs network filtering and segmentation operates through a software-based approach, which is itself vulnerable and exposed in the face of a model like Mythos. Currently, a firewall requires up to 10 patches per month. What will that figure become with the arrival of new AI models like Mythos?

Beyond segmentation and filtering, the goal is to choose technologies that are not themselves at risk of being compromised. This is the very foundation of Seclab’s Electronic AirGap technology. This unique, patented technology delivers maximum impermeability through the electronic isolation of communication ports. No software, potentially vulnerable, handles segmentation; everything occurs at the hardware level.

✅ Prioritize hardware-based isolation mechanisms for the most critical assets.

✅ Do not rely solely on solutions that require software updates to remain secure.

How the Seclab Xcore Platform Addresses These Challenges

What Claude Mythos makes urgent, Seclab has structured into a progressive, coherent approach with the Seclab Xcore platform.

The platform is built around three functions: Discover, Isolate, Detect—designed to interlock progressively, without operational disruption, and adapted to the realities of industrial environments.

Discover for visibility first. Automated, multi-view mapping of OT assets, their vulnerabilities, and their flows, including legacy equipment and forgotten assets. This constitutes the starting point. Without a reliable inventory, any protection strategy remains blind. Seclab Xplore relies on a non-intrusive approach to ensure discovery of the entire OT perimeter.

Isolate for structural immunity. This is where Seclab’s patented Electronic AirGap technology takes on its full significance in the context of Mythos.

 

 

The Electronic AirGap: why it is fundamentally different from a firewall

 

A firewall filters flows, but its network stack remains present, and therefore attackable. Moreover, like any software-based computing system, it can itself present vulnerabilities that Claude Mythos will be happy to discover. If a firewall is compromised through one of its interfaces, it is game over.

Seclab’s Electronic AirGap operates from a radically different logic: ensuring segmentation through a unique hardware-based approach:

– Complete protocol breaking: Rather than simply filtering packets, the Electronic AirGap completely strips away and reconstructs network protocols (OSI layers 1–4).

– Application data integrity: While network layers are destroyed and rebuilt, application data (layers 5–7) remains intact and is transmitted bidirectionally.

– Hardware-enforced security: This process occurs at the hardware level through specialized electronic circuits rather than vulnerable software components.

 

The process is carried out through 3 distinct electronic cards. Each card is administered in a completely autonomous and independent manner to guarantee system impermeability.

This approach effectively creates an “electronic air gap” between networks while still enabling controlled data exchange. It delivers security comparable to physical isolation with the operational benefits of interconnection.

– Transport-layer attacks (exploitation of TCP/IP vulnerabilities, IP spoofing, malicious fragmentation) physically cannot cross the boundary.

– Network discovery becomes impossible from the source network: assets on the protected side do not respond, are not addressable, and do not exist from the attacker’s perspective.

– Operating system IP stacks, network drivers, and interface firmware remain protected. They never receive network traffic of external origin.

– Applications continue to operate normally, without modification, without specific application proxies.

 

Translation in the Mythos context: an AI model capable of discovering and exploiting zero-days in the Linux kernel or in a TCP/IP stack cannot cross the electronic boundary, because there is nothing to exploit. The network attack surface is neutralized by design. The Electronic AirGap technology has been protecting critical OT environments for over 10 years without requiring updates to maintain its security level.

 

The Seclab Xchange appliance implements this technology to support controlled unidirectional or bidirectional communications (with flow-by-flow direction control).

This network device is complemented by Seclab Xport for the USB vector, which remains one of the primary compromise pathways for isolated environments. Seclab Xport applies the same end-to-end isolation logic: only files that comply with the defined security policy, or that have passed through a sanitization solution such as Tyrex, may be used on critical systems.

Detect for continuous monitoring. The Seclab Xplore solution provides infrastructure monitoring by identifying new assets, new flows, and abnormal behaviors, and relies on several AI-augmented, contextualized analysis engines to detect attacks.

What now?

Claude Mythos is a new signal, encouraging us to strengthen our defenses and practices. The speed of patch management represents an even more pressing challenge.

For OT environments, this race to patch speed is a losing battle from the outset. An alternative approach is necessary: visibility, network isolation, reduction of the exposed surface, and technologies that are immune to zero-days by design. A new, immutable defense-in-depth adapted to the constraints of OT.

Sources

• Anthropic, Project Glasswing – https://www.anthropic.com/glasswing (7 avril 2026)

• Anthropic, Claude Mythos Preview Cyber Capabilities – https://red.anthropic.com/2026/mythos-preview/

• UK AI Security Institute (AISI), Our evaluation of Claude Mythos Preview’s cyber capabilities – https://www.aisi.gov.uk/blog/our-evaluation-of-claude-mythos-previews-cyber-capabilities

• Alan Turing Institute / CETaS, Claude Mythos: What Does Anthropic’s New Model Mean for the Future of Cybersecurity? – https://cetas.turing.ac.uk/publications/claude-mythos-future-cybersecurity

• SecurityWeek, Anthropic Unveils ‘Claude Mythos’ – https://www.securityweek.com/anthropic-unveils-claude-mythos-a-cybersecurity-breakthrough-that-could-also-supercharge-attacks/

• Security Magazine, What Are Security Experts Saying About Claude Mythos and Project Glasswing? – https://www.securitymagazine.com/articles/102226-what-are-security-experts-saying-about-claude-mythos-and-project-glasswing

• ArmorCode, Anthropic’s Claude Mythos and What it Means for Security – https://www.armorcode.com/blog/anthropics-claude-mythos-and-what-it-means-for-security

• Help Net Security, The exploit gap is closing – https://www.helpnetsecurity.com/2026/04/15/anthropic-claude-mythos-ai-vulnerability-discovery/

• ISACA, Claude Mythos is Redefining the Cyberthreat Landscape – https://www.isaca.org/resources/news-and-trends/industry-news/2026/claude-mythos-is-redefining-the-cyberthreat-landscape

• Foreign Policy, Anthropic’s Claude Mythos Preview Changes Cyber Calculus –https://foreignpolicy.com/2026/04/20/claude-mythos-preview-anthropic-project-glasswing-cybersecurity-ai-hacking-danger/

• Fortune, Cybersecurity veteran on Anthropic’s Mythos – https://fortune.com/2026/04/13/cybersecurity-anthropic-claude-mythos-dario-amodei-tech-ceo/

• Medium / Ricardo Garcês, Claude Mythos Might Break Cybersecurity. But Not in the Way You Think – https://medium.com/@ricardomsgarces/claude-mythos-might-break-cybersecurity-but-not-in-the-way-you-think-d5c64ecbbd3b

• Seclab, Seclab Xcore Platform – https://www.seclab-security.com/defense-en-profondeur-ot/

• Seclab, Isolation électronique : comprenez comment fonctionne la technologie qui sécurise les environnements les plus critiques – https://www.seclab-security.com/2026/02/23/isolation-electronique-securite-reseau/

• Seclab, Livre Blanc – Résilience et Maîtrise grâce à l’Isolation Réseau (2025)