Anthropic built an AI that's great at breaking into software, and doesn’t want to release it. Claude Mythos Preview exists specifically to find and exploit vulnerabilities, and access is locked to a small group of known partners through a program called Project Glasswing. Major companies like Microsoft, Apple, Google, Amazon, Nvidia, Cisco, CrowdStrike, Federal Reserve, and the Linux Foundation are involved in this project.

 

Scott Bessent and Jerome Powell pulled together some of the most powerful names in American banking at Treasury headquarters to talk about what Mythos and models like it mean for the financial system. Citigroup, Morgan Stanley, Bank of America, Wells Fargo, and Goldman were all in the room according to sources who spoke to Bloomberg and the Financial Times. Jamie Dimon was invited but couldn't make it. 

 

Anthropic describes Mythos Preview as its most capable model to date, with a significant jump in coding and security performance over every prior Claude version. In internal and external evaluations, the model autonomously identified thousands of high severity vulnerabilities across every major operating system and browser Anthropic tested, including zero days that had been sitting undetected in production software for decades. To accompany the launch, Anthropic committed up to $100 million in usage credits and $4 million in direct funding through Project Glasswing, available specifically to open source security organizations so they can run Mythos against widely deployed software and close gaps before anyone with bad intentions finds them first.

 

 

In controlled cyber range tests, the model found vulnerabilities together with working exploits, completing full attack simulations that human red teams estimated would take many hours. It found flaws in places where existing automated scanners had run millions of passes and flagged nothing, including in Firefox's JavaScript engine and various multimedia libraries. Fewer than one percent of the vulnerabilities it identified have been fully patched at this point, which gives you a sense of how much ground the security community now has to cover.

 

Most of the infrastructure the crypto industry depends on sits on top of the same Linux and open source stacks that Mythos is now auditing like exchanges, custodians, node operators, rollup sequencers, DeFi backends. The software shared with banks, hospitals, and government systems, turns out to have been carrying serious vulnerabilities for years that nobody caught. A kernel level bug or a flaw in a widely used library isn't an enterprise problem when you're thinking about crypto, but it's a potential entry point into a hot wallet, a key management system, a bridge validator, or an indexing service. Mythos gives defenders a meaningful head start on finding and closing those gaps, but it also surfaces how much risk has been quietly unnoticed.

 

For banks, law firms, and any enterprise with sensitive data, the lesson from Mythos is that proprietary systems are not safe from this. Most critical applications and sensitive datasets run on top of operating systems and open source code, and that software now appears to have been carrying vulnerabilities for decades in some cases. The main risk on an institution's balance sheet might not be a counterparty but its own software stack, and models like Mythos are making this clear.

 

Anthropic framing Mythos as too dangerous to release publicly could just be a marketing stunt. But independent reporting on thousands of real vulnerabilities, bugs with decades of exposure time, and successful end to end attack simulations in controlled environments suggests it’s real. This could be an early version of something much larger, as security researchers broadly expect that within a few years both attackers and defenders will be operating fleets of AI agents 24/7 that test systems continuously, around the clock, at a scale no human team can come close to matching. Systems in both traditional finance and crypto will need AI driven monitoring and response as a baseline and stronger decentralized systems to prevent a single point of failure.

 

 

The Solana Foundation, in collaboration with blockchain security firm Asymetric Research, has launched new security initiatives aimed at strengthening the security of the Solana network.

 

In a blog post on Monday, the foundation announced the launch of new security initiatives designed to provide an extra layer of protection for protocols built on the network. Among these initiatives are STRIDE, a security framework, and SIRN, a network of security firms focused on protecting the Solana ecosystem.

 

 

The STRIDE Framework 

STRIDE, which stands for Solana Trust, Resilience and Infrastructure for DeFi Enterprises, is a structured security framework and program launched by the Solana Foundation. It is aimed at evaluating, monitoring, and escalating security across all projects built on the Solana network.

 

The STRIDE framework is built on eight key pillars: program security, governance and access control, oracle and dependency risk, infrastructure security, supply chain security, operational security, monitoring and incident response, and log management and forensics.

 

These pillars will be used by the foundation’s partner, Asymmetric Research, to evaluate the security strength of all protocols on the Solana blockchain. Protocols with a total value locked of more than $10 million that pass the STRIDE evaluation will receive continuous operational security and active threat monitoring, funded by Solana Foundation grants. The higher the evaluation result, the greater the level of protection and funding they will receive.

 

Protocols with a total value locked of more than $100 million that pass the STRIDE evaluation will also receive, in addition to grants, formal fund verification. The foundation describes this as a mathematical, proof based method that exhaustively guarantees the correctness of smart contracts.

 

The findings of the STRIDE framework will be published publicly. According to the foundation, this is intended to give users and investors insight into the protocols they use and rely on.

 

SIRN: A Network of Security Firms

Among the initiatives launched by the Solana Foundation is SIRN, short for Solana Incident Response Network, a network of security firms that will respond and act in the event of a security incident.

 

Although SIRN will be available to all blockchain protocols on the Solana network, priority will be given to protocols with higher total value locked, similar to the additional benefits that protocols with higher total value locked will receive under the STRIDE program.

 

Interested in knowing who makes up SIRN?

 

The Solana Incident Response Network comprises Asymmetric Research, OtterSec, Neodyme, Squads, and ZeroShadow, a combination of cybersecurity firms that includes Web3 and traditional security firms as well as a smart contract auditing firm.

 

Increase in DeFi attacks

The programming initiatives launched by the Solana Foundation are in response to the over $280 million attack on Drift Protocol, the largest decentralized perpetual exchange on the Solana blockchain. The attack is, so far, the most devastating DeFi attack this year and the second largest in the history of the Solana blockchain, following the 2022 Wormhole attack, which resulted in losses exceeding $325 million.

 

Step Finance, a DeFi aggregator built on Solana, was also affected by a DeFi hack earlier this year, which led to losses of about $40 million. According to DeFiLlama, over $168 million was stolen across 34 blockchain protocols in the first quarter of this year, prior to the Drift incident.

 

 

The U.S. Federal Bureau of Investigation (FBI) has warned crypto users about a fake token on the Tron blockchain impersonating the agency.

 

In a post on its New York X account, the FBI said some Tron users have received messages from scammers posing as the agency, asking them to complete an anti-money laundering verification to avoid having their assets frozen and falsely claiming their wallets are under investigation.

 

The FBI cautioned against falling for such scams. “If you receive a token from an account with the details below, do not provide any identifying information to any website associated with the token,” the agency said.

 

Users who have already sent their personal information to the scammers were urged to file a complaint with the Internet Crime Complaint Center.

 

 

Inside Crypto Phishing Scams

The launch of the fake FBI token is one of several crypto phishing scams that have emerged in recent months. These scams often involve impersonating recognized government agencies, companies, or public figures, tricking users into giving up their personal credentials.

 

According to Scam Sniffer, about 106,106 victims were affected by crypto phishing scams in 2025, resulting in losses of approximately $83.85 million. 

 

Although this represents a significant drop compared to the $494 million in losses and 332,000 victims recorded the previous year, phishing remains widely used by attackers, especially with the growing use of AI-generated phishing campaigns.

 

 

FBI Created Fake Cryptocurrency Token

In 2024, the FBI created a fake artificial intelligence–related token, called NexFundAI, an Ethereum-based cryptocurrency designed to catch scammers.

 

The NexFundAI token was part of Operation “Token Mirrors,” launched to identify and expose fraudulent market makers and manipulators, including those involved in wash trading and pump-and-dump schemes.

 

The operation was successful, as it led to the arrest of more than 18 individuals and the seizure of several million dollars from the suspects.