Last week, while a room full of Canadian bank executives sat across from their regulators trying to figure out what to do about a new AI model, the same conversation should have been happening here. In Lagos. In Nairobi. In Joburg. In Abidjan. It wasn’t.
The model is called Claude Mythos Preview. It comes from Anthropic, the company behind the Claude family. And the headline is unusual. Anthropic built it, tested it, then decided not to release it. Not yet. Maybe not for a while. The reason? It is too good at finding ways into other people’s software.
I have been using Claude as my main AI tool for over a year now, and I have watched the capability curve bend sharply upward every few months. This one is different. In a few weeks of internal testing, Mythos reportedly uncovered thousands of previously unknown vulnerabilities across major operating systems and browsers. One of the bugs it found in OpenBSD had been sitting there, undetected, for 27 years. OpenBSD. The operating system that security people quote as the gold standard.
That is the part that should make you sit up.
Instead of a public launch, Anthropic put Mythos behind something called Project Glasswing. Think of it as an invite only club for fixing the internet before someone else breaks it. The launch partners are who you would expect. AWS. Apple. Google. Microsoft. NVIDIA. Cisco. CrowdStrike. Palo Alto Networks. Broadcom. The Linux Foundation. JPMorganChase. Roughly forty more critical infrastructure organisations have access too.
The deal is simple. Use Mythos to find the holes. Patch them. Share what you learn. Buy the rest of us some time before models with the same capability leak into the wild.
Anthropic put it bluntly in their announcement. The fallout for economies, public safety and national security could be severe if these capabilities reach the wrong people first. They are not wrong.
Here is where it gets uncomfortable.
We are building digital infrastructure on this continent at a pace nobody outside Africa fully appreciates. Mobile money moves real economies. M-Pesa in East Africa. Opay, PalmPay, Moniepoint in Nigeria. MTN MoMo across the continent. The Tier 1 Nigerian banks process volumes that would put many European banks to shame. Safaricom alone touches more lives than most governments. Standard Bank, FNB, Equity, Access, GTBank, these are not small institutions.
What ties all of them together is that they run on the same software stacks Mythos is currently tearing apart. Linux. Open source libraries. Cloud platforms. Browsers. Payment gateways. The very same building blocks Anthropic says are full of bugs nobody knew existed.
And our cyber defence is, on average, behind. Not because African security teams are not talented. Many of them are world class. But because the maturity of the stack around them, the patching discipline, the SOC tooling, the board level attention, varies wildly from one organisation to the next. Some of our biggest brands are still arguing about MFA rollouts.
Now imagine a junior attacker, somewhere with a laptop and a grudge, getting hold of a model that lets them chain together complex exploits with a casual prompt. No deep cybersecurity background needed. That is the threat model we are walking into.
The Canadian cybersecurity expert Carmi Levy said it best. We knew this day would come. AI would eventually get good enough to break through even the most hardened defences. We are now there.
I spend most of my time in martech and digital advertising, so let me say the quiet part out loud. Marketing technology stacks are now some of the most exposed software in the modern enterprise. CDPs. CRMs. Tag managers. WhatsApp Business APIs. Programmatic ad pipes. Shopify, WooCommerce, BigCommerce stores stitched into payment gateways and shipping providers and loyalty engines.
Every one of those is software. Every one is a doorway. And in a lot of African organisations, that entire stack lives under a CMO who has never had a serious conversation with the CISO. Sometimes there is no CISO at all.
If you are a marketing leader reading this, here is the question to ask on Monday morning. Who owns security for our marketing stack? When was the last time anyone scanned our ecommerce platform for vulnerabilities? Do we even know what third party scripts are loading on our checkout page?
If you do not have answers, you are the easy target.
It is fair to ask whether some of this is theatre. Claudiu Popa, another expert quoted in the Canadian coverage, conceded that part of the announcement reads like a publicity stunt. AI labs are in a race for narrative dominance, and “we built something so dangerous we cannot release it” is a hell of a flex.
But Popa added the important caveat. Hype or not, the capability is real. And capability, once it exists, has a habit of spreading. Months, not years. That is the working assumption you should be planning around.
If I were running technology or marketing for an African bank, telco, fintech or large retailer right now, I would do four things.
I would commission an honest audit of every piece of software in my stack. Not the polished one for the board. The real one. Versions. Patches. Owners. Last touched dates. The OpenBSD bug Mythos found had been hiding for nearly thirty years. Yours are hiding too.
I would shrink my attack surface. Kill the plugins nobody uses. Decommission the microsite from 2019 that still has a database attached. Pull the SDKs that nobody can explain. Popa’s line is the right one. If the tool takes too long to find something, it moves on to easier targets. Be the harder target.
I would force marketing and security into the same room every month. Not a quarterly check in. Monthly. With agenda items. Martech is critical infrastructure now. Treat it that way.
And I would start piloting AI on the defensive side. The same capabilities that make Mythos dangerous in attacking hands make smaller, accessible models genuinely useful for log analysis, phishing detection, code review and incident response. You do not need Mythos to start. You need to start.
Anthropic’s decision to keep Mythos behind closed doors is being framed as responsible disclosure on a grand scale. Maybe it is. Maybe it is also great marketing. Probably both. The framing matters less than the underlying reality.
The era when cyber defence quietly depended on the fact that good attackers were rare is ending. The era when a moderately motivated person with the right AI assistant can probe a bank’s infrastructure on a Saturday night is starting.
For Africa, this is not a 2027 conversation or a 2028 conversation. It is a right now conversation. The institutions that move on it this quarter, that audit, harden and modernise before the middle of the year, will be the ones still standing when the next generation of AI assisted attacks shows up at the door.
Everyone else is just hoping the attackers go elsewhere first.
They will not.
