Cybersecurity leaders in Asia Pacific weigh in with their perspectives on the risks posed by Anthropic’s Claude Mythos – and what we should be doing about them.
What do we do when a powerful new AI model with substantially improved capabilities in vulnerability discovery, exploit development, and multi-step attack reasoning becomes available?
The core danger lies in the democratization and industrialization of cyber-attacks.
On 7 April 2026, US Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened a meeting with CEOs from top American banks and Wall Street executives to discuss the cyber risks posed by Anthropic’s Claude Mythos.
This triggered a global cascade, with organizations and agencies around the world following suit. In this part of the world, Singapore’s financial regulator – the Monetary Authority of Singapore (MAS) – has urged banks to strengthen cybersecurity defenses and close vulnerabilities. The Cyber Security Agency of Singapore (CSA) has also released a formal Advisory on Risks associated with Frontier AI Models, to help organizations mitigate risks from new AI models.
Cybersecurity leaders in the region weigh in with their expert perspectives here:
David Allott, Field Chief Information Security Officer, Asia Pacific & Japan, Veeam:
The Cyber Security Agency of Singapore’s warning reflects a broader shift we’re observing globally: the pace of vulnerability discovery and exploitation is accelerating, and many organizations are struggling to keep up using traditional, patch‑centric security models.
Veeam’s Data Trust and Resilience Report 2026 highlights a clear gap between confidence and reality. While 90% of organizations believe they can recover from a cyberattack, only 28% were actually able to fully restore their data after incidents. In practice, many organizations still treat backups as a passive insurance policy, rather than as part of an actively tested recovery capability.
As AI accelerates how quickly weaknesses can be identified and exploited, prevention alone is no longer sufficient. Organizations have to assume that some vulnerabilities will be exploited despite best efforts. Resilience then depends on whether attackers can be prevented from destroying recovery options, and whether organizations can restore clean, trusted data quickly under pressure.
From Veeam’s perspective, cyber resilience today means protecting the access plane around backups, using immutable storage, detecting anomalous activity early, and routinely testing recovery in realistic conditions. Recovery has to be proven, not assumed.
Reuben Koh, Director of Security Technology & Strategy, Akamai:
As AI speeds up vulnerability discovery, the challenge for APJ businesses is no longer whether threats are increasing, but whether organizations can respond fast enough. The gap between a flaw being found and being exploited is shrinking fast, while many organizations still need time to test fixes and manage operational risk.
The ability of AI to rapidly discover and exploit vulnerabilities is fundamentally altering the landscape of regular patch management, necessitating a paradigm shift for organizations.
In a region as interconnected as APJ, that creates bigger knock-on effects. Cross-border payments, supply chains, and superapps mean a single weakness can spread far beyond one company. And in sectors like manufacturing, where legacy infrastructure is still common, the exposure can be even harder to manage.
The evolutionary leap of AI being able to find and exploit holes faster than ever are changing the paradigm of traditional patch management for organizations. That is why businesses need better visibility, stronger protections when patching cannot happen right away, and a Zero Trust approach that helps contain the blast radius when breaches do happen. When response windows are shrinking, resilience is not just about fixing faster, but containing impact better.
Ananth Nag, General Manager and Vice President, Asia Pacific, Rubrik:
Anthropic Mythos heralds a new age in cybersecurity, where AI enables organizations to not only detect vulnerabilities in real-time but also autonomously address high-severity vulnerabilities faster than ever before. Companies can now imagine a world where risks are minimized and recovery from cyber threats is swift.
However, the same speed that AI models like Anthropic’s Mythos offer can also be exploited by adversaries. As attackers gain access to these powerful tools, the window of vulnerability shrinks, leaving defenders with little time to react. As AI integration gains prevalence, attacks will become normalized and businesses have to operate with the reality of it.
Resilience matters more than ever. In an environment where response windows are shrinking, organizations must go beyond prevention. They must ensure they can recover from attacks just as quickly as threat actors can exploit vulnerabilities.
At Rubrik, we have been advocating for the need for clean recovery points, immutable backups, and the ability to restore critical systems quickly and confidently. This minimizes disruptions and data loss as AI driven threats accelerate. In the current threat landscape, resilience will increasingly be defined not just by how well organizations defend, but by how fast they can recover.
Remus Lim, Senior Vice President, APJ, Cloudera:
The recent vulnerabilities exposed by frontier models like Mythos serve as a critical wake-up call regarding the “data readiness gap” within many organizations. As companies rush to adopt AI, many deploy tools faster than they can secure the information powering them, creating an “AI readiness illusion” built on a shaky foundation.
In the Asia-Pacific region, Cloudera’s research highlights a significant gap between ambition and reality. While 85% of APAC organizations claim to know where their data is located, nearly 40% struggle to utilize it due to complex access rules and internal silos. Furthermore, only 10% report that their data is fully governed. For business leaders, these poorly managed and scattered datasets do more than just hinder AI performance; they create “invisible” security holes that are difficult to monitor and protect.
To transition from AI experimentation to sustainable success, businesses must treat data management as a core pillar of security rather than a backend IT issue. The next phase of AI adoption requires organizations to connect and control their data across all environments. Maintaining strict access controls and robust protection is essential as AI becomes integrated into daily operations.
By strengthening these data foundations, companies can scale AI safely and transform it into a secure, long-term advantage.
Paul Tan, Executive Vice President for Government and Singapore Enterprises, Ensign InfoSecurity:
The zero-day vulnerabilities discovered by Anthropic’s Claude Mythos AI model presents a watershed moment on how enterprises should think about cybersecurity. For security teams, this is a rude awakening that cyber attackers may soon have an unprecedented ability to identify vulnerabilities and weaponize them in rapid succession.
Addressing this requires more than traditional monitoring. Enterprises must move from manual or simple automated scanning to advanced AI model systems such as agentic security operations to find and patch vulnerabilities faster across interconnected environments.
While further testing is required to properly understand its full capabilities, this also reinforces the need to revisit fundamentals such as security by design. Strong identity controls, network segmentation, and disciplined vulnerability management remain critical. The difference now is that these controls need to operate in an environment where the pace of discovery and exploitation is no longer linear.
