I was sitting in the audience at House of Advania on June 2 when Palo Alto Networks shared a story that stuck with me. They had already closed six security vulnerabilities they knew about and then unleashed a new AI model on their code to see what it could find. It found more than fifteen additional vulnerabilities. Flaws they did not know existed, in code they believed they had under control. 

The model is called Claude Mythos, and it is not for sale. Anthropic, the company behind it, has chosen not to make it publicly available. The reason is that it is simply too good at finding vulnerabilities. In the wrong hands, it becomes an intrusion tool. 

Access is restricted to a small group through a collaboration called Project Glasswing, which includes Palo Alto Networks, Microsoft, Google, Apple, and several dozen other organizations. That is why Palo Alto Networks was able to test it in the first place. 

Read more about Project Glasswing at Anthropic >

Too dangerous to release 

Anthropic’s own figures explain the caution. In a short period of time, the model discovered thousands of previously unknown vulnerabilities across all major operating systems and browsers, including a flaw in OpenBSD that had remained undiscovered for 27 years. 

Read “Evaluating and mitigating the growing risk of LLM-discovered 0-days” at Anthropic >

Norwegian technology publication Digi reported the findings as more than 10,000 serious vulnerabilities in widely used software. Since then, the number has continued to grow. 

In open source software alone, the model has flagged more than 23,000 vulnerabilities, more than 6,000 of them classified as serious or critical. Independent security firms confirmed approximately 90 percent of a sampled set as genuine vulnerabilities.

Read “AI tool found more than 10,000 serious vulnerabilities in widely used software” at Digi > (Norwegian only)

When AI searches for vulnerabilities 

The same tool that allows security providers to find and close vulnerabilities before they are exploited can, in different hands, be used to find those same weaknesses and break into systems. 

An AI model is both an offensive and a defensive tool, and it is getting better at both with every passing month. 

Just how dangerous this capability is considered became clear in June. On June 9, Anthropic released a Mythos model to the public for the first time, called Fable. It was intentionally restricted. In areas such as cybersecurity, biology, and chemistry, it refuses to answer and falls back to a weaker model instead. Even this watered down version is not allowed to do the things Mythos is considered most dangerous at. 

That still was not enough. Three days later, U.S. authorities invoked export controls and required both Fable and Mythos to be made unavailable to foreign users, citing national security concerns. Because Anthropic could not verify nationality in real time, it disabled both models for everyone, worldwide. 

The trigger was a report suggesting the model could be used to identify software vulnerabilities. Anthropic disagreed with the assessment, but the model was gone. A model that is too good at finding vulnerabilities is released in a restricted form one day and withdrawn the next. 

There is an important lesson here for Norwegian business leaders. The model was shut down specifically for foreign users, and in this context Norwegian organizations are foreign users. Data sovereignty is already a major topic of discussion. AI sovereignty may become just as important. 

When your defenses rely on a model, a vendor, and an API that you do not control, access can disappear overnight for reasons that have nothing to do with you. The key is to understand your dependencies and avoid building your entire defense around a vendor you do not control.

Attackers have already adopted the technology 

NSM (Norway’s National Security Authority) highlights the same trend in Risk 2026. It expects Norwegian organizations to face cyber operations in 2026 where AI tools are actively used. Attackers have already adopted the technology. The question is whether defenders can keep pace.

The gap between organizations that use AI in their defenses and those that do not is growing rapidly. An attacker with AI searching for vulnerabilities against a defender without it is an uneven contest. 

Read “Risk 2026” at NSM > (Norwegian only)

The good news is that the same leap forward is available to defenders. The Glasswing network has already expanded to around 150 additional organizations across more than 15 countries, including sectors such as energy, water, and healthcare. 

What does this mean for Norwegian organizations? 

Security strategies must assume that adversaries have access to AI. Vulnerabilities will be discovered faster than before, including in your own systems. The time between a vulnerability appearing and being exploited will continue to shrink. 

Keep software updated more quickly than you may be accustomed to, and make sure someone is monitoring your systems continuously, not only when something goes wrong. This is where a modern SOC makes the difference, such as the model Arctic Wolf and Sicra build on: AI looking for unusual patterns around the clock, with humans making the decisions. 

Read “Arctic Wolf Launches the World’s Largest Commercial Agentic SOC to Usher in a New Era of Agent Led Security Operations” at Arctic Wolf >

Palo Alto Networks closed six vulnerabilities and found more than fifteen new ones in a single afternoon. That tells you how quickly the game has changed. AI now works for both sides. The smartest move you can make is to make sure it is working for yours as well.