AI Dual-Use Dilemma: Claude Mythos for Defense and Attack

Cyber Threat Intelligence is flagging a significant development in the AI-for-cybersecurity space with Anthropic’s unveiling of Claude Mythos. This powerful AI, designed to bolster software defenses proactively, also presents a worrying dual-use potential. The same capabilities that can be leveraged to identify and patch vulnerabilities before attackers exploit them could, in the wrong hands, be used to discover and weaponize those very same weaknesses, significantly amplifying the sophistication and speed of cyberattacks.

This development arrives amidst a flurry of other critical threat intel. Cyber Threat Intelligence notes reports of Iran-linked actors targeting critical infrastructure PLCs, while a critical Flowise flaw (CVE-2025-59528) is being actively exploited for remote code execution. Additionally, the group highlights a major outage impacting Russian banking and metro payment systems, and the fast-moving Storm-1175 group leveraging new exploits. Further threats include the GPUBreach exploit using GPU memory bit-flips for system takeover, DPRK’s use of LNK files and GitHub for C2, the unmasking of REvil operators behind numerous German attacks, and over 14,000 F5 BIG-IP APM instances remaining exposed to RCE attacks via CVE-2026-35616, a flaw Fortinet is now patching.