Evan Solomon and the new AI security race: why one model is forcing a rethink

On Parliament Hill in Ottawa on Monday, Artificial Intelligence and Digital Innovation Minister Evan Solomon was at the center of a discussion that has moved quickly from theory to urgency. The phrase evan solomon may now be tied to a wider question: how prepared are governments and critical industries for a model that can both expose and exploit software weaknesses?

What is driving the rush to respond?

The immediate trigger is Anthropic’s unreleased frontier model, Claude Mythos Preview, and the company’s decision to keep it out of general release because of its potential for abuse. Instead, Anthropic has opened access to a limited group of companies through Project Glasswing, a program designed to help protect critical digital infrastructure.

That move has set off a coordinated reaction across industry and government. Mr. Solomon is set to meet with Anthropic officials on Tuesday, while officials with Canada’s Innovation, Science and Economic Development department met with the company on Monday, said Sofia Ouslis, a spokesperson with Mr. Solomon’s office. Ouslis said the government is taking the issue seriously and welcomed Anthropic’s choice not to release the model immediately.

Canadian bank executives and regulators also met on Friday to discuss the cybersecurity risks raised by Mythos. The Canadian Financial Sector Resiliency Group, chaired by Alexis Corbett, chief operating officer of the Bank of Canada, brought together the Department of Finance, the Office of the Superintendent of Financial Institutions, several regulators, and members of Canada’s six largest banks and Desjardins Group.

Why are experts calling the model unusually powerful?

The concern is not simply that the model can spot flaws. Anthropic says Mythos Preview has already found thousands of vulnerabilities, including in every major operating system and web browser. In its own framing, the model has reached a level of coding ability that can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.

The AI Security Institute, part of Britain’s Department for Science, Innovation and Technology, reached a similar conclusion in its evaluation. It found that the model could autonomously execute multi-stage attacks on vulnerable networks and discover and exploit vulnerabilities in ways that would take human professionals days of work. In one simulation, the institute said the model was the first to solve a 32-step corporate network attack from start to finish, doing so in three out of 10 attempts.

Carole Piovesan, managing partner at INQ Law, a tech-focused boutique law firm, said the model is “profoundly detrimental from a cybersecurity perspective” if used in the wrong hands. That warning captures the central tension now facing policymakers: the same capability that could help defenders may also reduce the cost and expertise needed for attackers.

What does Project Glasswing try to do?

Project Glasswing is Anthropic’s attempt to turn a dangerous capability into a defensive one. The company says launch partners will use Mythos Preview in their security work, while access has also been extended to more than 40 additional organizations that build or maintain critical software infrastructure. Anthropic is committing up to $100 million in usage credits across the effort, along with $4 million in direct donations to open-source security organizations.

In Canada, that has immediate relevance for banks, regulators and officials responsible for the systems that support payments, records and public services. The model has also prompted broader institutional concern because the systems most at risk are the same ones that keep everyday life functioning when they are secure and stable. The idea behind the initiative is simple, but the stakes are high: find the weaknesses before threat actors do.

For Evan Solomon, the meeting is part of a broader test of how governments engage with frontier AI when defensive benefits and offensive risks arrive together. The next phase may not depend on one company or one ministry alone, but on whether institutions can move quickly enough to keep pace with tools that are changing faster than the systems they are meant to protect.

For now, the scene on Parliament Hill is less a photo opportunity than a warning. The question hanging over evan solomon and everyone meeting around him is whether the protections can be built as quickly as the threat is evolving.