There is a new AI model called Mythos. Anthropic built it for defensive cybersecurity research. It is so effective at finding software vulnerabilities that Anthropic decided the general public cannot have it. Instead, they are letting a small circle of trusted partners like Microsoft and Google experiment with it first, under controlled conditions, while researchers figure out what guardrails need to exist.

That decision alone should tell you something. When the company that built a tool decides the world is not ready for it, you pay attention. And when you understand what Mythos actually did during testing, that caution starts to make complete sense.

Sign up for my FREE CyberGuy Report

WINDOWS PCS AT RISK AS NEW TOOL DISARMS BUILT-IN SECURITY

Seven weeks. One AI model. One team. More than 2,000 previously unknown software vulnerabilities were found. If you need a moment with that, take it. John Ackerly, CEO and Co-Founder of Virtru, a data security company, put that figure into perspective in a way that is hard to shake.

“Mythos is absolutely a turning point for cybersecurity. Think about it. Mythos didn’t pick a lock; it found thousands of locks that were never locked in the first place (that no one even knew existed) in software that the best human security researchers had studied for decades.

The math is staggering. One AI model, and one team, in seven weeks, found more than 2,000 zero-day vulnerabilities. That is 30% of the world’s entire annual output prior to AI. When thousands of researchers get access to AI models like Mythos, a single year will surface exponentially more zero-days than the 360,000 recorded in all of software history.

Mythos and other AI models like it can now find and exploit software flaws at a speed and scale that is beyond containment. This means that the old approach of building stronger walls around systems and hoping they hold is becoming much less reliable. It also means that the manual ‘find a vulnerability, patch the vulnerability’ process is not going to keep pace with a threat landscape bolstered by the speed and scale of AI.

The threat surface is now expanding faster than any wall can contain it. The only answer to this new dynamic is to protect the data itself, rather than prop up perimeter protection around it.”

Thirty percent of the world’s annual output in seven weeks changes the game entirely.

Cybersecurity teams have used AI tools for years. So what makes this different?

Ackerly explains it this way: “What makes this different is the level of autonomy and speed it enables. Mythos is being described as a system that can discover vulnerabilities and even generate working exploits much faster than traditional human-led workflows. This model could make it easy for a bad actor to identify and exploit vulnerabilities in software, even if that bad actor isn’t knowledgeable or trained.”

That last part matters most. Before a tool like this, exploiting a serious software vulnerability required real technical skill. Mythos AI lowers that barrier significantly. A person with bad intentions and no technical background could potentially use a model like this to cause serious damage. The expertise gap that once offered some natural protection is closing.

FAKE PAYPAL EMAIL LET HACKERS ACCESS COMPUTER AND BANK ACCOUNT

Most cybersecurity spending, the overwhelming majority of it, goes toward what experts call perimeter defense. Think firewalls, network monitoring, endpoint security and intrusion detection. The entire strategy is built on one core idea: keep the bad actors out, and the data inside stays safe.

Ackerly describes how that model is now breaking down.

“The perimeter is the digital wall around your systems and the information you possess. For decades, cyber strategies have primarily focused on the idea that if you protected the perimeter well enough – if you built a strong enough wall – the sensitive data on the inside would stay safe. The industry has poured hundreds of billions of dollars into firewalls, endpoint detection, network security, application security, and other perimeter defenses.

Traditional security architecture by itself cannot keep pace in this new world.

The Mythos development from Anthropic is making a hard truth very apparent: time is running out for companies to prepare for this new reality. Shifting focus from ‘protecting the perimeter’ to ‘protecting the data’ is critically important to mitigate data loss or compromise.”

Hundreds of billions of dollars. And now the model those dollars were built on is becoming unreliable. It forces a full rethink.

This is the question everyone wants a straight answer to. Ackerly offers one that is more nuanced than a simple yes or no.

“I wouldn’t frame it as attackers automatically having an advantage. But over time, it does mean that ‘bad guys’ and ‘good guys’ will have access to essentially the same tools. As a result, I do think defenders absolutely need a different strategy. If you assume the outer wall may fail, then the smarter move is to protect the data itself so it stays controlled even after a breach.”

The playing field is leveling. And that may sound fair until you remember attackers only need to succeed once, while defenders have to succeed every time.

Speed is what makes Mythos AI genuinely alarming. Traditional cyberattacks move through a lifecycle. Reconnaissance takes time. Finding the right vulnerability takes more time. Building an exploit takes more time on top of that.

Ackerly explains what happens when AI compresses all of that.

“AI is accelerating the threat. A model that can find and exploit vulnerabilities autonomously compresses the attack lifecycle from weeks to hours, or even minutes. Every layer of the traditional security stack now has to operate at machine speed. Manual security architectures cannot keep up.

But AI also makes data-centric security more powerful, not less so. When every piece of sensitive data is protected at the object-level, AI agents can enforce governance at scale by checking entitlements, applying attribute-based access controls, and auditing data flows in real time. The same capabilities that make Mythos a dangerous tool in the hands of ‘bad guys’ make it a valuable tool in the hands of ‘good guys’.

The question organizations should be asking shifts from “how do I build higher walls?” to “when the walls fail, is my data still protected?” That is the question worth sitting with.

Most of the Mythos coverage has focused on corporate risk. But your bank account and medical records sit in those same vulnerable systems.

“For everyday people, the first change is that breaches and scams could become more frequent, more targeted, and harder to spot. If AI makes it easier to uncover weak points in the systems we all rely on, that can translate into more pressure on the services that hold our personal data, from email and cloud storage to health, banking, and retail platforms.

Consumers shouldn’t assume a company is doing the right thing with their data. Now, they really can’t assume a company’s outer defenses are enough to protect their information.

This also highlights the importance of basic cyber hygiene like unique passwords and MFA, so that when breaches happen, the scope of impact on your own personal data is contained.”

Your bank account, your medical records, your tax documents, your private messages. All of it already lives across dozens of platforms you trust to protect it. If those platforms’ outer defenses are no longer reliable, what exactly is standing between your data and someone who wants it?

Ackerly goes further on where the exposure actually lives. “Data now travels across clouds, devices, partners, and borders. The risk isn’t just one hacked server in one building anymore. It’s all the places your data passes through or gets copied to along the way. 

Anthropic made a choice that is rare in the AI industry. They built something powerful and then decided not to release it widely.

On that decision, Ackerly is direct. “Anthropic’s decision to withhold Mythos from general release is unprecedented and, frankly, responsible. Time will tell what these partners are able to do with regard to safety, but releasing it to the general public would certainly have been ill-advised and dangerous.”

Unprecedented. That word deserves weight here. In an industry that races to release new tech, Anthropic stopped. That speaks volumes.

We reached out to Anthropic for a comment, but did not hear back before our deadline.

THIRD-PARTY BREACH EXPOSES CHATGPT ACCOUNT DETAILS

The perimeter model is deteriorating, but that does not mean you are helpless. Individual behavior still matters, and it matters more now than it did before.

Ackerly’s recommendation is this: “Stop assuming the app, platform, or company perimeter can always protect your information, or that they will do the right thing with your data. People should be much more deliberate about what data they share, where they store it, and who can access it. Protection needs to travel with the data, not just sit at the edge of a network. For you, that means choosing services that give you stronger control over your information and being more cautious about oversharing sensitive data in the first place. The data owner should always have governance over said data.” So where do you start?

A password manager makes this realistic. If one platform gets breached, unique passwords keep the damage isolated to that one account.

Multi-factor authentication (MFA) adds a layer that survives even when a password is compromised. It is one of the highest-impact steps an individual can take.

Outdated software is one of the most common entry points attackers use. Strong antivirus software catches threats your instincts might miss, and keeping apps and operating systems current closes the gaps that models like Mythos are built to find. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

Every app that holds your data is a potential exposure point. The less you overshare, the smaller your footprint becomes.

Data brokers collect and sell your personal information, often without you ever knowing. Data removal services find where your data is listed and request its removal. You cannot control every place your information travels, but you can shrink the trail it leaves behind. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

Not all platforms treat your data the same way. Look for services that let you see, manage and limit how your information is used and where it goes.

Catching a breach early limits the damage significantly. Set up account alerts wherever your bank or financial platform allows it. A credit freeze costs nothing and stops new accounts from being opened in your name without your knowledge.

Ackerly warned that scams will get more targeted and harder to spot as AI lowers the barrier for bad actors. Scrutinize every link before you click it and treat unexpected emails or texts asking for login information as suspicious by default. If something feels off, it probably is.

The goal is to limit how much damage they can do. When you operate with that assumption, your decisions about data hygiene get sharper, and your exposure gets smaller.

Take my quiz: How safe is your online security?

Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com    

Mythos did not create the vulnerability problem. It made the scale of it visible in a way that is no longer ignorable. The foundation of modern cybersecurity, the idea that strong enough walls will keep data safe, is being tested in real time by a technology that moves faster than any human team can. That is a consumer story as much as it is a corporate one. Your data lives in systems built on that old model. And the moment to think differently about how it is protected is now, not after the next major breach makes the headlines. Anthropic made a responsible call by limiting access to Mythos. But the model exists. The capability is real. Other versions of it are being developed. The question for every organization and every individual becomes the same one Ackerly keeps returning to.

When the walls fail, and experts are telling us they will, what is actually protecting your data on the other side? Let us know your thoughts by writing to us at Cyberguy.com

Sign up for my FREE CyberGuy Report

Copyright 2026 CyberGuy.com. All rights reserved.

Go to any people-finder site right now and type in your name. What comes back might shock you: your age, home address, phone number, the names of your relatives, where you used to live and even what your property is worth.

You didn’t put that there, and you never consented to it. Still, it’s out there, and anyone with an internet connection can see it.

Scammers figured this out a long time ago. Since then, they’ve turned it into a system for targeting you, your parents and your kids.

So how does it actually work, and more importantly, what can you do to stop it?

Sign up for my FREE CyberGuy Report

HOW TO REMOVE YOUR PERSONAL INFO FROM PEOPLE-SEARCH SITES

Before a criminal sends a phishing email or makes a call, they do their homework. Importantly, they don’t need to hack anything. Instead, they use the same public websites that anyone can access.

In less than 10 minutes, a scammer can build a detailed profile on you using data broker sites like Spokeo, Whitepages, BeenVerified and Intelius. Here’s what that profile looks like and how they build it step by step.

It starts simply. A scammer types your name into a search site. Within seconds, they see results like:

John M. Patterson | Age: 61 | Cleveland, OH

That is the starting point. Many sites show partial data for free. That is often enough to confirm identity. Full reports cost only a few dollars, so access is easy. Scammers can repeat this process hundreds of times a day, building detailed profiles with very little effort.

Next, this is where things get personal. Data broker profiles show more than your name. They reveal your family network.

That often includes:

As a result, scammers can target more than one person. For example, they may learn that your elderly parent lives alone, or your child just moved. Because of that, scams like the grandparent scam feel real instead of random.

At this point, your address history becomes critical. It is not just about where you live. Instead, scammers use it to:

For example, referencing a past address makes a caller sound legitimate. That detail alone can lower suspicion.

More importantly, data brokers also reveal financial clues. These may include:

This information comes from public records, not hacking. Because of this, scammers tailor their approach. Higher-income targets may see investment scams. Others may get job or rental scams instead.

GOOGLE SEARCH LED TO A COSTLY SCAM CALL

Before launching a scam, criminals often double-check everything. They don’t rely on just one site. Instead, they compare multiple data broker profiles, social media accounts and public records to confirm details are accurate.

For example, they may:

Because of this, the profile becomes more reliable. That extra step is what turns a guess into something that feels real.

At that point, they have everything they need. They know your name, family, address and financial details. Now the scam becomes highly specific.

By the time you hear from them, they already know enough to sound like someone you trust.

As a result, the scam feels believable.

This has already landed in court. The U.S. Department of Justice has prosecuted companies like Epsilon, Macromark Inc. and KBM Group for selling data to scammers. Epsilon alone paid $150 million to victims.

At the same time, data tied to the FBI Internet Crime Complaint Center shows more than half of fraud cases involving older Americans were linked to exposed personal data. That shows how serious this problem has become.

You do not need to sign up for these sites. Instead, your data comes from many sources, including:

Because of this, your information spreads quickly.

Even after removal, your data often comes back. Data brokers constantly update their databases. They buy and resell fresh records. Because of that, one-time removal is not enough.

The goal isn’t to disappear completely. It’s to make the profile messy enough, incomplete enough, and hard enough to find that scammers move on to easier targets.

Here’s what you can do:

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

This kind of scam works because it feels personal. When someone knows your name, your family and even where you used to live, your guard drops. That is exactly what criminals are counting on. The uncomfortable truth is that your information is already out there, often in more places than you realize. You do not need to panic, but you do need to be proactive. The more you limit what is easily accessible, the harder it becomes for someone to build a convincing story around you. Start with a simple search of your own name. That one step can completely change how you think about your digital footprint. From there, take action to remove what you can and protect what you cannot.

If a stranger can build a detailed profile on your family in minutes, what does that say about how much of your life is already exposed online? Let us know by writing to us at Cyberguy.com

Sign up for my FREE CyberGuy Report

Copyright 2026 CyberGuy.com.  All rights reserved.

A longtime NFL veteran has reportedly been deemed a person of interest in the potential homicide of a woman in the Dominican Republic.

The body of Carli Franchesca Guzman Roche was found at a property that was owned by Mike Pennel, who has won two Super Bowls with the Kansas City Chiefs, after she disappeared in 2021.

Guzman was declared missing on Sept. 13, 2021, after not being heard from since eight days prior. Her body was found on the property, which Pennel sold last year, in January while a worker was digging a trench, ESPN reported. The report by ESPN cited anonymous sources close to the investigation.

CLICK HERE FOR MORE SPORTS COVERAGE ON FOXNEWS.COM

The home is in a gated community in Sosúa, on the northern coast of the country.

Pennel denied any involvement in a text to ESPN.

“This isn’t a story. I’m not legally involved. This is fake news being reported. I’d advise you to speak with my agent/lawyer … before writing a false story. Damaging my reputation,” he wrote to the outlet.

JETS TRADE UP IN FOURTH ROUND OF NFL DRAFT TO SELECT QUARTERBACK WEEKS AFTER GETTING GENO SMITH

Pennel played for both the Chiefs and the Cincinnati Bengals this past season. It marked his third stint with Kansas City.

The defensive lineman has been suspended by the NFL three times for violating the league’s substance-abuse policy, two of which occurred in 2016. He was also sued in 2024 by Dwayne Haskins’ widow, who accused him of defrauding her of $275,000 in a dog-breeding business out of the Dominican Republic.

The 34-year-old played college ball at Scottsdale Community College, Arizona State and CSU Pueblo, going undrafted in 2014.

However, the Green Bay Packers took a chance, and he has turned it into a 12-year career with five teams, including the New York Jets and the Atlanta Falcons. He also was on the practice squad for the New England Patriots and the Chicago Bears.

He is currently a free agent.

Follow Fox News Digital’s sports coverage on X, and subscribe to the Fox News Sports Huddle newsletter.