AIMed26 GLOBAL SUMMIT
The Mythos Moment: A Wake-Up Call for AI Safety in Healthcare
Dr. Anthony Chang

"in the future.”
Satya Nadella, CEO, Microsoft
Last month, Anthropic CEO Dario Amodei did something that was a paradox: He unveiled Claude Mythos Preview, by his own description one of his company's most powerful models to date, and in the same breath argued that the world is not ready for it. Rather than ship it broadly, Anthropic released Mythos through a tightly governed initiative called Project Glasswing, granting access to roughly a dozen partner organizations including Amazon, Apple, Microsoft, Cisco, CrowdStrike, Palo Alto Networks, the Linux Foundation, and JPMorgan Chase, with perhaps forty more vetted organizations to follow. This is the same Amodei who has previously declined to license Anthropic's models for mass domestic surveillance or military autonomous weapons. The pattern is consistent: a CEO who keeps choosing to leave money on the table because he believes the downside is too consequential to ignore.
What earned Mythos this treatment is a single uncomfortable capability. The model is unusually good at finding bugs in software. Not just well-known classes of flaws, but novel "zero-day" vulnerabilities. Across open- and closed-source software the model has surfaced, by Anthropic's count, tens of thousands of high- and critical-severity weaknesses, most of them not yet publicly disclosed because they have not yet been patched. Speaking alongside Jamie Dimon at an Anthropic financial-services event in early May, Amodei framed the situation as a six-to-twelve-month window in which defenders must close these holes before adversarial AI catches up. He called it "a moment of danger."
This is the texture of what cybersecurity reporters and Anthropic researchers themselves have come to call "vibe hacking”- the use of AI agents to generate, on demand, the reconnaissance, tooling, and exploit chains that previously required years of human expertise. The shift is not that hackers are more numerous; it is that the floor of required skill has collapsed. Vibe hacking is vibe coding's evil twin, and the same productivity gains we celebrate for developers accrue, with equal velocity, to anyone who wishes to do harm.
This is precisely where healthcare's exposure becomes uncomfortable to talk about. The Change Healthcare ransomware attack in 2024 froze prescriptions for tens of millions of Americans and cost UnitedHealth Group well over two billion dollars; it required no AI at all. Imagine the same playbook executed by an agent that can autonomously enumerate every unpatched medical device on a hospital network, identify which combinations of vulnerabilities chain into administrative privilege, and generate the exploit while a human attacker is still on their first espresso.
Agentic AI, reasoning models, and the kind of capability Mythos demonstrates will be deployed across hospitals, payers, and pharma faster than any prior wave of clinical technology. This is because the productivity case is overwhelming and the procurement guardrails are weak. The question is whether we deploy with the same epistemic humility that Amodei is modeling at the frontier, or whether we deploy the way we deployed the early EHR: optimistically, without adversarial review, and with the bill arriving years later. AI safety in healthcare is mostly a matter of being afraid of the right things at the right time.
Three implications follow, and they are not optional. First, every health system needs a named, accountable AI safety function with explicit cybersecurity adjacency: not a sub-bullet under the CIO’s agenda and not a working group of the AI governance committee, but a person whose career advances or ends based on whether the institution's AI surfaces are defensible. Second, we need to treat clinical AI vendors the way we treat drug manufacturers: with a post-market surveillance regime that includes red-team testing, vulnerability disclosure, and the assumption that any model touching patient data or clinical workflow will be attacked. Third, we need to accept that some capabilities should be restricted in healthcare even when they are technically available. Carl Sagan reminded us that we live in a society absolutely dependent on science and technology, in which hardly anyone knows anything about science and technology. The corollary in our field is that we live in a healthcare system absolutely dependent on AI, in which hardly anyone in clinical leadership can yet tell a benign model from a dangerous one.
The Mythos moment is not, in the end, about one model from one company. It is about whether the field has the institutional maturity to take Amodei seriously when one of the people building these systems looks at his own creation and says, in effect: not yet, not for everyone, not without the safety guardrails in place. Healthcare's vulnerable areas remain relatively unprotected- pediatric devices, rural hospital networks, ambulatory clinic infrastructure, the long tail of legacy systems no one has the budget to retire. We have a window. It is, by Amodei's reckoning, between six months and a year. The indispensable human in the loop has rarely had a clearer job description.

