Anthropic's newly unveiled Claude Mythos Preview - an AI model capable of autonomously identifying and exploiting critical software vulnerabilities - is forcing facility security teams to reassess how building management systems (BMS) and operational technology (OT) networks are defended against a rapidly evolving generation of AI-assisted threats.
Background
On April 7, 2026, Anthropic announced Claude Mythos Preview alongside Project Glasswing, a restricted-access cybersecurity consortium designed to use the model for defensive purposes before wider AI capabilities of this kind reach the open market. The model was not explicitly trained for security tasks; according to Anthropic, its vulnerability-discovery capabilities are a downstream consequence of general reasoning and coding proficiency.
The announcement arrives against a backdrop of chronic security weaknesses in smart building infrastructure. According to Claroty, 75% of organizations operate BMS devices with known exploited vulnerabilities, while legacy protocols such as BACnet and Modbus - which lack native encryption and authentication - remain widespread across commercial properties. A December 2025 peer-reviewed study published in MDPI Sensors confirmed that attackers can exploit zero-day vulnerabilities, launch distributed denial-of-service (DDoS) attacks, and access sensitive BMS platforms controlling HVAC, security cameras, and access control networks, with a single compromised IoT endpoint capable of cascading impacts across an entire building.
For context on how the industry has responded to rising cyber-physical risks, see earlier reporting on security-by-design standards in building automation and integrated building security frameworks.
Details
The UK's AI Security Institute (AISI) conducted independent evaluations of Mythos Preview and found that on expert-level capture-the-flag cybersecurity tasks - challenges that no AI model could complete before April 2025 - Mythos Preview succeeded 73% of the time. The AISI further observed that, in controlled conditions where the model was explicitly directed and given network access, it could execute multi-stage attacks on vulnerable networks and discover and exploit vulnerabilities autonomously - tasks that would take human security professionals days of work.
For building operators, the dual-use nature of these capabilities is the central concern. Sarosh Nagar, technical projects lead in the office of former Google CEO Eric Schmidt, noted that "Mythos Preview displayed heightened capabilities not only to identify multiple vulnerabilities, but also to more autonomously chain exploits together" - behavior directly relevant to OT environments where networked controllers, sensors, and enterprise platforms share authentication boundaries. Anthropic engineers with no formal security training were able to ask Mythos to find remote code execution vulnerabilities overnight and wake up the following morning to a complete, working exploit, according to Anthropic's own disclosures.
On the defensive side, Anthropic states the model has already identified thousands of zero-day vulnerabilities across every major operating system and web browser during the Project Glasswing phase. Launch partners include Amazon, Apple, Broadcom, Cisco, CrowdStrike, the Linux Foundation, Microsoft, and Palo Alto Networks, with access extended to more than 40 organizations in total that build or maintain critical software infrastructure. Anthropic is committing up to $100 million in usage credits to Project Glasswing partners, as well as $4 million in direct donations to open-source security organizations.
The patching challenge compounds the threat picture. A 2025 report cited by the Alan Turing Institute's Centre for Emerging Technology and Security found that on average, over 45% of discovered security vulnerabilities in large organizations remain unpatched after 12 months - a gap AI-assisted attackers could exploit far faster than remediation cycles allow. Lucas Nelson, a partner at cybersecurity investor Lytical Ventures, stated that "discovery is accelerating exponentially. Remediation still moves at human speed. That asymmetry is the defining cybersecurity challenge of the next decade."
For facility managers and system integrators, this translates directly into procurement and operational risk. A 2025 smart building market report valued the global sector at approximately $126.6 billion, with projections to reach $571.3 billion by 2030, underscoring the scale of infrastructure now exposed to this expanded threat surface.
Outlook
Anthropic has committed to reporting publicly within 90 days on vulnerabilities fixed and improvements made through Project Glasswing and has announced plans to collaborate with leading security organizations on practical recommendations covering vulnerability disclosure, software development lifecycle, and standards for regulated industries. The company has also suggested that an independent, third-party body bringing together private and public sector organizations might be the ideal structure for large-scale, ongoing cybersecurity work in the AI era.
For operators of commercial buildings, hospitals, and data centers, the immediate imperative is to evaluate existing OT/IT segmentation, legacy protocol exposure, and patch management cadence against a threat landscape where AI can compress attack timelines from months to hours. Vendors developing AI-assisted security tooling for building automation will face growing demand for explainable decision logs and configurable response guardrails - particularly as regulators, following the NIS2 Directive and the forthcoming EU Cyber Resilience Act, increasingly require auditable accountability trails across connected building systems.
