Why Claude Mythos Won't Break Cybersecurity

After Anthropic announced Claude Mythos^†, it set the whole tech world on fire. People freaked out because of its cyber ability, saying that now exploiting software will become easier because of this model and the Mythos-class models. They are saying that cyber security will be a money game between the attackers and defenders so the ones who pay more will win, especially when this model is going to be extremely expensive. For example the run to find the exploit of OpenBSD cost $20,000 to find the zero-day vulnerability.

The Economic Argument

So attackers would have to spend roughly $20,000 to find and exploit virtually any software so defenders would have to spend the same or more money to defend against these attacks—especially when these models become more available and more common and open-source.

But this will only be true if we assume that there is an infinite number of vulnerabilities and exploits in software, which is obviously not true. There is a finite number of bugs, exploits, and vulnerabilities in software, even if the surface area is large. At the end of the day, the surface area is finite. As open-weight models get better and cheaper, defending against cyber attacks will be easier because defenders will be writing better and more robust software. When the tools to discover bugs, exploits, and vulnerabilities improve, finding new ones will become harder.

The Open-Weight Factor

Open-weight models used to be six months to a year behind the frontier models, but if we look at the current state of the AI market, we can see that open models like GLM and Kimi are at the same level as frontier models like GPT and Claude. Even if Claude Mythos^† was released today, open-weight models would be at the same level as Mythos in a few months and would be cheaper to run to get equivalent results. According to Artificial Analysis, running GLM 5.1 benchmarks costs nine times less than Claude Opus 4.6.

If the cost is one-ninth, you would assume that the cost of finding an exploit in the newer Mythos-class models would be around this range. Finding the exploit would cost around $2,222. It would be significantly cheaper to find exploits, and the more exploits the defenders find and fix, the fewer exploits the attacker can find. As vulnerabilities are patched, the attack surface area will shrink.

The Bottom Line

Attackers would have to spend significantly more money and tokens* to find the exploits that defenders miss. At the end of the day, the world would be safer, not more dangerous, with the release of Claude Mythos^† and eventually open-weight models in its class. This will clearly favor defenders.