Gov’t, IT industry on alert over Mythos cybersecurity risks

The Korean government and domestic companies are increasingly concerned over potential security risks posed by Anthropic’s new artificial intelligence (AI) model, Claude Mythos Preview, due to its new cybersecurity capabilities.

On Tuesday and Wednesday, the Ministry of Science and ICT held meetings with the chief information security officers of Naver, Kakao, Woowa Brothers, Coupang and other platform and cybersecurity companies to assess potential security threats from Mythos and OpenAI’s GPT-5.4-Cyber.

“The emergence of Mythos and other high-performance AI-based cybersecurity services presents an opportunity to significantly enhance security levels, while also highlighting the potential risks if such technologies are misused,” Deputy Prime Minister and Minister of Science and ICT Bae Kyung-hoon said on Tuesday.

“Korean companies and critical infrastructure must not be exposed to such threats, and must at the same time strengthen their cybersecurity capabilities.”

On April 7, Anthropic published its “Alignment Risk Update: Claude Mythos Preview” document, calling it their most capable large language model (LLM) to date, but also noted that it “poses a higher risk than any previous model.”

The company claims Mythos has identified previously unknown vulnerabilities in major browsers and operating systems, with the capability to carry out denial-of-service attacks based on these findings.

Concerns are growing that the LLM is capable of identifying large numbers of “zero-day vulnerabilities” — security flaws that remain unknown to developers and can leave software exposed to attack until security patches are applied.

Image created by Google Gemini

This has raised alarm across the IT industry over the potential for misuse, with worries that in the wrong hands it could jeopardize much of the software infrastructure used in modern society.

Platform companies are assessing the potential risks posed by Mythos and other advanced AI tools.

“The model has not yet been released, but given its significant impact on the cybersecurity industry, we are closely monitoring global trends and strengthening our response,” a Naver official said.

“We are also continuing research on AI-driven attacks and corresponding defense measures, while maintaining cooperation with the government.”

Kakao is also stepping up efforts to review its internal information security systems and monitor related developments.

Anthropic is currently operating Project Glasswing, providing Mythos in advance to a limited number of partners, including Google, Apple and Microsoft, for defensive security work. However, no Korean companies are known to have received access to so far.

Anthropic’s Project Glasswing / Captured from Anthropic website

Experts say cybersecurity is no longer confined to the IT sector, but is emerging as an larger social and national threat, calling for an urgent, coordinated response.

“AI has evolved from simple automation that follows rules to fully autonomous multi-agent systems with reduced human intervention,” said Kim Young-hoon, director of public policy for Korea and Japan at Amazon Web Services, during the 32nd Network Security Conference Korea, Thursday.

“As uncertainties beyond human control emerge, security and ethical issues are becoming national-level concerns. It is time for in-depth discussions on how much control we should continue to maintain.”

Professor Park Han-woo at Yeungnam University said the emergence of Mythos and GPT-5.4-Cyber shows that cybersecurity is no longer a matter of offense and defense, but a question over how trust can be designed and established.

“(As technology evolves) the side that gains the upper hand is no longer the one with superior attacking capabilities, but the one that designs and governs rules and protocols,” Park said.

“Responding to emerging threats requires more than a purely technical approach. A socio-technical framework is needed. Currently, a single company or platform integrates decision-making, execution and accountability, but a structure that separates these functions needs to be established.”

Kim Jin-soo, president of the Korea Information Security Industry Association, said AI-driven security threats are now a constant risk, and companies and institutions need to establish “zero-trust” security systems that do not automatically trust any user or device.

“AI-related security risks should also be addressed from the perspective of strengthening software supply chain security, and the government needs to step up efforts to narrow the security gap among small and medium-sized enterprises,” Kim said.