There is a new AI model called Mythos. Anthropic built it for defensive cybersecurity research. It is so effective at finding software vulnerabilities that Anthropic decided the general public cannot have it.  

Instead, it is letting a small circle of trusted partners like Microsoft and Google experiment with it first under controlled conditions, while researchers figure out what guardrails need to exist.

That decision alone should tell you something. When the company that built a tool decides the world is not ready for it, you pay attention. And when you understand what Mythos actually did during testing, that caution starts to make complete sense.

WINDOWS PCS AT RISK AS NEW TOOL DISARMS BUILT-IN SECURITY

Sign up for my FREE CyberGuy Report

• Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
• For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com — trusted by millions who watch CyberGuy on TV daily.
• Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

How Anthropic’s Mythos AI found 2,000 vulnerabilities in seven weeks

Seven weeks. One AI model. One team. More than 2,000 previously unknown software vulnerabilities were found. If you need a moment with that, take it. John Ackerly, CEO and co-founder of Virtru, a data security company, put that figure into perspective in a way that is hard to shake.

“Mythos is absolutely a turning point for cybersecurity. Think about it. Mythos didn’t pick a lock; it found thousands of locks that were never locked in the first place (that no one even knew existed) in software that the best human security researchers had studied for decades.

The math is staggering. One AI model, and one team, in seven weeks, found more than 2,000 zero-day vulnerabilities. That is 30% of the world’s entire annual output prior to AI. When thousands of researchers get access to AI models like Mythos, a single year will surface exponentially more zero-days than the 360,000 recorded in all of software history.

Mythos and other AI models like it can now find and exploit software flaws at a speed and scale that is beyond containment. This means that the old approach of building stronger walls around systems and hoping they hold is becoming much less reliable. It also means that the manual “find a vulnerability, patch the vulnerability” process is not going to keep pace with a threat landscape bolstered by the speed and scale of AI.

The threat surface is now expanding faster than any wall can contain it. The only answer to this new dynamic is to protect the data itself, rather than prop up perimeter protection around it.

Thirty percent of the world’s annual output in seven weeks changes the game entirely.

What makes Mythos AI different from other AI security tools

Cybersecurity teams have used AI tools for years. So, what makes this different?

Ackerly explains it this way: “What makes this different is the level of autonomy and speed it enables. Mythos is being described as a system that can discover vulnerabilities and even generate working exploits much faster than traditional human-led workflows. This model could make it easy for a bad actor to identify and exploit vulnerabilities in software, even if that bad actor isn’t knowledgeable or trained.”

That last part matters most. Before a tool like this, exploiting a serious software vulnerability required real technical skill. Mythos AI lowers that barrier significantly. A person with bad intentions and no technical background could potentially use a model like this to cause serious damage. The expertise gap that once offered some natural protection is closing.

FAKE PAYPAL EMAIL LET HACKERS ACCESS COMPUTER AND BANK ACCOUNT

Why Anthropic’s Mythos AI is breaking down perimeter security

Most cybersecurity spending, the overwhelming majority of it, goes toward what experts call perimeter defense. Think firewalls, network monitoring, endpoint security and intrusion detection. The entire strategy is built on one core idea of keeping the bad actors out, and the data inside stays safe.

Ackerly describes how that model is now breaking down.

“The perimeter is the digital wall around your systems and the information you possess. For decades, cyber strategies have primarily focused on the idea that if you protected the perimeter well enough — if you built a strong enough wall — the sensitive data on the inside would stay safe,” Ackerly said. 

“The industry has poured hundreds of billions of dollars into firewalls, endpoint detection, network security, application security and other perimeter defenses. Traditional security architecture by itself cannot keep pace in this new world.

“The Mythos development from Anthropic is making a hard truth very apparent: Time is running out for companies to prepare for this new reality. Shifting focus from ‘protecting the perimeter’ to ‘protecting the data’ is critically important to mitigate data loss or compromise.”

Hundreds of billions of dollars. And now the model those dollars were built on is becoming unreliable. It forces a full rethink.

Does Anthropic’s Mythos AI give attackers the advantage?

This is the question everyone wants a straight answer to. Ackerly offers one that is more nuanced than a simple yes or no.

“I wouldn’t frame it as attackers automatically having an advantage. But, over time, it does mean that ‘bad guys’ and ‘good guys’ will have access to essentially the same tools. As a result, I do think defenders absolutely need a different strategy. If you assume the outer wall may fail, then the smarter move is to protect the data itself so it stays controlled even after a breach.”

The playing field is leveling. And that may sound fair until you remember attackers only need to succeed once, while defenders have to succeed every time.

How fast is Mythos AI changing the cybersecurity threat landscape?

Speed is what makes Mythos AI genuinely alarming. Traditional cyberattacks move through a lifecycle. Reconnaissance takes time. Finding the right vulnerability takes more time. Building an exploit takes more time on top of that.

Ackerly explains what happens when AI compresses all of that.

“AI is accelerating the threat. A model that can find and exploit vulnerabilities autonomously compresses the attack lifecycle from weeks to hours, or even minutes. Every layer of the traditional security stack now has to operate at machine speed. Manual security architectures cannot keep up.

“But AI also makes data-centric security more powerful, not less so. When every piece of sensitive data is protected at the object-level, AI agents can enforce governance at scale by checking entitlements, applying attribute-based access controls, and auditing data flows in real time. The same capabilities that make Mythos a dangerous tool in the hands of ‘bad guys’ make it a valuable tool in the hands of ‘good guys.’”

The question organizations should be asking shifts from “how do I build higher walls?” to “when the walls fail, is my data still protected?” That is the question worth sitting with.

What Mythos AI means for regular people’s personal data

Most of the Mythos coverage has focused on corporate risk. But your bank account and medical records sit in those same vulnerable systems.

“For everyday people, the first change is that breaches and scams could become more frequent, more targeted, and harder to spot. If AI makes it easier to uncover weak points in the systems we all rely on, that can translate into more pressure on the services that hold our personal data, from email and cloud storage to health, banking, and retail platforms.

Consumers shouldn’t assume a company is doing the right thing with their data. Now, they really can’t assume a company’s outer defenses are enough to protect their information.

This also highlights the importance of basic cyber hygiene like unique passwords and MFA, so that when breaches happen, the scope of impact on your own personal data is contained.”

Your bank account, your medical records, your tax documents, your private messages. All of it already lives across dozens of platforms you trust to protect it. If those platforms’ outer defenses are no longer reliable, what exactly is standing between your data and someone who wants it?

Ackerly goes further on where the exposure actually lives. “Data now travels across clouds, devices, partners, and borders. The risk isn’t just one hacked server in one building anymore. It’s all the places your data passes through or gets copied to along the way. 

Was Anthropic right to keep Mythos AI restricted?

Anthropic made a choice that is rare in the AI industry. They built something powerful and then decided not to release it widely.

On that decision, Ackerly is direct. “Anthropic’s decision to withhold Mythos from general release is unprecedented and, frankly, responsible. Time will tell what these partners are able to do with regard to safety, but releasing it to the general public would certainly have been ill-advised and dangerous.”

Unprecedented. That word deserves weight here. In an industry that races to release new tech, Anthropic stopped. That speaks volumes.

We reached out to Anthropic for a comment, but did not hear back before our deadline.

THIRD-PARTY BREACH EXPOSES CHATGPT ACCOUNT DETAILS

How to stay safe as cybersecurity shifts

The perimeter model is deteriorating, but that does not mean you are helpless. Individual behavior still matters, and it matters more now than it did before.

Ackerly’s recommendation is this: “Stop assuming the app, platform, or company perimeter can always protect your information, or that they will do the right thing with your data. People should be much more deliberate about what data they share, where they store it, and who can access it. Protection needs to travel with the data, not just sit at the edge of a network. For you, that means choosing services that give you stronger control over your information and being more cautious about oversharing sensitive data in the first place. The data owner should always have governance over said data.” So where do you start?

1) Use unique passwords for every account

A password manager makes this realistic. If one platform gets breached, unique passwords keep the damage isolated to that one account.

2) Turn on multi-factor authentication wherever it is available

Multi-factor authentication (MFA) adds a layer that survives even when a password is compromised. It is one of the highest-impact steps an individual can take.

3) Run strong antivirus software and keep devices updated

Outdated software is one of the most common entry points attackers use. Strong antivirus software catches threats your instincts might miss, and keeping apps and operating systems current closes the gaps that models like Mythos are built to find. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

4) Be selective about what you share and where

Every app that holds your data is a potential exposure point. The less you overshare, the smaller your footprint becomes.

5) Use a data removal service

Data brokers collect and sell your personal information, often without you ever knowing. Data removal services find where your data is listed and request its removal. You cannot control every place your information travels, but you can shrink the trail it leaves behind. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

6) Choose services that offer real data control

Not all platforms treat your data the same way. Look for services that let you see, manage and limit how your information is used and where it goes.

7) Monitor your accounts and credit

Catching a breach early limits the damage significantly. Set up account alerts wherever your bank or financial platform allows it. A credit freeze costs nothing and stops new accounts from being opened in your name without your knowledge.

8) Stay skeptical of phishing attempts

Ackerly warned that scams will get more targeted and harder to spot as AI lowers the barrier for bad actors. Scrutinize every link before you click it and treat unexpected emails or texts asking for login information as suspicious by default. If something feels off, it probably is.

9) Assume breaches will happen

The goal is to limit how much damage they can do. When you operate with that assumption, your decisions about data hygiene get sharper, and your exposure gets smaller.

Take my quiz: How safe is your online security?

Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com    

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaways 

Mythos did not create the vulnerability problem. It made the scale of it visible in a way that is no longer ignorable. The foundation of modern cybersecurity, the idea that strong enough walls will keep data safe, is being tested in real time by a technology that moves faster than any human team can. That is a consumer story as much as it is a corporate one. Your data lives in systems built on that old model. 

And the moment to think differently about how it is protected is now, not after the next major breach makes the headlines. Anthropic made a responsible call by limiting access to Mythos. But the model exists. The capability is real. Other versions of it are being developed. The question for every organization and every individual becomes the same one Ackerly keeps returning to.

When the walls fail, and experts are telling us they will, what is actually protecting your data on the other side? Let us know your thoughts by writing to us at Cyberguy.com

Sign up for my FREE CyberGuy Report

• Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
• For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
• Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

Copyright 2026 CyberGuy.com. All rights reserved.

Multiple sources are reporting that the Trump administration has dismissed the entire National Science Board (NSB). The NSB advises the president and Congress on the National Science Foundation (NSF), which has already been funding research at historically low levels and has seen significant delays in doling out that funding. The NSF has been fundamental in helping develop technology used in MRIs, cellphones, and it even helped get Duolingo get off the ground.

In a statement, Zoe Lofgren, the ranking Democrat on the House Science, Space, and Technology Committee, said:

“This is the latest stupid move made by a president who continues to harm science and American innovation. The NSB is apolitical. It advises the president on the future of NSF. It unfortunately is no surprise a president who has attacked NSF from day one would seek to destroy the board that helps guide the Foundation. Will the president fill the NSB with MAGA loyalists who won’t stand up to him as he hands over our leadership in science to our adversaries? A real bozo the clown move.”

Go to any people finder site right now and type in your name. What comes back might shock you: your age, home address, phone number, the names of your relatives, where you used to live and even what your property is worth.

You didn’t put that there, and you never consented to it. Still, it’s out there, and anyone with an internet connection can see it.

Scammers figured this out a long time ago. Since then, they’ve turned it into a system for targeting you, your parents and your kids.

So how does it actually work, and more importantly, what can you do to stop it?

Sign up for my FREE CyberGuy Report

• Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
• For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com, trusted by millions who watch CyberGuy on TV daily.
• Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

HOW TO REMOVE YOUR PERSONAL INFO FROM PEOPLE SEARCH SITES

How scammers find your personal data online

Before a criminal sends a phishing email or makes a call, they do their homework. Importantly, they don’t need to hack anything. Instead, they use the same public websites that anyone can access.

In less than 10 minutes, a scammer can build a detailed profile on you using data broker sites like Spokeo, Whitepages, BeenVerified and Intelius. Here’s what that profile looks like and how they build it step by step.

Step 1: How scammers search your name on people finder sites

It starts simply. A scammer types your name into a search site. Within seconds, they see results like:

John M. Patterson | Age: 61 | Cleveland, OH

• Also known as: John Michael Patterson
• Current address: [your street address]
• Previous addresses: 4 records found
• Phone numbers: 2 found
• Email addresses: 3 found
• Relatives: 5 found

That is the starting point. Many sites show partial data for free. That is often enough to confirm identity. Full reports cost only a few dollars, so access is easy. Scammers can repeat this process hundreds of times a day, building detailed profiles with very little effort.

Step 2: How scammers map your family and relatives

Next, this is where things get personal. Data broker profiles show more than your name. They reveal your family network.

That often includes:

• Spouse or partner
• Children
• Parents
• Siblings
• Roommates

As a result, scammers can target more than one person. For example, they may learn that your elderly parent lives alone or your child just moved. Because of that, scams like the grandparent scam feel real instead of random.

Step 3: How scammers use your address history

At this point, your address history becomes critical. It is not just about where you live. Instead, scammers use it to:

• Verify identity
• Find relatives
• Build trust

For example, referencing a past address makes a caller sound legitimate. That detail alone can lower suspicion.

Step 4: How scammers use your financial data

More importantly, data brokers also reveal financial clues. These may include:

• Estimated income
• Home value
• Ownership status
• Length of residence

This information comes from public records, not hacking. Because of this, scammers tailor their approach. Higher-income targets may see investment scams. 

Others may get job or rental scams instead.

GOOGLE SEARCH LED TO A COSTLY SCAM CALL

Step 5: How scammers verify and cross-check your data

Before launching a scam, criminals often double-check everything. They don’t rely on just one site. Instead, they compare multiple data broker profiles, social media accounts and public records to confirm details are accurate.

For example, they may:

• Match your address across different sites
• Check Facebook or LinkedIn to confirm family relationships
• Look for recent moves, job changes or life events

Because of this, the profile becomes more reliable. That extra step is what turns a guess into something that feels real.

Step 6: How scammers create targeted scams

At that point, they have everything they need. They know your name, family, address and financial details. Now the scam becomes highly specific.

By the time you hear from them, they already know enough to sound like someone you trust.

• They may call your parent pretending to be you
• They may bypass bank security questions
• They may send texts that look like your child
• They may send emails that reference your life

As a result, the scam feels believable.

Data broker scams are already being prosecuted

This has already landed in court. The U.S. Department of Justice has prosecuted companies like Epsilon, Macromark Inc. and KBM Group for selling data to scammers. Epsilon alone paid $150 million to victims.

At the same time, data tied to the FBI Internet Crime Complaint Center shows more than half of fraud cases involving older Americans were linked to exposed personal data. That shows how serious this problem has become.

Why is your personal data on data broker sites

You do not need to sign up for these sites. Instead, your data comes from many sources, including:

• Voter records
• Property records
• Court filings
• Social media
• Marketing surveys
• Loyalty programs
• Phone directories
• Other data brokers

Because of this, your information spreads quickly.

Why your data keeps reappearing online

Even after removal, your data often comes back. Data brokers constantly update their databases. They buy and resell fresh records. Because of that, one-time removal is not enough.

How to disrupt a scammer’s research before they reach your family

The goal isn’t to disappear completely. It’s to make the profile messy enough, incomplete enough and hard enough to find that scammers move on to easier targets.

Here’s what you can do:

• Search for yourself first. Go to Spokeo, Whitepages, BeenVerified or any other people search site, and look up your own name. See exactly what’s there before a scammer does. That snapshot is your starting point.
• Submit opt-out requests manually. Every major data broker is required to honor removal requests. The catch: There are hundreds of them, each with its own process, and they relist your information regularly. It’s a full-time job.
• Use an automated removal service. This is where I strongly recommend a data removal service. Instead of spending hours submitting individual opt-out forms, a data removal service sends removal requests to 420-plus data brokers on your behalf and keeps sending them when your data reappears. Because it will reappear.
• Set up family alerts. Tell your elderly relatives that you will never ask for money via text from an unknown number. Establish a code word. Scams work because they create panic. A simple family protocol breaks the spell.
• Change your security questions. If your bank still uses “mother’s maiden name” or “city you were born in” as verification, that information is likely already on a data broker site. Switch to nonsense answers that only you know and store them in a password manager.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaways

This kind of scam works because it feels personal. When someone knows your name, your family and even where you used to live, your guard drops. That is exactly what criminals are counting on. 

The uncomfortable truth is that your information is already out there, often in more places than you realize. You do not need to panic, but you do need to be proactive. The more you limit what is easily accessible, the harder it becomes for someone to build a convincing story around you. Start with a simple search of your own name. That one step can completely change how you think about your digital footprint. From there, take action to remove what you can and protect what you cannot.

If a stranger can build a detailed profile on your family in minutes, what does that say about how much of your life is already exposed online? Let us know by writing to us at Cyberguy.com

Sign up for my FREE CyberGuy Report

• Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
• For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
• Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

Copyright 2026 CyberGuy.com.  All rights reserved.