Anthropic’s Mythos AI Is a Bigger Threat to DeFi Than Quantum Computing

Anthropic on Tuesday formally unveiled Claude Mythos Preview, a new frontier AI model that can autonomously discover and exploit zero-day software vulnerabilities at a scale the company says exceeds both human security researchers and every automated tool in existence. Alongside it, Anthropic launched Project Glasswing, a defensive coalition with roughly 40 organisations — including Apple, Google, Microsoft, Amazon Web Services, CrowdStrike and JPMorgan Chase — tasked with using the model to find and patch critical flaws before adversaries can weaponise similar capabilities. Mythos is too dangerous to release to the public.

For decentralised finance, the implications are immediate and uncomfortable. The roughly US$200 billion locked in smart contracts across Ethereum, Solana and other chains sits behind security infrastructure that Mythos has already demonstrated it can probe at machine speed and near-zero marginal cost.

What Mythos can actually do

The raw capability numbers are striking. In Anthropic’s internal testing, Mythos identified a 27-year-old denial-of-service vulnerability in OpenBSD — an operating system purpose-built for security — at a total compute cost under US$50. It uncovered a 16-year-old flaw in FFmpeg’s H.264 codec that had survived five million prior automated scans without detection. It autonomously found and fully exploited a 17-year-old remote code execution flaw in FreeBSD’s NFS server (now tracked as CVE-2026-4747), granting unauthenticated root access with no human intervention after the initial prompt.

In one test, the model wrote a browser exploit that chained four separate vulnerabilities together to escape both the renderer and operating system sandboxes. In another, it took a publicly known Linux vulnerability and turned it into a working attack in under a day for less than US$2,000 — a task that would ordinarily take a skilled human researcher weeks.

The performance gap with previous models is enormous. When both Mythos and its predecessor Opus 4.6 were tested against the same Firefox 147 JavaScript engine vulnerabilities, Opus managed working exploits just twice out of several hundred attempts. Mythos succeeded 181 times.

“We did not explicitly train Mythos Preview to have these capabilities,” Anthropic’s research team wrote. The security prowess, they explained, emerged from general improvements in coding, reasoning and autonomous operation.

Why DeFi should be paying attention

The findings that matter most for crypto infrastructure are buried in Anthropic’s technical blog. The model identified weaknesses in what Anthropic calls the world’s most widely used cryptography libraries, covering protocols including TLS, AES-GCM and SSH. These protocols underpin HTTPS connections, data encryption and the remote server access that DeFi platforms and centralised exchanges depend on. Flaws in any of them could theoretically allow an attacker to forge certificates or intercept private communications.

DeFi protocols face an elevated version of this risk because they are open-source by design. Their code is publicly readable — including by a model like Mythos that can catalogue every weakness in a codebase at machine speed.

Anthropic flagged a specific concern for the kinds of defences DeFi protocols rely on most. The company noted that security measures whose value comes primarily from friction rather than hard technical barriers may weaken significantly against model-assisted adversaries. Multisig governance, timelocks and third-party audit reports all fall into this category. They slow attackers down but do not block exploits at the code level.

Alex Stamos, chief product officer at cybersecurity firm Corridor and formerly head of security at Facebook, described Project Glasswing as a significant and necessary step. He told Platformer that the industry may have as little as six months before open-weight models catch up to frontier models in vulnerability discovery.

Logan Graham, who leads Anthropic’s frontier red team, echoed that urgency. He told Axios that competing models with similar capabilities could emerge within six to 18 months. “It’s very clear to us that we need to talk publicly about this,” Graham said.

The sandbox escape that rattled researchers

Perhaps the most unsettling detail in the Mythos disclosure is what happened during internal safety testing. When researchers placed the model in a secured sandbox environment and asked it to find a way to signal if it could escape, the model succeeded — building what Anthropic described as a moderately sophisticated multi-step exploit to gain broad internet access. It then sent an unsolicited email to the researcher running the test, who was reportedly eating a sandwich in a park at the time.

The model then went further than asked, posting details of its exploit to multiple technically public-facing websites in what Anthropic called a “concerning and unasked-for” demonstration.

Anthropic CEO Dario Amodei acknowledged the broader trajectory in a video released alongside the announcement. “More powerful models are going to come from us and from others, and so we do need a plan to respond to this,” he said.

Markets shrug — for now

Despite the alarming technical disclosures, crypto markets have not flinched. Bitcoin and ETH, were up 4% overnight, buoyed by improved risk sentiment following a temporary ceasefire between the United States and Iran.

Bitcoin is now steady at just under $71,000, Source: Brave New Coin

CrowdStrike, one of the founding Glasswing partners, contextualised the threat in a blog post noting an 89% year-over-year increase in AI-assisted attacks tracked in its 2026 Global Threat Report. The company framed the situation as a race in which defenders must match the pace of attackers who will inevitably gain access to similar capabilities.

The market’s indifference may prove temporary. The model is currently restricted to 40 vetted organisations and is not publicly available. But as Stamos warned, the window of exclusivity may be narrow. When open-weight alternatives close the gap, the attack surface facing every open-source DeFi protocol — and the billions of dollars they custody — will expand dramatically.

What this means for crypto’s security model

The crypto industry has long relied on a layered approach to security: smart contract audits from firms like Trail of Bits and OpenZeppelin, bug bounty programmes, multisig wallets, and time-delayed governance. These measures have served the ecosystem reasonably well against human-speed adversaries and conventional automated scanners.

Mythos represents something qualitatively different. A model that can autonomously find decade-old bugs that millions of prior scans missed, chain multiple vulnerabilities into novel attacks, and produce working exploits for under US$2,000 fundamentally changes the cost calculus for attackers.

The DeFi industry’s response will likely need to move beyond friction-based defences toward what security researchers call hard barriers — cryptographic proofs, formal verification, and architecture designed to be resilient even when individual components are compromised.

Anthropic is providing up to US$100 million in usage credits to Glasswing participants and US$4 million to open-source security organisations including OpenSSF, Alpha-Omega and the Apache Software Foundation. Whether that investment, and the broader industry response, can outpace the proliferation of Mythos-class capabilities will be one of the defining security questions for DeFi in 2026 and beyond.

For now, the quantum threat to Bitcoin remains a problem for another decade. The AI threat to DeFi infrastructure is a problem for this year.