Is the cybersecurity business about to explode?
When Nicholas Carlini, a renowned researcher at the artificial intelligence development company Anthropic AI, took the stage on March 25 at the “[un]prompted 2026” cybersecurity conference, he likely suspected that his presentation would generate significant buzz.
He explained that Anthropic’s latest large language model, Fable 5, which offers a next-generation cybersecurity solution, outperforms even the best cybersecurity (human) researchers when it comes to identifying vulnerabilities in software systems. Based on the identified bugs, it can also recommend effective methods for penetrating the system. Carlini also demonstrated how to specifically instruct Fable 5 to achieve this goal, the small but significant technical trick involved has since been referred to as the “Carlini loop” in cybersecurity circles.
What Carlini could not have anticipated, however, was that details of Fable 5’s source code and numerous documents related to its development would leak from Anthropic a few days later due to human error. In an internal email, which was also leaked, at the very end of March, Carlini himself recommended to company leadership that they postpone the model’s widespread release. However, due to the data leak, the company was likely forced to act, so on April 7, as part of Project Glasswing (an industry-led cybersecurity consortium launched by Anthropic in April 2026), they have launched the large language model, dubbed Claude Mythos Preview, for selected technology partners. Among the partner companies are the most important U.S. firms in the digital space (Amazon, Microsoft, Google, Apple), as well as the largest U.S. bank, JP Morgan Chase. The group of invitees has since expanded to include 150 additional organizations, which have been busy over the past two months using Claude Mythos to identify and fix vulnerabilities in their own systems.
Anthropic’s press releases indicate that more than 10,000 vulnerabilities have been identified recently, but other news reports also suggest that the pace of bug fixes for open-source systems lags far behind this figure.
The cybersecurity risks inherent in artificial intelligence had by this point reached the attention of political decision-makers, and on the same day that Project Glasswing was launched, U.S. Treasury Secretary Scott Bessent convened an emergency meeting with the heads of major U.S. banks. News of the meeting became public toward the end of the week. However, the Trump administration must not have been entirely satisfied with the cooperation between AI development companies and critical industries, as Presidential Executive Order No. 14409 was issued on June 2, in which AI development companies were asked, on a voluntary basis, to submit their latest models to the relevant federal authorities for testing 30 days prior to their public release.
On Tuesday, June 9, Anthropic made Claude Mythos widely available, though it came with limitations, in terms of its cyber capabilities. It took just two days for Amazon testers to circumvent these restrictions and get the model to reveal vulnerabilities. At least, according to news reports, that’s how Amazon CEO Andy Jassy described the situation to Treasury Secretary Scott Bessent. The Trump administration wasted no time and, on Friday, June 12, banned Anthropic from making its model available to foreign entities.
Since Anthropic’s own employees who are foreign nationals were also subject to the embargo, the company’s only way to comply with the new rule was to make the model inaccessible to everyone.
However, those “foreign players” did not sit by idly: Z.ai (one of China’s “artificial intelligence tigers” and the world’s third-largest LLM market player) unveiled its latest large language model, GLM-5.2, on Tuesday, June 16, which, according to testers, comes close to Claude Mythos in terms of cyber capabilities. It came close, but perhaps did not quite match it, meaning that, at the time of this writing, the U.S. technological lead likely still exists. However, the gap between Chinese developers and their American counterparts is narrowing; according to surveys, the best Chinese models now offer roughly what the best U.S. models were offering just three months ago. Not long ago, this gap was still more than half a year. This means that, in three months at the latest, models capable of conducting massive and sophisticated cyberattacks will be available to everyone. By “everyone,” we must also include Moscow-based experts in hybrid warfare and hacker groups operated by the North Korean regime.
Source: https://artificialanalysis.ai/models/open-source
Stock markets have already begun to price in the expected boom in the cybersecurity sector: companies participating in Project Glasswing that are connected in various ways to digital security, such as CrowdStrike, Palo Alto Networks, Cisco, IBM, Okta, and Rubrik, have seen an average share price increase of nearly 70% since April 7, surpassing even the 60% rise in the index of chip manufacturers, which are considered the biggest beneficiaries of the AI cycle. This trend will undoubtedly intensify in the coming months, so it’s a good idea to install software updates immediately and add the companies listed above to our watchlist.
Jogi nyilatkozat: A blog üzemeltetője a VIG Befektetési Alapkezelő Magyarország Zrt., a szerzői az Alapkezelő munkavállalói. A weboldal kereskedelmi kommunikációt tartalmaz. A blogon megjelenő cikkek magánszemélyek szubjektív véleményét tükrözik, tájékoztatási céllal készülnek és nem minősülnek befektetési elemzésnek vagy befektetési tanácsadásnak és nem tartalmaznak befektetési ajánlást. A blog szerzői saját nevükben kereskedhetnek olyan pénzügyi és pénzeszközzel vagy más termékkel, amelyről az általuk készített cikk közöl tájékoztatást vagy véleményt. Bár a szerzők tőzsdei vagy tőzsdén kívüli kereskedés során szerzett tapasztalata a jelen blogon szereplő írásaikban is megjelenhet, de érdekeltség nem befolyásolhatja az általuk közölt tájékoztatást. A blogon megjelenő cikkekben, hírekben és tájékoztatásokban megjelenhetnek olyan társaságok, amelyek üzleti kapcsolatot tartanak fenn a VIG Befektetési Alapkezelő Magyarország Zrt.-vel vagy a blog szerzőivel akár közvetlenül, akár a VIG Group cégcsoportba tartozó más vállalkozáson keresztül. Jelen blogon megjelent cikkek nem tartalmaznak teljes körű tájékoztatást, és nem helyettesítik a befektetés megfelelőségének vizsgálatát, amelyet csak az adott befektető egyedi körülményeinek értékelésével lehet megállapítani. A megalapozott befektetési döntés meghozatalához kérjük, hogy részletesen és több forrásból tájékozódjon!
A VIG Befektetési Alapkezelő Magyarország Zrt., a blog szerkesztői és szerzői nem vállalnak felelősséget a blogon szereplő tartalom naprakészségéért, esetleges hiányosságaiért vagy pontatlanságaiért, valamint a blogcikkek alapján hozott befektetési döntésekért és a befektetési döntésekből származó bármilyen közvetlen vagy közvetett kárért vagy költségért.
