Anthropic's Mythos raises questions for cybersecurity startup valuations - PitchBook

Anthropic says its new model has identified threats that decades of cyber researchers have failed to detect. Will some startups' moats disintegrate?

Anthropic's Mythos Preview frontier model, formally announced this week, is expected to be a boon for startups in some cybersecurity categories and a competitive threat to others.

The Mythos Preview model has, according to Anthropic, identified thousands of high-severity vulnerabilities "in every major operating system and browser." It is a major revelation for the cybersecurity industry, and is expected to have immediate implications for more mature startups whose products can be rendered obsolete by Anthropic.

Alongside Mythos, Anthropic unveiled Project Glasswing, an initiative to secure critical systems that already includes Amazon, Cisco, Apple and others as partners to help identify novel threats to their operating systems and to understand what guardrails the Mythos model needs.

For application security startups working on vulnerability management and code security, valuations just got a whole lot harder to justify, according to Sid Trivedi, partner at Foundation Capital. "In the near to mid-term, the greatest threat [of Mythos] is to the vulnerability management companies," he said.

Stock prices of publicly traded vulnerability management companies -- which identify gaps in cybersecurity infrastructure before an attack occurs -- have fallen as markets have learned more about Mythos' capabilities. The stock price of Qualys is down by nearly 10% over the past month, with much of the drop happening since Fortune reported the existence of Mythos on March 26. Competitor Tenable has seen its stock price drop by almost 15% in the same period, with a notable decrease since the initial reports.

So, is Anthropic's latest tool going to eat everyone's lunch? Not necessarily.

Much of the cybersecurity market will likely benefit from more advanced threat detection technology. As for the future underwriting for many startups in that area, it will hinge, at least in part, on whether Anthropic expands into more cybersecurity use cases beyond vulnerability management. "Is there a risk that Anthropic and other AI labs will play deeper in cybersecurity? Yes, possibly," Trivedi said.

And for the startups able to provide threat detection and remediation tools outside of what Anthropic and other front AI labs ultimately focus on, Mythos is likely to be a boon for their already-growing businesses.

With investor expectations that AI would usher in a new era of cybersecurity enforcement, application security startups have fared relatively well in the past few years. In 2025, VCs invested a total of $2.66 billion across 186 deals, a 45% increase year-over-year, according to PitchBook's Q4 2025 Cybersecurity Trends report.

Flagship cybersecurity exits, including Alphabet's acquisition of Wiz and Palo Alto Networks' acquisition of CyberArk, have also been a huge pull for valuation growth over the last few years.

While Anthropic has no plans to release Mythos to the public, it's likely that Glasswing partners will want newer and more powerful cybersecurity tools. Anthropic's flagship software engineering model, Claude Code, is already a popular tool for detecting cybersecurity threats, and the AI company says Mythos is a step above in its capabilities.

Either way, the scale and speed of vulnerability management will inevitably escalate, said John Brennan, a cybersecurity investor who runs solo fund Holly Ventures.

"From a seed perspective, I'm not sure the underwriting changes too much -- but growth investors will have to think a lot about how this impacts growth trajectories and future valuations," Brennan said.