'Moment of Danger': Anthropic CEO Warns of Cyber Risk Window as AI Uncovers Software Flaws

In brief

• Anthropic says its AI has uncovered tens of thousands of software vulnerabilities.
• CEO Dario Amodei warned there is a 6 to 12-month window to fix them.
• Critics say the risks may be overstated even as security concerns grow.

A discussion between Anthropic CEO Dario Amodei and JPMorgan Chase CEO Jamie Dimon on Tuesday focused on the growing cybersecurity threat posed by artificial intelligence as it identifies vulnerabilities faster than organizations can fix them. In the nearly two-hour event tied to Anthropic’s push into financial services, where it unveiled AI agents for tasks like pitchbooks, earnings review, and compliance work, Amodei said there may be a six to 12-month window to address tens of thousands of flaws uncovered by the company’s Mythos model before similar capabilities become more widely available. “The danger is just some enormous increase in the amount of vulnerabilities, in the amount of breaches, in the financial damage that’s done from ransomware on schools, hospitals, not to mention banks,” Amodei said.

Amodei’s latest statements follow earlier testing with Mozilla, when an early version of Mythos identified 271 vulnerabilities in the Firefox browser in a single pass, showing how AI can scan large codebases far faster than human researchers.  Anthropic said the model can uncover thousands of previously unknown weaknesses across widely used software. Many remain undisclosed because they have not yet been patched, leaving unresolved flaws. “If we announce something without it being fixed, then the bad guys will exploit it,” Amodei said.

In controlled testing, Mythos completed multi-step network attack simulations without human intervention, demonstrating the ability to move from identifying weaknesses to exploiting them. Anthropic has restricted the model to a small group of partners under Project Glasswing, aiming to fix vulnerabilities before similar tools become widely available. Researchers have shown that elements of Mythos’s capability can be reproduced using existing models and open-source techniques, suggesting similar tools could spread faster than expected. The warnings have drawn skepticism from within the industry. In April, OpenAI CEO Sam Altman said concerns about Mythos may be overstated and suggested Anthropic is using “fear-based marketing” to frame the risks and justify limiting access to the technology. “You can justify that in a lot of different ways, and some of it’s real, like there are going to be legitimate safety concerns," Altman said. “But if what you want is like ‘we need control of AI, just us, because we’re the trustworthy people,’ I think fear-based marketing is probably the most effective way to justify that." Even with that pushback, despite a public feud with Anthropic, the U.S. government is reportedly using Claude Mythos to scan classified networks for vulnerabilities and test its cybersecurity capabilities, according to Axios. While he did not address the ongoing legal battle, Amodei said Anthropic is “good for this country.” “I think Anthropic’s view is the same as it always has been. In terms of politicization, this is the point I made about being streamlined, systematic, and fair to everyone,” Amodei said. “The purpose of laws and not doing things in an ad hoc way is that all companies are, at least in principle—I know it’s more complicated in practice—treated in the same way, and we should aspire to that even if it’s never going to happen perfectly that way.” Amodei framed the moment as a narrow window for action, warning that how quickly organizations respond could determine whether the risks escalate or are brought under control.

“This is about a moment of danger where if we respond to it correctly, and I think we started to take the first steps, then we can have a better world on the other side,” Amodei said. “There are only so many bugs to find.”