Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Introduction
Anthropic’s Claude Mythos model embodies the dual‑use dilemma of artificial intelligence. The same capabilities that allow it to find a 27‑year‑old OpenBSD bug can also be used to defend networks – if organisations can patch fast enough. This AI cyber defence vs offence comparison explores the two sides of the coin: how Mythos can automate red‑team exercises and vulnerability discovery (defence) versus how it could be weaponised by malicious actors (offence). We also examine the “fix gap” – the critical lag between finding vulnerabilities and patching them – and what the UK AISI report means for the future.
For a complete overview of the model, read our main guide: Goldman Sachs ‘Hyper‑Aware’ of Anthropic Mythos AI .
The Dual‑Use Nature of Mythos AI
Every powerful AI tool has two potential applications. Mythos is no exception. Its cyber capabilities include:
| Capability | Defensive Use | Offensive Use |
|---|---|---|
| Vulnerability discovery | Find and patch zero‑days | Find zero‑days to exploit |
| Exploit chaining | Simulate real attacks (red team) | Execute real attacks (black hat) |
| Autonomous targeting | Identify weak points in own infrastructure | Attack third‑party systems |
| Speed (minutes vs hours) | Faster response | Faster attack |
Thus, AI cyber defence vs offence is not a binary choice; the same model can serve both masters.
The Offensive Threat – What Could Malicious Actors Do?
While Mythos is restricted to Project Glasswing partners, the techniques it uses will inevitably be replicated. Offensive scenarios include:
- Automated phishing – Generate convincing, personalised emails at scale.
- Zero‑day discovery – Find previously unknown vulnerabilities in widely used software.
- Lateral movement – Once inside a network, autonomously spread and escalate privileges.
- Supply chain attacks – Identify weaknesses in third‑party libraries or open‑source components.
According to the UK AISI evaluation, Mythos succeeded in 73% of expert‑level CTF challenges and completed a 32‑step network attack in minutes. A malicious actor with similar capabilities could compromise a small‑to‑medium enterprise within hours.
For more on the AISI findings, see our UK AISI Mythos Test deep dive.
The Defensive Promise – Using AI to Protect
On the other side of the AI cyber defence vs offence coin, Mythos offers unprecedented defensive potential:
- Continuous auditing – Scan entire codebases for vulnerabilities, not just known patterns.
- Automated red teaming – Simulate realistic attacks to test defences without human effort.
- Patch prioritisation – Identify which vulnerabilities are most likely to be exploited.
- Incident response – Rapidly analyse and contain breaches.
Project Glasswing is the first large‑scale attempt to harness these defensive capabilities. Participating organisations use Mythos to probe their own systems, often finding thousands of issues per week.
For more on the initiative, see our Project Glasswing Deep Dive .
The Fix Gap – Finding Is Not Fixing
The biggest challenge in AI cyber defence vs offence is not discovery – it is remediation. David Lindner, CISO at Contrast Security, told Fortune: “We’ve never had a problem finding vulnerabilities. We find them every day. We actually have a pile of them that we just don’t fix”.
According to the 2026 Verizon Data Breach Investigations Report, over 60% of known vulnerabilities remain unpatched for more than a year after disclosure. Mythos can find thousands of bugs, but without the resources to patch them, the defensive value is limited.
Anthropic acknowledges this gap. Project Glasswing prioritises critical vulnerabilities (CVSS score 9.0+) and provides $4 million in donations to open‑source projects. However, the fix gap remains a fundamental asymmetry: attackers only need one unpatched vulnerability; defenders must patch them all.
Comparison Table – Defence vs Offence at a Glance
| Aspect | Defence | Offence |
|---|---|---|
| Goal | Protect systems, prevent breaches | Exploit systems, cause damage |
| AI use case | Vulnerability scanning, red team, patch prioritisation | Zero‑day discovery, automated phishing, lateral movement |
| Success metric | Number of vulnerabilities fixed | Number of systems compromised |
| Time horizon | Continuous | Opportunistic |
| Resource advantage | Can be automated at scale | Only needs one weak point |
| Fix gap impact | High (must patch everything) | Low (only needs one unpatched flaw) |
| Current restriction | Mythos available to Glasswing partners | Not publicly available (yet) |
Social Engineering – The Weakest Link
Many security experts argue that technical exploits are not the biggest threat. Social engineering – tricking employees into revealing credentials or clicking malicious links – remains the most common attack vector. In the 2026 Verizon DBIR, 74% of breaches involved the human element.
AI models like Mythos could generate highly convincing phishing emails, voice deepfakes, or even video calls impersonating executives. Defending against this requires training, multi‑factor authentication, and zero‑trust architectures – not just patching.
For a broader perspective on banking responses, see our Goldman Sachs CEO Warning analysis.
Real‑World Applications of the Defence‑Offence Balance
- For enterprises: Invest in both AI‑powered defence and rapid patching processes. Do not rely solely on vulnerability discovery.
- For regulators: The fix gap suggests that mandatory patch deadlines or liability for unpatched critical vulnerabilities may be needed.
- For open‑source projects: Donations and AI‑assisted audits (like Project Glasswing) can help, but maintainers need sustained funding.
- For individuals: Basic cyber hygiene (updates, MFA, password managers) remains the most effective defence against both human and AI attackers.
FAQ Section
Q1: What is the dual‑use dilemma of AI?
A: The same AI capabilities that can defend networks (finding vulnerabilities, simulating attacks) can also be used to attack them. Mythos is a prime example.
Q2: Can Mythos be used for offensive hacking?
A: Yes, but Anthropic has restricted access to defensive partners under Project Glasswing. However, similar models will inevitably become available to malicious actors.
Q3: What is the “fix gap”?
A: The gap between finding a vulnerability and patching it. Over 60% of known vulnerabilities remain unpatched for more than a year.
Q4: Which is more dangerous – AI hacking or social engineering?
A: Currently, social engineering remains the top attack vector (74% of breaches). AI can make phishing and deepfakes more convincing, but human training and MFA are still the best defences.
Conclusion
The AI cyber defence vs offence comparison reveals an uncomfortable asymmetry. AI models like Mythos can find vulnerabilities at machine speed, but defenders are still slowed by the fix gap, legacy systems, and human factors. While Project Glasswing is a promising step, the fundamental problem remains: attackers only need one unpatched vulnerability; defenders must patch them all. As frontier AI capabilities become more widespread, the balance may tip further toward offence unless organisations accelerate their patching and invest in automated defence.
Next step: Return to our Goldman Sachs ‘Hyper‑Aware’ of Anthropic Mythos AI pillar post for a complete summary.
