The notion of cybersecurity achieving the inherent safety and reliability of tap water has long been a distant aspiration, often dismissed as a utopian ideal. For decades, digital security has been an afterthought, a complex layer bolted onto systems designed without foundational safety in mind.

Unlike public water systems, which engineer safety upstream through filtration, chlorination, and constant monitoring, the internet and its applications were built on the assumption that security would be the responsibility of individual organizations. This paradigm is now facing a profound challenge, and a potentially dangerous shift, thanks to advanced artificial intelligence.

A recent development from the AI company Anthropic suggests that the tap-water model for cybersecurity might finally be within reach, offering a glimpse into a future where vulnerabilities are systematically eliminated before they ever reach the user. However, this breakthrough also exposes significant new risks, particularly concerning governance and the concentration of powerful AI capabilities.

Anthropic’s Mythos Preview and Project Glasswing

In April, Anthropic unveiled Claude Mythos Preview, a frontier AI model capable of autonomously discovering previously unknown software vulnerabilities, known as zero-days, and subsequently crafting functional exploits for them. This represents a significant leap beyond existing vulnerability scanners, as the model has reportedly identified flaws in every major operating system and web browser, including some that had remained dormant for decades.

Anthropic made the critical decision not to release Mythos to the public. The company acknowledged that a tool with the power to find and exploit weaknesses across the world’s most critical software at scale would be equally valuable to malicious actors as it would to defenders. The global software ecosystem, Anthropic concluded, is not yet robust enough to withstand such a capability being widely available.

Instead, Anthropic launched Project Glasswing, a controlled program providing Mythos Preview to a carefully vetted group of partners. The objective is to enable these partners to proactively identify and remediate vulnerabilities before such powerful offensive AI capabilities become widespread.

The initial cohort of approximately 50 organizations included major players like AWS, Apple, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, NVIDIA, and the Linux Foundation. On June 2, Anthropic expanded the program to include around 150 more organizations across over 15 countries, specifically adding sectors previously absent, such as power, water, healthcare, and communications, alongside maintainers of critical open-source code.

A key selection criterion for Glasswing partners is that a successful attack on their code could impact more than 100 million people. In the first few weeks alone, partners utilized Mythos Preview to uncover over 10,000 high- or critical-severity vulnerabilities in some of the world’s most systemically important software, demonstrating the model’s unprecedented effectiveness.

The Fable 5 Incident and Centralized Control Risks

Anthropic’s new top capability tier, dubbed Mythos-class, includes two models: Claude Mythos and Claude Fable. Both share the same underlying AI model, but they are differentiated by their governance structures. Claude Fable is equipped with extensive additional safeguards designed to block its most dangerous outputs, making it theoretically suitable for public release.

Claude Mythos, the introduced version, is held back precisely because these safeguards are not yet considered strong or precise enough for general public distribution. This asymmetry highlights the core challenge: the engineering capability to filter the digital water now exists, but a universally trusted filter is still elusive.

Last week, on June 9, Anthropic released the first public models in this top tier: Claude Fable 5 for general use and Claude Mythos 5 exclusively for Glasswing partners. Within three days, the protective filter on Fable 5 sprang a leak. Anthropic disclosed that someone had found a method to jailbreak the model, coaxing out the very dangerous cyber and biotechnology capabilities Fable was designed to suppress. In the tap-water analogy, a contaminant had bypassed the treatment plant.

The repercussions were swift and severe. On June 12, the US government issued an export-control directive, citing national security authorities, ordering Anthropic to suspend access to both Fable 5 and Mythos 5 for all foreign nationals, including the company’s own foreign-national employees. To comply, Anthropic globally disabled both models for everyone, including paying enterprise customers. Sessions now either fail or revert to older models.

For any organization that had begun integrating Fable 5 into its operations, the lesson is stark: a critical capability can vanish overnight. This disruption occurred not due to vendor failure or discontinuation, but because of a government intervention, a relationship between a frontier lab and a national government that customers had no visibility into. The digital water supply was effectively shut off at the main.

Securing Critical Infrastructure in a New AI Era

The emergence of Mythos-class AI models marks a profound shift in cybersecurity. The bottleneck in security is no longer primarily about discovering vulnerabilities; it has moved to the speed at which organizations can verify, disclose, and patch the enormous number of flaws these models can surface. This means the long-held dream of an inherently secure digital infrastructure is no longer science fiction.

Project Glasswing partners are already leveraging Mythos Preview to find flaws, write patches, and even prevent vulnerabilities from being introduced in the first place. Mozilla, for instance, reported resolving hundreds of vulnerabilities using this approach. If this capability can be safely generalized, core internet infrastructure, 5G networks, operating systems, and the open-source supply chain could, over time, become more akin to treated water: cleaned upstream before reaching an organization’s digital tap.

However, this optimistic outlook is tempered by the current vulnerabilities in critical infrastructure, particularly water and wastewater systems. These systems are often described as community lifelines but frequently lack the resources and technical capacity for robust cybersecurity measures. This exposes them to significant cyberattack risks, potentially jeopardizing public health and safety, a concern highlighted in the Top Cybersecurity Threats to Know in 2026. Jpost Report.