The sudden global suspension of Anthropic’s Claude Mythos model on June 12th sent shockwaves through the tech world, but its real impact hits much closer to home for the telecommunications sector.
As operators increasingly rely on complex software frameworks to manage critical infrastructure, this breakthrough AI has suddenly rewritten the rules of network security. Understanding the story behind Mythos becomes an urgent commercial priority for every telco aiming to protect its revenue and enterprise trust.
Research in artificial intelligence is typically years ahead of the consumer products we see on the market. In fact, today’s most advanced AI models are still powered by core training methods that date back to the 1980s.
Yet, this incubation gap is shrinking rapidly as modern go-to-market strategies accelerate the commercialisation process. And this is perfectly illustrated by the sudden arrival of Anthropic’s Claude Mythos model.
Capable of performing a variety of mind-boggling tasks, Mythos has also proven to be extraordinarily adept at identifying complex cybersecurity vulnerabilities.
The speed of this particular AI model is unprecedented. While human security teams might spend months analysing systems for security gaps, Claude Mythos can accomplish the same audit in a single day.
But how is this relevant to the telecommunications space?
The Elite Testing Pool and the Geopolitical Halt
Recognising the massive double-edged nature of this capability, Anthropic decided against an immediate public release. Instead, they launched Project Glasswing: a collaborative effort named after a transparent butterfly, symbolising the invisible flaws hidden within our digital systems.
Anthropic invited a select group of major tech companies and core infrastructure operators to test the model. Among the elite participants, such as AWS, Apple, Cisco, Microsoft, NVIDIA, etc., were three global telecommunication giants:
- South Korea Telecom
- Verizon (US)
- BT (UK)
Following several weeks of rigorous testing, participant companies have confirmed numerous critical vulnerabilities, which are currently being remediated. Building on the momentum of this concentrated effort, Anthropic launched Claude Fable 5 on June 10th.
This was a restricted version of its Mythos-class architecture designed to bring frontier intelligence to the public. This milestone finally allowed the broader community to experience and test the model’s capabilities firsthand.
However, the rollout hit a dramatic geopolitical roadblock. The United States government stepped in, attempting to issue an export control directive requiring Anthropic to ban non-US citizens from accessing the model.
It is unclear how the US ban on foreign nationals is affecting the Project Glasswing bilateral agreements between Anthropic and international companies such as SK Telecom. This uncertainty exists because the unrestricted Mythos model used in Project Glasswing operates independently of the public-facing version.
In response, Anthropic disputed the technical basis of the government’s demands and suspended public access for all customers worldwide on June 12th.
Why Telcos Are Exposed and Where Flaws Hide
It might sound a bit overemphatic, but telco infrastructure actually is the backbone of modern society. It’s enough to look back at the chaos caused by the massive power outage across the Iberian Peninsula in April 2025, which saw local mobile networks drop to ~70% capacity at midday.
But what security threats telco players actually face, and what does AI have to do with this?
While people often focus on firewalls, the real risks run much deeper throughout a telecom company’s software ecosystem. Threat surfaces include:
- Internal operating systems
- Customer Relationship Management (CRM) databases
- Accounting and billing software, etc.
- Legacy core protocols
- 5G Service-Based Architecture (SBA) APIs
- Network-Side Routing Protocols
- etc.
Interestingly, there are no publicly confirmed Common Vulnerabilities and Exploits (CVEs) officially linked to Project Glasswing that target telecom infrastructure. This lack of public data boils down to two factors:
- Most telecom-specific code is proprietary vendor software (such as that from Nokia, Ericsson, or Samsung) and isn’t open source.
- Less than 1% of the total flaws discovered by Mythos have been patched so far, meaning the remaining findings are locked under a strict responsible disclosure embargo.
A Real-World Threat Example: The SMS Gateway Loophole
To understand the gravity of hidden infrastructure flaws, we can look at academic research highlighting telecom weak points. A recent notable paper from UC San Diego (“Lost in Translation: Text Message Spoofing via Email“ by Voelker et al.) outlines how traditional open email services integrate with carrier transport services (such as IMS networks) to deliver SMS/MMS messages.
The researchers proved that protocol conversions create a dangerous attack surface. Attackers can use carefully structured emails to trick carriers into issuing spoofed text messages. This allows malicious actors to impersonate trusted phone numbers or short codes, or even inject fake texts directly into active text threads.
This is exactly where the power of automated vulnerability scanning becomes a game-changer. Uncovering a systemic flaw like the SMS gateway loophole typically requires six to twelve months of dedicated academic research and manual testing.
In stark contrast, a frontier model like Claude Mythos can map out these exact types of protocol weaknesses across an entire network in less than twenty-four hours, giving operators a massive head start in fixing them.
Closing Remarks: Preparing for the “Q-Day” of AI
The discovery of these deep network flaws underscores why telecom companies cannot afford to wait around. When highly intelligent models eventually hit the open market, bad actors will immediately weaponise them to map out backdoors and exploits.
This creates a scenario very similar to the “Q-Day” threat, where quantum computing threatens to break current password encryption methods. For AI, the danger is identical.
We strongly recommend that every telecom company take these developments seriously. Operators must stay ahead of the curve by establishing secure, in-house laboratories to harvest the power of models such as Claude Mythos. By proactively running these AI tools on their infrastructure, telcos can detect, analyse, and patch their vulnerabilities before the bad actors do.
