Crypto exchanges are racing for access to Anthropic's Mythos. The model can hunt zero-day bugs at machine speed. Industry leaders say they must prepare fast.

Why the rush

Look, the market is watching. Anthropic has rolled out a new model, Claude Mythos Preview, that the company says can find and weaponize previously unknown software flaws far faster than humans or existing automated tools.

That claim matters to crypto firms because much of decentralized finance runs on open source code — code anyone can read and probe. Anthropic's technical posts show Mythos found flaws in popular cryptography libraries like TLS, AES-GCM, and SSH. These are the building blocks that protect HTTPS, encrypted data, and remote server access.

Those aren't abstract targets. If a model can forge certificates or quickly turn a hidden bug into an exploit, wallets, exchanges, and smart contracts could be at serious risk. Anthropic has shown other models already finding hundreds of serious bugs in open source libraries, and executives at exchanges see Mythos as a possible accelerant for attacks — as well as a tool to find and patch problems.

Exchanges move to test Mythos

Coinbase and Binance are among the crypto platforms trying to get hands-on time with Mythos, according to reporting and industry briefings. Philip Martin, Coinbase chief security officer, told colleagues and partners that Mythos could speed up both digital attacks and defenses, prompting Coinbase to engage Anthropic directly about access and testing.

Binance and custodial infrastructure providers such as Fireblocks are also taking steps to understand what Mythos can do. Fireblocks previously tested an Anthropic model, Opus 4.6, and Anthropic has said those experiments uncovered hundreds of previously unknown high-severity flaws across open source projects.

The bottom line is that companies handling billions in customer funds recognize both the risks and benefits. They want to know whether Mythos will let bad actors scan public smart contracts and infrastructure and find attack paths that human auditors missed. They also want to know whether they can use Mythos to scan their own systems faster and more thoroughly than they can today.

How Anthropic is controlling access

Anthropic is keeping Mythos access limited. Instead, the company put the model into an early access program called Project Glasswing, sharing it with a shortlist of large tech and security partners for controlled testing.

That partner list includes major cloud and security firms and a few Wall Street names. Anthropic asked partners to test the model on real code and setups to find and fix big problems before releasing it more broadly.

The approach is cautious. Anthropic has said models in its Opus line already found hundreds of serious bugs, and Mythos appears to be a step up. So the company is keeping distribution tight while it evaluates how best to share offensive-capable tooling without making defensive problems worse.

Government and finance push for visibility

The federal government is paying close attention as well. Treasury Secretary Scott Bessent summoned top Wall Street CEOs to Washington to talk about cybersecurity risks tied to advanced models such as Mythos, and Treasury officials have expressed interest in reviewing the model for national-security testing.

This shows how closely linked big finance and national security are when it comes to keeping infrastructure strong. Banks and exchanges run services that, if disrupted, could ripple through payments and markets.

Regulators and finance chiefs want a look so they can evaluate whether existing controls — including audits, multi-signature governance and time-locked transactions — still hold up when adversaries have access to highly capable code-audit automation.

What developers worry about

DeFi developers have long relied on audits and bug bounties as their safety net. Those measures slow down attackers and surface issues, but Anthropic warns that defenses whose strength comes mainly from friction rather than technical barriers may weaken against model-assisted adversaries.

Open-source protocols are particularly exposed because the entire codebase is public. A powerful model can scan millions of lines, catalog potential attack chains, and propose exploits at near-zero marginal cost. Anthropic's work shows a model finding decades-old bugs in hardened codebases with relatively little compute — examples in technical posts include discovery of ancient OpenBSD and FFmpeg flaws and the rapid chaining of multiple bugs into a working browser exploit.

Developers must either boost automated scanning and red-team drills or accept that attackers might outpace defenders relying only on human checks and old tools.

Industry actions and triage

Some cloud providers and security firms are Mythos partners, letting exchanges test safely without risking their live systems. Anthropic's partner roster for Project Glasswing includes major cloud platforms and security companies, which should speed defensive testing.

But smaller teams without enterprise access will have to find other ways. They can raise bounty payouts, freeze high-risk functions during audits, or use scheduled timelocks to limit rapid movement of funds. But those measures add friction to product workflows and don't always block a smart exploit that targets cryptographic or protocol-level weaknesses.

Some custodians and exchange security teams are also reevaluating their threat models. They're asking whether existing assumptions about exploit cost, time-to-exploit and attacker skill remain valid when models can do the heavy lifting. Fireblocks' prior testing of Anthropic models suggests automated discovery of severe flaws is doable even without special scaffolding.

Cost, capability and the shifting calculus

Anthropic's public descriptions include specific examples that matter to defenders: reportedly finding long-hidden bugs with only tens of dollars in compute for some proofs-of-concept, and scaling more complex exploit development to a few thousand dollars in cases that would take human experts weeks.

That changes the attack calculus. What used to be a high-skill, high-cost operation can become a faster, cheaper process if a model can propose reliable exploit chains. Exchanges and custodians therefore face a two-front problem: they must keep bad actors from using such models, and they must learn to use the models themselves for proactive defense.

Frankly, some firms are pursuing both tracks. They're negotiating controlled access to Mythos or comparable tools while beefing up monitoring, tightening release controls, and expanding formal verification and fuzzing efforts for critical modules.

Others are pushing for clearer public standards about model release and testing. That includes calls for coordinated disclosure practices, better tooling for safely running adversarial scans, and collaboration between tech companies, financial institutions and regulators.

What this means for markets

For investors and customers, the immediate risk is operational: an exploit could freeze funds, compromise private keys, or trigger a cascade of liquidations. Exchanges that want to keep access flowing will need to prove they can detect and block novel attacks quickly.

For the industry, Mythos is accelerating a long-simmering shift: security is moving from an arms race between human researchers to one that includes powerful automation. That raises pressure on security budgets and forces leaders to rethink what constitutes a safe deployment.

Frankly, firms that ignore the change may find their assumptions about safety outdated.

Related Articles

Anthropic has limited Mythos access under Project Glasswing to a select group of partners including Amazon Web Services, Apple, Google, JPMorgan Chase, Microsoft, Nvidia and Palo Alto Networks.