The next phase of AI cybersecurity still needs humans

Axios · May 14, 2026 · 667 words · By Sam Sabin

Cybersecurity Risks AI Cybersecurity Capabilities Human-AI Collaboration

headphones Listen to the eFinder podcast briefing

Generate a natural audio summary of this story

Daily briefing

What to know about Cybersecurity Risks

The article discusses the capabilities and limitations of new AI models from Anthropic and OpenAI in the field of cybersecurity. It highlights that while these models can find significantly more vulnerabilities than traditional methods, they still require human expertise to validate findings and reduce false positives.

Propaganda risk 10%

Claims checked 11

Techniques found 1

Topics 3

Coverage spectrum

Coverage gap: Low Left coverage

Left0%

Center100%

Right0%

7 sources compared across this story cluster. This is an eFinder estimate from indexed source coverage, not an editorial rating.

What happened

Anthropic and OpenAI's cyber-capable AI models may still require significant human expertise to operate effectively, according to new findings from users testing the systems in real-world environments.

Why it matters

Why it matters: The new phase of AI-powered cybersecurity may depend less on fully autonomous hacking and more on how effectively humans can direct, validate and operationalize increasingly powerful systems.

Common ground

The big picture: When Anthropic unveiled Mythos Preview to the world, it warned that the model was so powerful that it found tens of thousands of bugs spanning nearly every operating system.

Perspective signals

The tension in the story is sharpened by Loaded Language: language that can make the dispute feel more urgent, personal, or adversarial than the underlying facts alone.

Follow-up questions

What new context would change how readers understand this Cybersecurity Risks story?
What evidence would most clearly confirm or weaken the claim that Daniel Stenberg, the lead developer for open-source project Curl, said Monday that Mythos found one low-severity bug in its code alongside several false positives?
How does this story connect Cybersecurity Risks with AI Cybersecurity Capabilities over the next few days?

open_in_new Read the original article: https://axios.com/2026/05/14/mythos-cyberscurity-human-ai-models

analyticsAnalysis

10%

Propaganda Score

confidence: 95%

Low risk. This article shows minimal use of propaganda techniques.

psychologyPropaganda Techniques Detected

eFinder identified 1 propaganda technique in this article. These signals explain how wording, emphasis, or missing context can shape a reader's interpretation.

warning

Loaded Language 70% confidence

Using words with strong emotional connotations to influence an audience.

Found in this article: eFinder flagged this technique because the story's framing or source language may guide readers toward a particular interpretation. Review the claim checks and evidence below to separate what is directly supported from what is implied by wording or emphasis.

Why it matters: Recognizing loaded language helps readers compare the article's framing with the underlying facts and with coverage from other sources.

fact_checkClaims Checked

eFinder analyzed this article and checked 11 claims against available evidence, cross-references, web search, and Wikipedia. Here is what the fact-checking layer found.

info Single Source 7

check_circle Corroborated 3

schedule Pending 1

check_circle

Claim 1: “Daniel Stenberg, the lead developer for open-source project Curl, said Monday that Mythos found one low-severity bug in its code alongside several false positives”

CORROBORATED

SecurityWeek and Daniel Stenberg's own blog confirm that the Mythos model found one vulnerability in curl alongside several false positives.

info

Claim 2: “Cisco this week released "Foundry Security Spec," an open-source blueprint for how organizations should think about using advanced AI models.”

SINGLE SOURCE

Search results confirm Cisco's general AI activity and financial reports, but there is no mention of a 'Foundry Security Spec' open-source blueprint.

travel_explore

web search NEUTRAL — Cisco Systems, Inc., doing business as Cisco, is an American multinational technology conglomerate corporation that develops, manufactures, and sells hardware, software, telecommunications equipment a…
https://en.m.wikipedia.org/wiki/Cisco

travel_explore

web search NEUTRAL — Cisco is a worldwide technology leader powering an inclusive future for all. Learn more about our products, services, solutions, and innovations.
https://www.cisco.com/

travel_explore

web search NEUTRAL — 16 hours ago · Cisco's AI story has finally started resonating with Wall Street, with the stock hitting a record late last year and continuing to rally in 2026.
https://www.cnbc.com/2026/05/13/cisco-csco-q3-earnings-repor…

check_circle

Claim 3: “Microsoft said Tuesday its new agentic security system... found 16 new vulnerabilities in the Windows networking and authentication stack.”

CORROBORATED

Multiple sources (Cyber Ivy and other web search results) confirm that Microsoft's agentic security system (MDASH) found 16 new vulnerabilities in the Windows networking and authentication stack.

travel_explore

web search NEUTRAL — Microsoft responded to growing competition in AI security by announcing that its new agentic security system helped researchers discover 16 new vulnerabilities in the Windows networking and authentica…
https://www.helpnetsecurity.com/2026/05/13/microsoft-mdash-a…

travel_explore

web search NEUTRAL — Microsoft says an agentic multi-model system found 16 Windows security flaws, including four critical remote-code-execution bugs. It signals faster defense and more patch pressure.
https://cyber-ivy.com/en/articles/microsoft-mdash-ai-windows…

travel_explore

web search NEUTRAL — Codename: MDASH—Microsoft Security’s new multi-model agentic scanning harness. Codename MDASH is, at its core, an agentic vulnerability discovery and remediation system. The model is one input. The sy…
https://www.microsoft.com/en-us/security/blog/2026/05/12/def…

info

Claim 4: “XBOW... said Mythos is "extremely powerful for source code audits" in a blog post Tuesday”

SINGLE SOURCE

Search results confirm XBOW is an autonomous offensive security platform, but no specific blog post quote stating Mythos is 'extremely powerful for source code audits' was found in the provided evidence.

travel_explore

web search NEUTRAL — Daniel Stenberg, the lead developer of curl, revealed in a blog post on Monday that he was recently given the opportunity to test the Claude Mythos frontier AI model, which Anthropic claimed had ident…
https://www.securityweek.com/claude-mythos-finds-only-one-cu…

travel_explore

web search NEUTRAL — We also see a high volume of high quality security reports flooding in: security researchers now use AI extensively and effectively. Security is a top priority for us in the curl project. We follow ev…
https://daniel.haxx.se/blog/2026/05/11/mythos-finds-a-curl-v…

travel_explore

web search NEUTRAL — Stenberg explained in a Monday blog post that he was promised access to Anthropic’s Mythos model - sort of - through the AI biz’s Project Glasswing program.
https://www.theregister.com/security/2026/05/11/anthropics-b…

info

Claim 5: “Palo Alto Networks... saw a false positive rate of about 30% across its products”

SINGLE SOURCE

While GPT-5.5 and Claude Opus 4.7 are mentioned in comparison articles, there is no mention of a 30% false positive rate reported by Palo Alto Networks.

travel_explore

web search NEUTRAL — Как DeepSeek V4, GPT-5.5 и утечка Claude Mythos переопределили экономику AI на ближайший квартал.Для сравнения, Claude Opus 4.7 стоит $5 / $25 за миллион. Разница с Flash на типовой задаче (15 тысяч т…
https://vc.ru/ai/2884109-tri-udara-po-ai-deepseek-v4-gpt-55-…

travel_explore

web search NEUTRAL — GPT‑5.5 delivers this step up in intelligence without compromising on speed: larger, more capable models are often slower to serve, but GPT‑5.5 matches GPT‑5.4 per-token latency in real-world serving,…
https://openai.com/index/introducing-gpt-5-5/

travel_explore

web search NEUTRAL — Сравниваем GPT-5.5 и Claude Opus 4.7 по коду, агентным задачам, ценам, безопасности, длинному контексту и реальной пользе для команд.
https://www.securitylab.ru/analytics/571982.php

schedule

Claim 6: “Mythos is already improving on its own, according to research published Wednesday by the U.K. AI Security Institute.”

PENDING

This claim was extracted as a checkable statement from the article. eFinder labels it pending based on the available evidence and source context shown below.

check_circle

Claim 7: “Anthropic unveiled Mythos Preview to the world”

CORROBORATED

Multiple independent news sources (CNBC, Flipboard, RT News) confirm that Anthropic released the Claude Mythos Preview model.

compare_arrows

cross reference SUPPORTS — rival Anthropic captivated investors and government officials with Claude Mythos Preview
https://www.cnbc.com/2026/05/07/openai-rolls-out-new-gpt-5po…

compare_arrows

cross reference SUPPORTS — In early April, Anthropic sent shudders through the tech community with Claude’s Mythos Preview model.
https://flipboard.com/topic/news/anthropic-s-most-powerful-a…

compare_arrows

cross reference SUPPORTS — In early April, Anthropic sent shudders through the tech community with Claude’s Mythos Preview model.
https://flipboard.com/topic/news/anthropic-s-most-powerful-a…

+ 2 more evidence sources

info

Claim 8: “OpenAI's GPT-5.5-Cyber is just as powerful as Mythos at finding bugs and writing exploits.”

SINGLE SOURCE

Web results confirm the existence of GPT-5.5, but there is no specific evidence in the provided results comparing 'GPT-5.5-Cyber' capabilities to Mythos regarding bug finding and exploit writing.

travel_explore

web search NEUTRAL — Chat with the most advanced AI to explore ideas, solve problems, and learn faster.
https://chatgpt.com/

travel_explore

web search NEUTRAL — OpenAI Group PBC, doing business as OpenAI, is an American artificial intelligence (AI) research organization headquartered in San Francisco, consisting of a for-profit public benefit corporation (PBC…
https://en.wikipedia.org/wiki/OpenAI

travel_explore

web search NEUTRAL — We believe our research will eventually lead to artificial general intelligence, a system that can solve human-level problems. Building safe and beneficial AGI is our mission.
https://openai.com/

info

Claim 9: “Palo Alto Networks told Axios it found 75 bugs using both the Anthropic and OpenAI models, vs. the 5-10 bugs it usually discovers each month.”

SINGLE SOURCE

Search results mention Palo Alto Networks using both OpenAI and Anthropic stacks in parallel, but do not provide the specific numbers (75 bugs vs 5-10) mentioned in the claim.

travel_explore

web search NEUTRAL — Palo Alto Networks: Cloud Security Leader in First-Ever CNAPP Report.FrostRadar™ names Palo Alto Networks a CNAPP Leader. Overall leader : 2024 Leadership Compass: Security Orchestration, Automation a…
https://www.paloaltonetworks.com/

travel_explore

web search NEUTRAL — Three of OpenAI’s launch partners for Daybreak are already inside Anthropic’s Glasswing consortium. Cisco, CrowdStrike, and Palo Alto Networks are running both stacks in parallel rather than picking a…
https://thenewstack.io/openai-daybreak-anthropic-glasswing/

travel_explore

web search NEUTRAL — Compare models - OpenAI API.
https://platform.openai.com/docs/models/compare

info

Claim 10: “XBOW found that Mythos was "good, but less powerful, at validating exploits"”

SINGLE SOURCE

No evidence in the provided search results contains XBOW's specific evaluation of Mythos's ability to validate exploits.

travel_explore

web search NEUTRAL — May 6, 2026 · XBOW, the cybersecurity startup founded by GitHub Copilot creator Oege de Moor, added $35M from NVIDIA, Samsung, SentinelOne, and others, bringing its Series C to $155M.
https://www.geekwire.com/2026/xbow-the-unicorn-with-a-seattl…

travel_explore

web search NEUTRAL — Mar 18, 2026 · Autonomous offensive security company XBOW on Wednesday announced raising $120 million in a Series C funding round to scale its AI-powered platform that autonomously discovers and valid…
https://www.securityweek.com/autonomous-offensive-security-f…

travel_explore

web search NEUTRAL — XBOW turns penetration testing into a machine-scale offensive security system. The XBOW platform executes targeted attacks autonomously, allowing teams to explore deeper attack paths than traditional …
https://xbow.com/

info

Claim 11: “Mythos Preview... found tens of thousands of bugs spanning nearly every operating system.”

SINGLE SOURCE

While the existence of Mythos is corroborated, the specific claim about finding 'tens of thousands of bugs' is not explicitly confirmed in the provided web search results, though SecurityWeek mentions Anthropic claimed it identified 'thousands of zero-days'.

travel_explore

web search NEUTRAL — In November, Nvidia and Microsoft were expected to invest up to $15 billion in Anthropic, and Anthropic said it would buy $30 billion of computing capacity from Microsoft Azure running on Nvidia AI sy…
https://en.wikipedia.org/wiki/Anthropic

travel_explore

web search NEUTRAL — Feb 4, 2026 · Anthropic is an AI safety and research company that's working to build reliable, interpretable, and steerable AI systems.
https://www.anthropic.com/

travel_explore

web search NEUTRAL — Claude is Anthropic's AI, built for problem solvers. Tackle complex challenges, analyze data, write code, and think through your hardest work.
https://claude.com/product/overview

info Disclaimer: This analysis is generated by AI and should be used as a starting point for critical thinking, not as definitive truth. Claims are verified against publicly available sources. Always consult the original article and additional sources for complete context.