Anthropic "Mythos" Launches in the Cybersecurity Sector, Bernstein: Don't Panic, You've Misinterpreted It

Anthropic’s new model “Mythos” was reported to have made a major leap in “cybersecurity” capabilities, triggering a broad collective sell-off across the cybersecurity sector. Bernstein’s research team quickly followed with a clarification: investors had misread the news. It neither indicates that Anthropic is moving into the cybersecurity software market, nor does it undermine the structural tailwind that AI brings to the industry.

As reported by Fortune magazine last Friday, the “Mythos” model that Anthropic is set to roll out promises “substantially higher scores” in software coding, academic reasoning, and cybersecurity testing. The wording immediately triggered market selling, with most of the cybersecurity names covered by Bernstein, such as Cloudflare, falling by 5% to 7%.

That same day, Bernstein analysts responded promptly, stating that “Mythos”’ cybersecurity-related content is essentially routine reinforcement of code security capabilities, along with steps by Anthropic to proactively prevent its products from being maliciously exploited. Both items do not constitute competition with the cybersecurity software industry, nor do they weaken the demand-driven logic that AI creates for that sector.

In the report, Bernstein explicitly said it would keep its coverage ratings, target prices, and financial forecasts for all the cybersecurity companies it covers unchanged.

Where does market panic come from

In Fortune’s report, the phrasing about a leap in “cybersecurity” capabilities became the direct trigger for this sell-off.

Investors interpreted it as two potential threats: first, that Anthropic is directly entering the cybersecurity software market and competing with existing vendors; second, that improvements in AI model capabilities could reduce the intensity of cyber threats, thereby weakening demand for traditional security tools.

Bernstein analysts described that investors were “as punctual as a clock”—once there was wording suggesting a step-change increase in cybersecurity capabilities, related software stocks were sold off at scale.

What Mythos is really doing: code security and abuse prevention

Bernstein broke down the cybersecurity-related content of “Mythos” into two layers.

The first is an improvement in code security capabilities. The analysts believe this falls under the product’s basic hygiene standard, and also represents the baseline expectation the market has for Anthropic’s product—so it does not limit the value of most other cybersecurity tools.

They had previously noted that the share of software vulnerabilities in security intrusion events is relatively limited, and the scope of vendors directly impacted by Claude’s code security capabilities is also similarly limited.

Second is preventing product misuse. This is also the more central logic behind this release. The cybersecurity industry already has extensive documentation that after Claude is cracked, threat actors can use it to identify software vulnerabilities and quickly build tailored malware—often faster than software vendors or users can complete patch remediation.

In addition, attackers may also use cracked methods to hijack enterprises’ internally built Agents based on Anthropic, enabling lateral movement, account takeover, and data exfiltration.

Bernstein said addressing the above risks is not a new topic for Anthropic. The company has been continuously discussing and taking proactive protective measures, and this release is a deepening of the existing direction, not a strategic pivot.

AI tailwinds for cybersecurity remain intact

The analyst rebutted the view that “AI tailwinds are damaged” from two dimensions.

First, Anthropic is only one provider in the large language model market. There are many long-tail LLM vendors in the market, and not all of them will push for abuse-prevention mechanisms as actively as Anthropic.

More importantly, open-source LLMs are already widely distributed without regulation. Even if their capabilities are not as strong as Claude’s, they can still be used effectively by threat actors to build malware or phishing attacks.

Bernstein reminded that even without these tools being available, attackers continue to succeed—meaning tool quality does not need to be very high, and is sufficient to provide attackers with additional leverage for attacks.

Second, the upward room for AI in the cybersecurity sector comes to a large extent from the emergence of new security solutions, rather than only demand strengthening that relies on existing tools.

The analyst pointed out that at this week’s RSA conference, nearly all booths focused on emerging directions such as Agentic SOC (intelligent security operations center), Agent identity security, and Agent data security.

These market opportunities will not be affected by Anthropic strengthening product security. In addition, most enterprises will remain technologically neutral toward large language models, so demand for multi-Agent protection solutions will continue to exist.

Risk disclosure and disclaimer

        The market involves risk; investment is subject to caution. This article does not constitute personal investment advice, and it does not consider any individual user’s specific investment objectives, financial condition, or needs. Users should consider whether any opinions, viewpoints, or conclusions in this article are consistent with their specific circumstances. Investing based on this is at your own risk.