Anthropic's disclosure of Claude Mythos Preview - an AI model capable of autonomously discovering and exploiting zero-day vulnerabilities at scale - is forcing a recalibration of cybersecurity governance for operational technology (OT) environments, including the building management systems (BMS) that control HVAC, access control, lighting, and elevators in commercial buildings.
Background
On April 7, 2026, Anthropic disclosed Claude Mythos Preview, a model that autonomously discovers and exploits zero-day vulnerabilities across every major operating system and web browser. Work that previously required elite teams, months of effort, and seven-figure budgets now happens in hours for a few thousand dollars.
The announcement carries direct implications for smart building OT. Modern properties rely on interconnected software platforms to manage HVAC, lighting, elevators, and access control. Many of these systems were designed when connectivity was a feature rather than a liability. They often lack standard security architecture, run on legacy operating systems, depend on third-party vendors for updates, and connect to broader networks in ways that were never fully mapped or secured.
Regulatory response is already underway. CISA and the Australian Signals Directorate's Australian Cyber Security Centre (ACSC), in collaboration with federal and international partners, published joint cybersecurity guidance for critical infrastructure owners and operators integrating AI into OT systems, outlining four key principles to realize AI's benefits while reducing risk. The document specifically addresses machine learning, large language model-based AI, and AI agents because of the complex security considerations and challenges they pose in OT environments, according to CISA.
Details
The UK AI Security Institute (AISI) evaluated Claude Mythos Preview and found it represents a meaningful advance over previous frontier models in a landscape where cyber performance was already improving rapidly. In controlled evaluations where Mythos Preview was explicitly directed and given network access, it executed multi-stage attacks on vulnerable networks and discovered and exploited vulnerabilities autonomously - tasks that would take human professionals days. On expert-level capture-the-flag challenges - which no model could complete before April 2025 - Mythos Preview succeeds 73% of the time.
The capability gap is most acute for legacy OT infrastructure. Firmware in most industrial control systems is older, less reviewed, and less hardened than mainstream operating systems. Many programmable logic controllers (PLCs) and remote terminal units (RTUs) run proprietary real-time operating systems that have never undergone systematic security analysis. Mythos-class tools identify and exploit vulnerabilities in hours, meaning "reasonable" patching-cadence language in vendor contracts may no longer hold up against that standard.
Anthropic has responded with Project Glasswing, an initiative with more than 40 technology companies - including Amazon Web Services, Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, and Nvidia - backed by $100 million in usage credits and $4 million in direct donations to open-source security organizations, according to the company. Anthony Grieco, chief security and trust officer at Cisco, stated: "AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats, and there is no going back."
The supply chain dimension is particularly pressing for multi-vendor BMS environments. In complex building technology stacks where each vendor controls a different segment, determining who is responsible for fixing a vulnerability can be as difficult as the technical fix itself. The convergence of IT and OT has expanded attack surfaces by exposing traditionally isolated OT systems to internet-facing networks, third-party integrations, and cloud-based platforms - increasing vulnerabilities and potential entry points, with sophisticated supply chain exploits among the most concerning emerging threats.
For defenders, AI also offers structural advantages. AI-powered security solutions can automatically scan and map entire OT networks, identifying all connected devices, their communication patterns, and their vulnerabilities. This eliminates inaccurate manual inventories and allows teams to prioritize risks based on an asset's criticality to operations. Centralized analytics can correlate data across IT and OT networks to detect sophisticated cross-domain attacks, while decentralized controls such as endpoint protection and local network segmentation keep critical processes operational even if central cloud connectivity is lost.
Outlook
Alex Stamos, chief product officer at cybersecurity firm Corridor and former security lead at Facebook and Yahoo, warned: "We only have something like six months before open-weight models catch up to the foundation models in bug finding - at which point every ransomware actor will be able to find and weaponize bugs without leaving traces for law enforcement." For building automation professionals, this compresses the window to establish AI-aware governance frameworks, re-scope third-party risk programs, and align procurement specifications with updated IEC 62443 security requirements. Anthropic has called for broader conversations about making digital infrastructure more resilient and new software secure by design, engaging industry, government, and civil society as AI's impact on cybersecurity shifts from future concern to present-day imperative.
