Anthropic's undisclosed models can identify thousands of vulnerabilities. These 15 cybersecurity tips are recommended for bookmarking.

Author: Ole Lehmann

Compiled by: Deep Tide TechFlow

Deep Tide Briefing: Anthropic has released its latest cutting-edge model, Claude Mythos Preview. This model has found thousands of zero-day vulnerabilities across all major operating systems and browsers—so powerful that even Anthropic itself doesn’t dare to publish it publicly. The bad news is that models with similar capabilities will eventually end up in the hands of attackers. OpenAI cofounder Karpathy put together a digital security checklist last year—now it’s time to take it seriously.

Here’s what happened: Anthropic announced Claude Mythos Preview yesterday.

How strong is this model? It has found thousands of zero-day vulnerabilities across all major operating systems and browsers. So strong that Anthropic itself doesn’t dare release it to the public, fearing uncontrollable damage.

The model isn’t public yet, but once bad actors get their hands on a model with the same capabilities (it’s only a matter of time), the cyberattacks you’ll face will be advanced enough that most people won’t even realize they’ve been compromised.

It’s like a computer virus outbreak in the software world.

So your digital security defenses—now is the time to shore them up.

Karpathy’s Digital Security Guide

Last year, OpenAI cofounder Karpathy compiled a digital security guide covering the fundamentals of personal security in the AI era.

This is one of the best beginner checklists I’ve seen. Here are 15 things you should do right now:

1. Use a password manager (like 1Password)

Generate a unique, random password for every account.

If a service gets breached, attackers will use the same set of account credentials to try to break into every other platform. A password manager eliminates this risk outright, and it also auto-fills—meaning it’s actually faster than reusing passwords.

2. Get hardware security keys (like YubiKey)

This is a physical device that serves as your second authentication factor. Attackers must physically have the device in order to log into your account.

Phone verification codes are actually not very secure. SIM card hijacking (someone calls your carrier pretending to be you and transfers your number to their phone) isn’t as hard to do as you might think.

Buy 2 to 3 YubiKey devices and store them in different places so that if one is lost, you don’t get locked out.

3. Enable biometrics on all devices

Face ID, fingerprints—whatever your device supports, turn it on. Enable it for your password manager, your banking app, and all sensitive applications.

This is the third layer of authentication: who you are. No one can steal your face from a database.

4. Treat security questions like passwords

“What is your mother’s maiden name?” questions can be found on Google in 10 seconds.

Generate random answers for security questions and store them together with your passwords in your password manager. Never answer security questions truthfully.

5. Turn on disk encryption

On Mac, it’s called FileVault; on Windows, it’s called BitLocker.

If your laptop is stolen, disk encryption means the thief gets a brick—not your files. It can be enabled in 2 minutes and runs silently in the background.

6. Reduce smart home devices

Every “smart” device is essentially a networked computer with a microphone sitting in your home.

They continuously collect data, keep sending it back to servers, and they’re often hacked too. You don’t need to know your exact GPS coordinates for that Wi-Fi air-quality tester you bought on Amazon.

The fewer connected devices you have, the fewer network entry points you have.

7. Switch to Signal for everyday messaging

Signal uses end-to-end encryption for messages, so no one (including Signal itself, your mobile carrier, or anyone intercepting data) can read your messages.

Regular SMS and even iMessage store metadata (who you talked to, when you talked, how long you talked), and anyone with access can analyze it.

I recommend turning on the disappearing messages feature. 90 days is a good default, so old conversations don’t turn into liabilities.

8. Use a privacy-focused browser (like Brave)

Brave is built on Chromium, so all Chrome extensions can be used, and the experience is almost the same.

9. Change the default search engine to Brave Search

The reason is that it has its own independent index, unlike DuckDuckGo, which is essentially just a skin over Bing.

If a search result isn’t quite right, add “!g” to redirect that query to Google.

The premium tier is $3 per month. Paying for the customer is better than being a free product.

10. Use virtual credit cards (like Privacy.com)

Generate a new card number for each merchant. You can set spending limits per card, and you can fill in the billing name and address however you want.

If a merchant is breached, attackers only get a one-time card number—not your real financial identity. And that also means no merchant knows your real home address.

11. Get a virtual mailing address

Services like Virtual Post Mail help you receive physical mail, scan it, and let you view it online. You decide what should be shredded and what should be forwarded.

This way, you don’t have to give your real home address to all kinds of online shops every time you check out.

12. Don’t click links in emails

Email addresses are extremely easy to spoof. With AI, phishing emails now look exactly like real ones.

Instead of clicking links, log in to the site yourself by opening it manually.

Also, it’s a good idea to turn off automatic image loading in your email settings, because embedded images can be used to track whether you opened the email.

13. Use a VPN selectively (like Mullvad)

A VPN hides your IP address (the unique identifier for your device and location), so the services you connect to can’t see who you are.

You don’t need to keep it on 24/7, but turn it on when you’re on public Wi-Fi or accessing services you don’t trust much.

14. Set DNS-level ad blocking (like NextDNS)

DNS is basically the phone book your device uses to look up websites. Blocking at this layer means ads and trackers are stopped before they even load.

It applies to all apps and browsers on your device.

15. Install a network monitoring tool (Little Snitch is recommended on Mac)

It shows which apps on your computer are communicating, how much data they sent, and where they sent it.

Any app sending back data beyond what’s expected is suspicious—most likely you should uninstall it.

Right now, Mythos is only in the hands of the defensive side at Project Glasswing (Anthropic, Apple, Google, etc.).

But attackers will get Mythos-level models soon—about within 6 months, possibly faster. So strengthening security is urgent right now.

Spend 15 minutes setting it up now to avoid a whole lot of hassle later.