Claude Mythos Triggers Cybersecurity Stock Sell-Off As AI Threat Fears Hit Wall Street

Cybersecurity stocks have been caught in a sharp market sell-off after the emergence of Claude Mythos, Anthropic’s advanced AI cybersecurity model, raised fears that artificial intelligence could rapidly reshape the economics of digital defence.

The sell-off began in late March after details about Anthropic’s then-unreleased model reportedly appeared in a publicly accessible draft blog post. According to Forbes, the disclosure helped trigger a sharp drop across cybersecurity stocks before Anthropic formally announced Claude Mythos Preview and Project Glasswing on April 7.

The market reaction was swift. Investors marked down major cybersecurity and software names amid concern that models capable of autonomously finding vulnerabilities could disrupt parts of the security industry. Finance Yahoo reported that Cloudflare fell 12.6% and CrowdStrike dropped 7.2% during the April 10 software sell-off, as AI-related fears weighed heavily on the sector.

At the centre of the anxiety is a simple but disruptive question: if AI can find serious software vulnerabilities faster than human experts, what happens to traditional cybersecurity tools and services?

Anthropic has positioned Mythos as a defensive breakthrough rather than a public hacking tool. In its own announcement, the company said Project Glasswing is intended to help secure critical software and give defenders an advantage in an era of AI-augmented cyber threats.

The company has also limited access to Mythos Preview rather than releasing it broadly. Anthropic said the model would initially be made available to a limited group of critical industry partners and open-source developers, allowing defenders to begin securing major systems before similar capabilities become widely available.

Those precautions have done little to calm the market. The fear is that AI could accelerate the entire vulnerability lifecycle, from discovery to exploitation, compressing the time between a flaw being found and a real-world attack being launched.

For investors, that has created uncertainty about which cybersecurity companies are most exposed. Some firms that rely heavily on legacy vulnerability scanning, manual penetration testing or static code analysis could face pressure if AI systems perform similar work faster and cheaper. But analysts have also argued that the market reaction may be too blunt.

The sharp sell-off hit companies across several categories, even though not all of them compete directly with AI code-scanning or vulnerability-discovery tools. Endpoint security providers, network defence platforms, cloud security companies and data recovery specialists operate in different parts of the cyber stack.

That distinction matters. A model such as Mythos may be highly effective at finding flaws in code, but companies such as CrowdStrike, Palo Alto Networks, Zscaler, Cloudflare and Rubrik also sell products focused on detection, response, traffic inspection, identity, resilience and recovery. In many cases, a more dangerous threat environment could increase demand for their services rather than reduce it.

CrowdStrike has publicly framed Mythos-class systems as both a threat and an opportunity, arguing that frontier models raise the ceiling for attackers and defenders alike. The company said its role is to ensure defenders retain the advantage, positioning itself as a participant in the AI-security shift rather than a casualty of it.

Project Glasswing’s partner network also complicates the idea that incumbents are simply being displaced. Reporting from SecurityBrief listed major participants including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, The Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks.

The broader investment story may therefore be less about cybersecurity becoming obsolete and more about cybersecurity becoming more AI-intensive. If AI systems can identify vulnerabilities faster, organisations will still need tools and teams to triage, patch, monitor, respond and recover.

That could shift value toward companies that can integrate frontier AI into their existing platforms, and toward the cloud infrastructure providers hosting these models. Anthropic’s Project Glasswing page says the initiative is aimed at finding and fixing flaws in important software, while improving the security of new software development.

The risks are significant enough to draw attention beyond Wall Street. Reuters reported that Anthropic is preparing to brief the Financial Stability Board on cybersecurity vulnerabilities discovered by Mythos, underscoring concern among global regulators about the implications for banks and critical infrastructure.

The immediate market reaction may have wiped billions from cybersecurity valuations, but the longer-term impact is more nuanced. Mythos does not necessarily prove that cybersecurity companies are doomed. It shows that the industry is entering a new phase, where AI will change how vulnerabilities are found, how quickly they are exploited, and how urgently they must be fixed.

For investors, the key question is no longer simply which companies sell cybersecurity. It is which companies can use AI to make defence faster than attack.

The Mythos sell-off may have been sparked by fear. But the underlying message is harder to dismiss: cybersecurity is being repriced for an AI era, and companies that fail to adapt could be left behind.

Photo Credit: DepositPhotos.com