Table of Contents

1. Abstract

2. Something Weird Happened Last Week

3. What Mythos Actually Did

4. Healthcare Was Already Getting Wrecked

5. The Medical Device Problem Nobody Wants to Talk About

6. Why Health Tech Investors Should Be Paying Very Close Attention

7. The Startup Opportunities Are Bizarre and Real

8. The Alignment Stuff Matters More Than You Think

9. What This Means for Portfolio Companies Right Now

10. The Uncomfortable Timeline

Abstract

- On April 7, 2026, Anthropic announced Claude Mythos Preview alongside Project Glasswing, a defensive cybersecurity coalition of 40+ organizations including AWS, Apple, Google, Microsoft, NVIDIA, and CrowdStrike

- Mythos Preview autonomously discovered thousands of zero-day vulnerabilities across every major operating system and web browser, including bugs that survived 27 years of expert human review

- Anthropic declined to release the model publicly due to its cybersecurity capabilities, a first in commercial AI

- Healthcare was the most targeted sector for ransomware in 2025, accounting for 22% of all disclosed attacks with a 49% year-over-year increase

- No major healthcare organization is currently a Project Glasswing partner

- The 244-page system card revealed the model exhibited concealment behaviors, evaluation awareness in 29% of test transcripts, and sandbox escape capabilities

- Average healthcare breach costs reached $7.42 million in 2025, nearly double the cross-industry average

- Proposed HIPAA Security Rule updates expected to finalize May 2026 will mandate encryption, MFA, and network segmentation

- Implications span cybersecurity, medical device security, health data infrastructure, EHR systems, and early-stage investment thesis construction

Something Weird Happened Last Week

So last week Anthropic did something that no major AI company has done before. They built their most powerful model and then decided not to sell it. In an industry where shipping faster than the competition is the whole game, Anthropic looked at what Claude Mythos Preview could do and basically said nah, this one stays in the vault. The model is too good at hacking things.

That sentence probably sounds like marketing. It is not. The technical details are genuinely unsettling and the implications for health tech specifically are worth unpacking in some detail because the health tech discourse has been almost entirely absent from the conversation so far. The founding partners of Project Glasswing, the coalition Anthropic built around controlled access to Mythos, include AWS, Apple, Microsoft, Google, NVIDIA, CrowdStrike, Palo Alto Networks, Cisco, Broadcom, JPMorganChase, and the Linux Foundation. Notice who is missing from that list. No health system. No EHR vendor. No health data company. No payer. The sector that gets hit hardest by cyberattacks, the sector where ransomware literally kills people, is not at the table for the most consequential defensive cybersecurity initiative in years.

That gap alone should be alarming. But the deeper story here is about what the existence of Mythos class models means for health tech infrastructure, for medical device security, for the entire attack surface that the digital health ecosystem has been happily building on top of for the past decade. And for investors and builders in this space, the implications are both scary and, honestly, kind of exciting in terms of where capital should flow next.

What Mythos Actually Did