Cybersecurity experts are pushing back on the panic Anthropic's Mythos triggered last month. CNBC published an extended report on May 8 titled "Anthropic's Mythos set off a cybersecurity 'hysteria.' Experts say the threat was already here." The framing is unusually direct.
Ben Harris, CEO of cybersecurity firm watchTowr, told CNBC his recent conversations with banks, insurers, and regulators amount to "hysteria." Harris said his teams have already reproduced parts of Mythos's findings using clever orchestration of publicly available models. Klaudia Kloc, CEO of Vidoc Security Lab, told CNBC the underlying capability — finding zero-days at scale with frontier models — has existed for "a couple of months, if not a year."
That reframing matters because it changes what Mythos actually represents. The story has been: a privately controlled model with offensive cyber capabilities nobody else has. The expert read is: a privately controlled model with offensive cyber capabilities that other public models have, just not as automated. The differentiator is the workflow, not the raw capability.
The practical implication: the gating story (the White House blocked Anthropic from expanding Mythos to ~70 more entities, per our May 3 episode) is policy theater if the offensive capability is already in the wild via public models. The defenders need orchestration, not access to a single restricted model.
What to watch: whether watchTowr, Vidoc, or another independent firm publishes a public reproducibility benchmark — a numerical comparison of Mythos vs. an orchestrated public-model pipeline against the same target set. The first published benchmark resets the policy conversation overnight.
