The AI That Hacks Everything: Inside Anthropic's Mythos Standoff, Cloudflare's $8 Billion Rout, and the IMF's Warning Shot

On April 7, 2026, Anthropic disclosed that its newest frontier model — Claude Mythos Preview — had autonomously discovered thousands of previously unknown, high-severity software vulnerabilities in every major operating system and every major web browser [1]. Rather than release the model to the public, Anthropic restricted access to a curated group of roughly 40 organizations under a new initiative called Project Glasswing [2]. Within 72 hours, Cloudflare's stock had fallen from $211.25 to $167.90, erasing roughly $8 billion in market capitalization [3]. And IMF Managing Director Kristalina Georgieva went on CBS's Face the Nation to warn that "time is not our friend on this one" [4].

The convergence of these events marks the first time a single AI capability disclosure has simultaneously rattled Wall Street, the cybersecurity industry, and international financial regulators. The question now is whether Anthropic's decision to withhold Mythos was an act of responsible stewardship — or whether it has simply handed defenders a disadvantage while attackers race to build their own versions.

What Mythos Can Do

Claude Mythos Preview is, by Anthropic's own description, "extremely autonomous" and capable of performing the work of an advanced security researcher [5]. During internal testing, the model found a 27-year-old denial-of-service vulnerability in OpenBSD's TCP SACK implementation — a bug in one of the most security-hardened operating systems in the world, used to run firewalls and critical infrastructure [6]. It identified a 16-year-old flaw in FFmpeg's H.264 codec that automated fuzzing tools had exercised five million times without triggering [6]. And it fully autonomously discovered and exploited a 17-year-old remote code execution vulnerability in FreeBSD's NFS implementation, triaged as CVE-2026-4747, which allows an unauthenticated attacker to gain root access from anywhere on the internet [7].

These are not theoretical demonstrations. Mythos found and wrote working exploits for each of these bugs. According to Anthropic's red-team report, across a thousand runs through their vulnerability-hunting scaffold, the total compute cost was under $20,000 — and produced "several dozen" additional findings beyond the headline discoveries [8]. The model scored 93.9% on the SWE-bench coding benchmark, placing it well ahead of commercial vulnerability scanning tools like Tenable or Qualys, which rely on signature-matching and known CVE databases rather than the semantic code reasoning that allowed Mythos to catch flaws that fuzzers could not [9].

Over 99% of the vulnerabilities Mythos has found remain unpatched [2]. Anthropic has committed to publishing SHA-3 hashes of the vulnerabilities and exploits in its possession, and will replace those hashes with full documentation once a 135-day coordinated disclosure window — 90 days plus a 45-day extension — has elapsed [2][10].

The Cloudflare Rout

Cloudflare (NET) entered April trading near $233.50 per share, with a market capitalization around $67.7 billion [3]. By the close of trading on April 10, the stock sat at $167.90, a cumulative decline of roughly 28% over the span of a week [3][11].

Source: Yahoo Finance

Data as of Apr 11, 2026CSV

The selloff unfolded in two distinct waves. On April 9, NET dropped 8.6% — a move amplified by the disclosure that CEO Matthew Prince had made 178 stock sales totaling over 1.1 million shares in recent months, and President Michelle Zatlyn had sold 429,153 shares [12]. On April 10, a UBS downgrade of ServiceNow accelerated a broader SaaS selloff, and Cloudflare fell an additional 13.5% [11].

But the underlying catalyst was Anthropic's Mythos disclosure. The narrative that drove the selling was not, primarily, a fear that Mythos would be withheld from Cloudflare's own defense stack — Cloudflare was not among the 11 named Project Glasswing partners [2]. Instead, analysts pointed to a more structural fear: that AI models capable of autonomous vulnerability discovery would commoditize the offensive side of cybersecurity faster than companies like Cloudflare, CrowdStrike, or Palo Alto Networks could adapt their defensive products [13].

"Investors are pricing in the possibility that AI agents and large language models could systematically commoditize the enterprise software subscription moats that companies like Cloudflare have spent years building," 24/7 Wall Street reported [14]. The selloff was not confined to Cloudflare — Palantir, Microsoft, and other software stocks also declined as investors repriced the entire sector [15].

Cloudflare serves over 265,000 paying customers, including 4,298 enterprises spending more than $100,000 per year and 173 customers at the $1 million-plus tier [16]. Its DDoS protection, Web Application Firewall (WAF), and Zero Trust products form the primary security perimeter for a significant share of the internet: 375 of the top 1,000 websites by traffic use Cloudflare, and 48.7% of the top million sites sit behind its network [17]. A successful AI-assisted breach campaign targeting that customer base would carry aggregate liability exposure measured in the tens of billions — the IMF has documented that extreme cyber losses in the financial sector alone have more than quadrupled since 2017, reaching $2.5 billion per incident [18].

The IMF Sounds the Alarm

Kristalina Georgieva's CBS interview was notable for its directness. The IMF chief said the world lacks the ability "to protect the international monetary system against massive cyber risks," adding that "the risks have been growing exponentially" [4]. She called for central banks and key financial institutions to "work together" and be "very attentive," warning the issue "could present itself in any part of the world" [4].

The IMF's concern is grounded in quantitative projections. According to Cybersecurity Ventures, global cybercrime costs are forecast to exceed $10.5 trillion in 2026 and could reach $23 trillion by 2027 [19]. The FBI's Internet Crime Complaint Center (IC3) recorded $12.5 billion in reported losses in 2023 [20]. The IMF's own April 2024 Global Financial Stability Report found that in the past two decades, nearly one-fifth of reported cyber incidents affected the global financial sector, causing $12 billion in direct losses to financial firms [18].

Source: Cybersecurity Ventures / IMF

Data as of Apr 1, 2026CSV

Those figures predate the emergence of autonomous vulnerability-hunting AI. PwC has noted that "the time between the public release of a new capability by an AI company and its weaponization by threat actors shrank dramatically" in 2025, "a trend we assess will likely accelerate in 2026" [21]. Georgieva's warning reflects a fear that Mythos-class capabilities — whether from Anthropic or from a less safety-conscious actor — could accelerate that timeline from months to weeks.

The Case for Withholding

Anthropic's decision to restrict Mythos was not triggered by its formal Responsible Scaling Policy. The company has been explicit that its internal risk thresholds were not crossed [22]. Instead, Anthropic chose to act on what it called the "practical threshold" for cyber offense — a judgment call that the model's capabilities were too dangerous for broad release even if they did not meet the formal criteria for containment [22].

The historical record provides some support for this position. In mid-September 2025, Anthropic detected what it described as the first "AI-orchestrated" cyberespionage campaign conducted by a Chinese state-sponsored group, in which a Claude model automated 80–90% of tactical operations across roughly 30 global targets [23]. The DeepSeek database breach exposed over a million lines of log streams containing chat history, secret keys, and backend details [24]. And in June 2025, researchers disclosed EchoLeak, the first known zero-click prompt injection vulnerability to cause data exfiltration in a production AI system [25].

The dual-use dilemma in security research is not new. Google's Project Zero operates under a 90-day disclosure policy, giving vendors time to patch before vulnerabilities are published [26]. Anthropic's 135-day window is longer, and the company has committed up to $100 million in compute credits for Project Glasswing partners and $4 million in direct donations to open-source security organizations to help accelerate patching [2].

Anthropic has also engaged with government regulators. According to an Anthropic employee, the company "briefed senior officials across the U.S. government on Mythos Preview's full capabilities, including both its offensive and defensive cyber applications," with "ongoing discussions with CISA and CAISI [the Center for AI Standards and Innovation], among others" [27].

The Case Against

Critics argue that withholding Mythos primarily disadvantages defenders. The 11 named Glasswing partners — AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks — are among the largest and best-resourced technology companies on earth [2]. Smaller organizations, open-source projects without corporate backing, and government agencies in developing countries are left to patch blind.

Meanwhile, the threat actors most likely to develop equivalent capabilities are not waiting. The 2026 Annual Threat Assessment from the Office of the Director of National Intelligence identifies China and Russia as the "most persistent and active" cyber threats, with both nations "continuing their R&D efforts" in AI-enabled offensive tools [28]. Anthropic itself documented the Chinese state-sponsored AI cyberespionage campaign just months ago [23]. SecurityWeek has reported that nation-state pre-positioning attacks — embedding persistent access in critical infrastructure for future use — "will increase dramatically over the next few years, driven by geopolitical incentive together with the cyberattack and cyber stealth capabilities afforded by advanced AI" [29].

In the DARPA AI Cyber Challenge, autonomous systems uncovered 18 zero-day vulnerabilities and patched 61% of them in 45 minutes without human input [30]. That capability exists in the open research community today. The argument that withholding Mythos meaningfully delays adversary timelines rests on the assumption that state-sponsored labs in Beijing or Moscow are 12–24 months behind Anthropic in offensive AI capability — an assumption that the intelligence community's own assessments do not clearly support.

The $8 Billion Question

If Cloudflare's market cap loss of roughly $8 billion represents the market's implied cost of reduced AI-assisted defense, it dwarfs the cybersecurity R&D budgets of even the largest cloud providers. Microsoft's security business generated approximately $37 billion in revenue in fiscal 2025, but that figure includes product sales, not just R&D [31]. Global spending on cybersecurity products and services is projected to reach $248 billion in 2026 [32]. The five largest U.S. cloud and AI infrastructure providers have collectively committed to spending between $660 billion and $690 billion in capital expenditure in 2026, though the cybersecurity-specific share of that figure is a fraction of the total [33].

The gap between Cloudflare's single-week market cap loss and the entire industry's annual cybersecurity spend suggests that investors view the Mythos disclosure as a category-level repricing event — not a company-specific problem. The market is signaling that the current model, in which private companies decide unilaterally which organizations receive frontier offensive-security AI, is insufficient. Whether that gap is filled by regulated access frameworks, government mandates, or a broader commercial release of Mythos-class tools remains an open question.

What Comes Next

Anthropic's 135-day disclosure clock is ticking. The first wave of Mythos-discovered vulnerabilities will begin to go public no later than August 2026 [2]. Between now and then, Project Glasswing partners will race to patch their own codebases, while every other organization on earth waits.

The SEC has not publicly commented on whether Anthropic's withholding decision constitutes material information that should have been disclosed to markets in advance. CISA has been briefed but has issued no public guidance [27]. No foreign regulatory equivalent has publicly acknowledged involvement.

Cloudflare, for its part, was not included in Project Glasswing's named partners, despite serving as the security perimeter for nearly half of the internet's most-trafficked sites [17]. Whether that exclusion was a deliberate choice, a negotiation that failed, or simply an oversight may determine whether the company's stock recovers — or whether investors conclude that the AI-enabled threat landscape has permanently eroded its competitive position.

The IMF's Georgieva framed the stakes plainly: the international monetary system is not prepared for what AI-enabled cyber threats can do [4]. The market, in its blunt way, appears to agree.