Anthropic's new "Mythos" model triggered a broad sell-off in the cybersecurity sector due to descriptions of a significant leap in "cybersecurity" capabilities. However, Bernstein Research quickly issued a clarification, stating that investors misinterpreted the information. This development neither signifies Anthropic's entry into the cybersecurity software market nor undermines the structural tailwinds that AI provides for the industry.
According to a report last Friday, Anthropic's upcoming "Mythos" model promises "significantly higher scores" in software coding, academic reasoning, and cybersecurity testing. This wording immediately triggered market selling, with most cybersecurity stocks covered by Bernstein, such as Cloudflare, falling between 5% and 7%.
Bernstein analysts responded promptly that day, pointing out that the cybersecurity-related aspects of "Mythos" essentially constitute a routine enhancement of code security capabilities and Anthropic's proactive measures to prevent malicious use of its product. Neither of these factors represents competition for the cybersecurity software industry, nor do they weaken the demand-driven logic that AI brings to the sector.
Bernstein explicitly stated in its report that it is maintaining its ratings, price targets, and financial forecasts for all the cybersecurity companies it covers.
The source of the market panic stemmed directly from the phrasing regarding a leap in "cybersecurity" capabilities in the report. Investors interpreted this as two potential threats: first, that Anthropic might directly enter the cybersecurity software market, competing with existing vendors; and second, that enhanced AI model capabilities could potentially reduce the intensity of cyber threats, thereby diminishing demand for traditional security tools.
Bernstein analysts noted that investors reacted predictably, initiating large-scale sell-offs of related software stocks upon hearing any mention of a step-change improvement in cybersecurity capabilities.
Bernstein broke down the cybersecurity-related aspects of "Mythos" into two layers. The first is the improvement in code security capabilities. Analysts view this as a fundamental hygiene standard for the product, aligning with baseline market expectations for Anthropic's offerings, and it does not diminish the value of most other cybersecurity tools. They had previously noted that software vulnerabilities account for a relatively limited portion of security breaches, and the range of vendors directly impacted by Claude's code security features is similarly constrained.
The second layer involves preventing product misuse, which is the more core rationale behind this release. The cybersecurity industry has ample documentation showing that Claude, if compromised, can be used by threat actors to identify software vulnerabilities and rapidly build targeted malware, often faster than software vendors or users can deploy patches. Additionally, attackers could use exploits to hijack enterprise Agents built on Anthropic's technology for lateral movement, account takeover, and data exfiltration.
Bernstein pointed out that addressing these risks is not a new issue for Anthropic; the company has previously discussed and taken proactive protective measures. This release represents a deepening of existing efforts, not a strategic shift.
Analysts refuted the notion that AI tailwinds for cybersecurity are impaired from two angles. Firstly, Anthropic is just one provider in the large language model market. There exists a long tail of LLM vendors, and not all will proactively advance anti-abuse mechanisms like Anthropic. More critically, open-source LLMs already circulate widely with little oversight—even if their capabilities are inferior to Claude's, they can still be effectively used by threat actors to build malware or phishing attacks. Bernstein reminded that attackers continue to succeed even without these tools, indicating that tool quality does not need to be high to provide attackers with additional leverage.
Secondly, the AI upside for the cybersecurity sector largely stems from the emergence of new security solutions, not merely increased demand for existing tools. Analysts noted that at a recent major industry conference, nearly every booth focused on emerging areas like Agentic SOCs, Agent identity security, and Agent data security. These market opportunities remain unaffected by Anthropic's product security enhancements. Furthermore, as most enterprises will maintain technology neutrality towards large language models, demand for multi-Agent protection solutions will persist.
Comments