Earlier this month, Anthropic announced a model called Mythos Preview. Then they told the public no one would get access. Two days ago, TechCrunch reported unauthorized users in a private online forum appear to have gained access anyway. Anthropic is investigating as I write this.
Take those two facts together. That’s the shape of the next several years of software security right there.
Frequently Asked Questions (Quick Answers)
What is Claude Mythos? A specialized AI model from Anthropic, announced April 2026. In a single evaluation run it surfaced thousands of high- and critical-severity vulnerabilities across widely used software, some more than 25 years old, at a total compute cost under twenty thousand dollars.
Why does any of this matter for my business? The cost of finding serious software vulnerabilities collapsed. Attackers no longer need months of skilled human effort to find their way in. Staying current on patches and maintenance moved from a best practice to a survival posture, especially for mid-market companies without dedicated security teams.
What should mid-market manufacturers do first? Build a real software inventory, prioritize patching on internet-facing and data-sensitive systems, stay on supported versions of your business-critical software, and rehearse an incident plan. Section five of this post walks through the playbook.
Is my ERP the weak spot? Usually not. SAP, Microsoft, and Oracle run security teams and ship patches fast. Your exposure sits in the unmanaged edges around the ERP: old VPN appliances, out-of-date plugins, forgotten remote-access tools, unpatched edge devices.
Does Third Wave help? Yes. Our Managed Service Provider program keeps your SAP Business One environment, Third Wave applications, and the surrounding stack current on a steady monthly cadence. Get in touch to talk through what that looks like for your operation.
The 30-Second Version
Anthropic announced a model that finds software vulnerabilities at a scale and speed no prior tool matched. Anthropic gated access to protect the public. Unauthorized users appear to have gained access within 24 hours of the announcement anyway. The gated model is not a durable defense. The durable defense is running your operation on a steady maintenance cadence so the vulnerabilities an attacker finds are already closed. The companies fine in 18 months are the ones already operating that way.
Anthropic handed Mythos to a small, hand-picked group of infrastructure, networking, and hardware vendors so they could patch first, before anyone else got hold of the capability. In a single evaluation run, Mythos surfaced thousands of high- and critical-severity vulnerabilities across widely deployed software, some sitting in code for 27 years unnoticed. Total compute cost: under twenty thousand dollars.
Finance ministers and CISOs were trading notes within days. The U.S. Treasury asked major banks to pressure-test their systems ahead of any future public release. The BBC, the Guardian, Axios, Scientific American, all covered the announcement inside a week. This was not a typical AI model news cycle. The response looked more like what happens when a new class of weapon shows up.
I think Anthropic made the right call on release strategy. My concern is what this moment means for every company building, selling, or running software, which in 2026 is all of us. And what the breach report from two days ago means, if the reporting holds, is that a careful hold-this-back posture broke on day one.
Why this moment is actually different
Software has always had bugs. Software always will. That’s not the news.
The cost of finding bugs just collapsed.
Finding a serious zero-day used to take a skilled human. Often a whole team of skilled humans. Weeks or months of focused effort. The economics gated who could afford to do the work: well-resourced security firms, well-funded threat groups, research teams at the largest software vendors. Most of the world stayed out.
Mythos breaks that gate.
Anthropic’s own numbers suggest a model in this class does months of skilled human effort in hours, at a cost any moderately funded organization absorbs without strain. Corporate, criminal, or nation-state. Honestly, even if you double or triple the real-world cost, you still land on a gap between the old world and the new one wide enough to change who’s playing.
Here’s the framing I keep hearing: “AI learned to hack.” That’s the wrong framing. What actually happened is defenders lost the time advantage. When finding a vulnerability took a human three months, your company could stay a little behind on patches and still finish ahead of attackers. That math no longer holds.
What you’re actually facing, if you run a mid-market manufacturer
Most of Third Wave’s clients are mid-market manufacturers. Industrial equipment. Medical devices. Food production. Home furnishings. Consumer goods. They run SAP Business One, other Third Wave software solutions, a handful of integrations to the shop floor, a customer portal or two, and the usual stack of edge devices and SaaS tools every modern business accumulates.
You don’t have a CISO. You don’t have a Security Operations Center. You don’t have a standing budget for red-team engagements. In most cases your IT team is small, sometimes one or two people, keeping the ERP humming, managing user access, and fighting whatever fire lands this week.
Here’s the uncomfortable truth about a Mythos-class world. Your ERP is not what I’m worried about.
SAP, Microsoft, Oracle, these vendors run security teams. They’re going to have Mythos-style tools pointed at their products whether they want that or not. When a critical vulnerability lands, they ship a patch, usually fast. Keep your B1 environment on a supported version, stay current on security patches, and the ERP sits in a reasonable place.
Your weak spots are everywhere else.
The VPN appliance in the corner of the server room, the one nobody has rebooted since your last IT manager left. The WordPress plugin on your marketing site, three versions out of date. The old Windows Server nobody wants to touch, running an ancient file share. The remote-access tool a vendor installed during a project five years ago, the one nobody audits. The webcam on the shop floor with default credentials still in place.
Those surfaces are what Mythos-class tooling finishes fastest. Internet-facing. Unmanaged. And the vendors who made them, if those vendors still exist, are not getting early-access review cycles from Anthropic.
The companies most exposed in this new world are not the ones running the biggest, most complex software. They’re the ones running the oldest, least-watched software. If you’ve got two decades of operational history, you know exactly how much of that old stuff you’re still carrying.
A practical playbook
You don’t need a SOC to get ahead of this. You need five things on a schedule. None of them are new. All of them are harder than they sound when you also run a factory.
1. Know what you own. You can’t patch what you don’t know you’re running. You need a real software inventory, not a spreadsheet someone started in 2021 and never touched. Every server. Every VM. Every edge device. Every appliance. Every SaaS tool with access to your data. If your IT team builds the inventory from memory, you don’t own an inventory. You own folklore.
2. Prioritize exposed or sensitive systems. Internet-facing services, VPNs, remote access, anything with a public URL, and systems touching financial or customer data sit at the top of the list. Everything else is second tier. Most mid-market shops get this wrong. They patch everything equally, run out of hours, and finish short of the systems most likely to hurt them.
3. Automate where you’re able. Schedule the rest. Automatic updates work for most endpoints and many SaaS tools. Business-critical systems, your ERP, your line-of-business apps, your integrations, need a maintenance window and a test plan. The goal is simple: remove “we’ll patch next quarter” from your vocabulary.
4. Stay on supported versions of your business systems. Boring work. Matters more than anything else on this list. SAP Business One, Versago, your integration middleware, your Windows Server fleet. Any of those running on an out-of-support version means you’ve accepted vendor-confirmed security debt as a way of life. The vendors building Mythos-class tooling don’t care about your upgrade fatigue.
5. Run the “what if we got hit tomorrow” conversation. Not a formal tabletop exercise with a consultant and a six-figure bill. An hour with your IT team or your IT partner. Walk through the real questions in plain language: what would we lose, how fast could we come back, who calls who, who has authority to pay a ransom, where does our insurance sit, where do our backups actually live. You will find questions without answers. The time to find those answers is not during the incident.
Reading the list, some of you are nodding because you run this playbook today. Most of you are doing the math on which of the five your team has bandwidth to actually hold. In a 40 or 100-person manufacturing company, the honest answer is two of the five, poorly. Your IT team is smart. Your IT team also owns the ERP, the shop-floor tablets, the printer failing this week, and the VP who can’t find his shared drive.
We built our MSP program because of exactly this gap. Monthly cadence turns “staying current” into a line item instead of a project. It costs less over a year than paying us in irregular bursts when something breaks. And it’s the posture that holds up in a Mythos-class world.
If the pitch resonates, keep reading. If not, the five-item list stands on its own. Run it with whoever you run your IT with.
On Anthropic’s choice, and what happens next
Handing Mythos Preview to a short list of infrastructure, networking, and hardware vendors, and holding the model back from a broad release, is the move you want a frontier AI lab to make when it realizes its product punches above weight on offensive security. Vendors get a head start. Patches roll out. The public narrative gets shaped responsibly. That’s harm reduction.
Two days ago, the Guardian reported, and outlets from TechCrunch to Euronews picked up the thread, that a small group of users in a private online forum appear to have gained access to Mythos Preview on the same day Anthropic announced the limited release. Initial reporting points to access through a third-party contractor. Some of that group reportedly used tactics from cybersecurity research. Anthropic confirmed a report of unauthorized access through one of their third-party vendors and confirmed an active investigation. The story is still moving. Details will shift.
Forget any single detail. The bigger point lands anyway. The gated approach works only as long as the gate holds. A supply chain of vendors is a supply chain of access paths. A single contractor, a single misconfigured credential, a single motivated forum on the other side, and your harm-reduction story ends. Not in six months. In hours.
And gating only works if every lab with a comparable model makes the same choice. They won’t. OpenAI, Google, Meta, the open-weights community, the nation-state labs, none of them committed publicly to the same pattern. You don’t have to wait for that to see what a porous gate looks like. You saw it two days ago.
There’s a second-order problem here that runs quieter and matters more over time. Holding a model back for safety reasons, the right call on the merits, also erodes public trust in AI labs. People hear “we built something we won’t give you because it’s too dangerous.” Some nod. More hear paternalism, or a marketing stunt, or something worse. Public trust in AI companies is already low. Every “we’re holding this one back” decision spends more of the same trust, even when the decision is correct.
I hold both thoughts at once. Anthropic made the right immediate call. The approach doesn’t scale, not to other labs, not against a motivated private forum, not against the long arithmetic of contractor access. “Trust the labs to do the responsible thing” is not a security strategy for your business. The approach won’t settle into a durable equilibrium for the industry either.
The companies that are fine in 18 months are not the ones who guessed right about which lab would behave how. The fine companies are running their operations on a steady maintenance cadence. Current software. Known inventory. Patched exposure. A rehearsed incident playbook. Whether you staff that work in-house or hire a partner like us is secondary. What matters is the work happens on a schedule, not in a panic.
If your operation sits short of that bar today, the work to reach it is not glamorous and it’s not complicated. The work is steady. Talk to us about what steady looks like for your environment.