The term “artificial intelligence” (AI) has been a common topic in the media for years. But for a long time, it was considered a vision of the future—until the end of 2022. With OpenAI’s release of “ChatGPT,” society, businesses, public agencies, and governments suddenly realized that AI technologies are already more powerful than many had anticipated. This triggered far-reaching changes—both social and economic.
Now another major change is on the horizon.
In early April 2026, Anthropic announced that it would not make its newly developed AI model, “Claude Mythos,” publicly available for the time being. The reason: His outstanding programming skills pose significant risks. While the model can analyze code and identify errors (so-called “bugs”) more efficiently—a capability that could revolutionize software development. But this is precisely where a “dual-use problem” arises: Malicious actors could use Claude Mythos to identify security vulnerabilities in systems and develop strategies to exploit them. Such attack processes can now be carried out automatically in a short period of time.
Anthropic responded by launching the “Glasswing” project. For now, only select companies and institutions will have access to Claude Mythos. These include, above all, U.S. tech companies from Silicon Valley, which can use Claude Mythos to test their own products for security vulnerabilities and secure them. This approach gives them a time advantage over potential attackers. At the same time, this puts European and German software manufacturers at a disadvantage—both in terms of IT security and economically.
Such developments raise questions about digital sovereignty, as Claudia Plattner, President of the Federal Office for Information Security (BSI), also points out.
Claudia Plattner outlines two scenarios for the future:
– Ideal scenario: Software is tested by AI before its release, and vulnerabilities are proactively fixed—the number of critical security vulnerabilities drops dramatically.
– Worst-case scenario: Only a few countries and actors have access to the best AI models (frontier models). They could specifically exploit any vulnerabilities they find and use their digital superiority as a means of pressure.
Let’s hope that the positive scenario plays out. But that will probably be a long-term process.
In the short and medium term, IT security requirements will certainly increase dramatically. This is another reason why the Fraunhofer Institute IAO points out the following issue: The real challenge lies not only in identifying vulnerabilities, but also in the large number of plausible findings. This puts enormous pressure, for example, on triage, vulnerability management, and patch management—processes that are already reaching their limits today.
We at AVABIS GmbH feel the same way. This reinforces our belief in the idea of developing a product that enables a company to manage this flood of information and maintain control over its IT security.
The following links may be of interest in this context:
Federal Office for Information Security (BSI): AI Models Are Revolutionizing the Way We Address Security Vulnerabilities
Fraunhofer Institute for Industrial Engineering (IAO) (Blog post by Heiko Roßnagel): Mythos as a Game Changer? How AI Is Changing the Cybersecurity Landscape for Businesses.
