Mythos and the repricing of critical infrastructure

A lot has been written about Claude Mythos Preview in the week since Anthropic announced it. The primary sources remain the best place to start. Anthropic’s own Mythos Preview post and the Project Glasswing announcement describe capability and governance. Simon Willison’s write-up gives the clearest technical overview. The news cycle is already saturated with recap. What follows is a different angle.

The capability is significant. The story sits downstream of the capability, inside what the capability reprices.

The scarcity that has been removed

Every institution that prices cyber risk, insurers, infrastructure investors, pension funds, sovereign wealth, governments, has built its model on one foundational assumption. Offensive security capability requires scarce, expensive, human expertise. That scarcity is what underwrites the premium, caps the probability, and keeps the expected loss within manageable range.

Mythos removes that scarcity. Over a few weeks of internal testing, the model identified thousands of previously unknown vulnerabilities across every major operating system and every major web browser. One of them, triaged as CVE-2026-4747, is a long-standing remote code execution flaw in FreeBSD’s NFS implementation. The model found it autonomously, then built the exploit chain to demonstrate it.

A capability that turns weeks of expert work into a few hours of model time changes the input cost of offense, which is the variable every downstream model is calibrated against. When the input cost collapses, everything priced off it has to requote. Whether that requote reaches systemic scale depends on how fast the underlying capability generalises beyond one lab’s research preview.

Why Bessent and Powell convened the bank CEOs

On April 10, three days after the Mythos Preview announcement, Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened the CEOs of Citigroup, Morgan Stanley, Bank of America, Wells Fargo, and Goldman Sachs in a closed-door meeting to discuss the cyber implications. That two of the highest-ranking financial officials in the United States personally convened the chief executives of the largest banks reads as a systemic response, well above the technical level the press covered.

The interpretation most reporters reached is that regulators are worried about bank security. That reading is accurate and shallow. The deeper read is that the regulators understand the following chain.

If offensive capability has been commoditised, then the cost of probing critical systems is falling faster than the cost of defending them. That differential shifts the probability of a systemic event. A systemic event is one that triggers correlated losses across institutions, which is exactly the failure mode that capital and insurance markets are poorly positioned to absorb. When probability of a systemic event moves, cost of capital on exposed assets moves with it. The banks that finance those assets and the insurers that underwrite them need to know before the market does.

The regulatory read has arrived quickly. The market read has not.

What the $20 billion cyber insurance market actually prices

The global cyber insurance market is worth roughly $20 billion in annual premium. The premium is calibrated against a decade of incident data. Ransomware, data exfiltration, extortion patterns, standard attack vectors, standard monetisation paths. The actuarial models are mature for this dataset. They are mature for the world in which offensive capability is scarce and therefore attacks follow predictable, almost industrialised patterns.

The models are immature for a world in which a single autonomous agent can map, probe, and exploit at the pace of a competent red team without the competent red team’s cost structure or headcount. The models are also immature for a world in which the same capability, once public or leaked, scales to any adversary, not just state-level ones.

Two things happen to premium in this world. First, the absolute number rises, because expected loss rises. That is straightforward. Second, and more consequential, the correlation structure across policies changes. A single vulnerability class, discovered and exploited by the same agent across thousands of exposed systems, produces correlated claims that break the diversification assumption on which insurance math rests.

The first move is price. The second move is capacity. Insurers withdraw capacity from correlated risk before they reprice it, because repricing requires a new actuarial model and capacity withdrawal needs only a boardroom decision. A plausible sequence over the next eighteen months runs capacity contraction first, then partial re-pricing, then an unresolved gap over who holds tail risk on critical infrastructure. Plausible, on the working assumption that the underlying capability generalises beyond one research preview; if generalisation stalls, the sequence compresses back toward the existing actuarial frame and the rest of this memo is wrong.

The $1.5 trillion utilities question

US investor-owned utilities alone carry roughly $1.5 trillion of market capitalisation, trading at multiples in the low twenties. Cyber risk is treated inside these valuations as an incremental operating cost, captured in SG&A, sometimes disclosed in the risk factors section of the 10-K, and reflected in modest capital expenditure lines for security hardening.

This treatment assumed that a meaningful cyber event on a regulated utility, an event that would take generation offline, compromise grid-management telemetry, or disable customer-facing systems at scale, required either a sophisticated state actor or a long-planned operation. Both of those are rare. Rare events are correctly priced as operational, not structural.

A capability that converts weeks of state-level work into hours of model time changes the rarity. The event stays probabilistic rather than certain, but the probability sits at a level the SG&A line was never built to absorb.

A structural re-pricing, if it arrives, sits at a different order of magnitude from a ten-basis-point adjustment. The shape is a repositioning of which assets trade at utility multiples versus industrial multiples, which trade at infrastructure multiples versus operating-company multiples, and which sit at the centre of the portfolio versus the periphery.

The infrastructure asset class has been a capital-intensive haven for a decade precisely because its risks were slow-moving. The risks now move fast.

Project Glasswing as institutional response

Anthropic’s response to the capability it built is Project Glasswing. Twelve tech partners, including AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, and Nvidia, plus roughly forty additional organisations responsible for maintaining critical software infrastructure. Anthropic has committed $100 million in model usage credits to cover the research preview. Mythos will not be generally available.

This is a serious and, within the constraints of what a private company can do, well-designed response. It is also a private institutional governance structure built on voluntary participation, accountable only to the people who built the capability it is governing.

Glasswing controls one model from one lab. It sits silent on what Meta, a Chinese research institute, a state actor, or a well-funded independent team ships in 2027. It sits silent on the successor to Mythos, which will be more capable, better aligned, and still capable of the same class of action. The containment is real for now, and temporary by design.

What is contained today will become ambient. The institutional question is what gets built, by whom, and against which legal framework before that happens. Voluntary coalitions of labs are a stopgap. A durable end state requires legal authority, independent verification, democratic mandate, and international coordination. Today’s landscape carries a single private coalition on one of those four.

What a principal should be doing now

The institutional mispricing compounds as long as the actuarial models, insurance capacity, and equity valuations continue to treat cyber risk on critical infrastructure as an operational cost. The compounding will unwind quickly at some unpredictable point, probably triggered by an incident that is either a genuine systemic event or a credible near miss.

The question a principal holding direct or indirect exposure to critical infrastructure should be asking is by how much, on which assets, on what timeline, and what the capital consequences of a repricing look like in the middle of the transition rather than at the end. Whether the premium widens is the already-priced part.

Four questions are worth running against a portfolio this month.

1. Which operating assets sit in the systemically mispriced zone, where cyber risk has been captured inside SG&A rather than as a structural exposure. Across operating-asset audits we have run in the last twelve months, the exposure has consistently come in higher than the CFO’s working estimate.

2. Which counterparties on which long-term contracts carry the tail, and whether the current insurance stack actually transfers the risk or only transfers the correlated middle of the distribution.

3. Which technology decisions at the operating layer of those assets reflect the old cost-of-offense assumption. This is usually where the specification work compounds into real money, because operating-layer technology is procured against assumed threat models that have since dated.

4. Which capital events over the next twenty-four months are exposed to a sudden repricing. Refinancings, secondary offerings, exits, major procurement events, long-term contract renewals. A repricing during one of these events is the difference between a planned transaction and a crisis one.

These are capital questions that insurance prices and underwrites, running in that direction rather than the reverse.

The work of answering them sits at the intersection of capital architecture, technical architecture, and operational execution. Most principals will ask the insurance broker first, then the CIO, then the CFO, and each will answer within the frame of their own discipline. That sequence produced the current mispricing. Answering the question requires holding all three frames at once, from the outset.

What would make this wrong

Three conditions would flatten the repricing argument back to an operational-cost frame.

The first is containment holding. If Mythos stays inside Project Glasswing, every other frontier lab spends the next twelve months on capabilities that stop short of the same reach, and the underlying weights stay inside the labs that built them, then the input-cost collapse stays local to one governed environment. The correlated-claim case weakens. Insurance capacity holds.

The second is alignment catching up faster than capability. If the governance scaffolding, independent red-teaming, disclosure cadence, and cross-lab coordination, professionalises quickly, the tail probability compresses. Mythos becomes a live drill for what institutional response looks like, and the repricing arrives slower and narrower.

The third is an asymmetric defence uplift. The same capability class, used defensively and deployed earlier by defenders than attackers, compresses the cost of hardening faster than it widens the cost of offense. In that scenario, the existing actuarial frame absorbs the event rate with modest premium widening.

The working assumption is that at least one of those three softens and at most one holds. That is the assumption this memo rests on. Mark this memo against the observable state in six and twelve months.

The frame has moved

Mythos is the first capability of its class public enough, and impactful enough, to force the frame. A successor will follow. The frame was already wrong; it is now visibly wrong. The question is how quickly principals adjust, and on what terms.