The release of Anthropic's Claude Mythos Preview has forced South Korea to confront both the fragility of its digital infrastructure and the gaps in its sovereign AI strategy
On 7 April, Anthropic announced Project Glasswing — an initiative to bring together twelve major US tech companies to secure the world's most critical software. The initiative was a precautionary step to forestall what Anthropic called an 'industrial change point or reckoning.' The invocation of 'reckoning' underscored the gravity of the issue and its wider implications — this was not about Artificial Intelligence's (AI) distant doomsday scenarios, but its immediate impact on the global economy. South Korea, one of the world's most digitally connected countries, reacted swiftly to the news, recognising the security threat posed by the new development. Amid deliberations over the cybersecurity challenge and how to address it, the conversation has broadened to encompass questions about sovereign AI, the resolution of policy bottlenecks, and who should benefit from the AI boom.
The release of Claude Mythos Preview, a frontier AI model, by Anthropic in April sent shockwaves across the globe. Reports that the model could identify vulnerabilities and exploit software faster than humans — including high-severity zero-day vulnerabilities — were enough to put governments, policymakers, and cybersecurity experts on alert. The news was particularly concerning for South Korea, which has long positioned itself as one of the world's most digitally connected nations. The Mythos development revived memories of DarkSeoul, a series of cyberattacks in 2013 in which North Korean hackers targeted the country's banking infrastructure, inflicting significant economic damage.
The Mythos development revived memories of DarkSeoul, a series of cyberattacks in 2013 in which North Korean hackers targeted the country's banking infrastructure, inflicting significant economic damage.
In response, the Financial Services Commission (FSC), South Korea's financial regulator, announced measures to strengthen the financial sector's cyber defences. Since then, representatives from the banking, financial, and insurance sectors, along with cybersecurity firms, have been deliberating on ways to bolster their defences and build resilience. A comprehensive cybersecurity review was ordered to assess the sectors’ AI-era preparedness, and discussions have been held on interagency and public–private coordination. Separately, the Ministry of Science and Information and Communication Technology (ICT) convened a meeting with Chief Information Security Officers (CISOs) of the country's major telecom providers and social media companies — including SK Telecom, LG Uplus, KT, Naver, and Kakao — to conduct a comprehensive review of network cybersecurity.
With growing threat perception, private companies have also begun bolstering their cyber defences and patching software vulnerabilities, particularly in legacy networks. All are working to complete the task before a July deadline. Some corporations are aiming to revamp their operating and security systems to enhance cybersecurity. There is also discussion of integrating AI as a counterstrategy to defend against cyber intrusions. The government, too, is planning to incorporate AI into its response mechanisms. Oh Hyun-joo, Third Deputy Director of the National Security Office, addressing a gathering of small and medium enterprises (SMEs), said: "We will advance our security technology capabilities in response to the changing environment and strengthen the nation's cybersecurity response capacity by solidifying the AI-based security industry and data security framework."
The development has particularly alarmed authorities and regulators, who have long flagged the inadequacy of cyber defence mechanisms protecting the country's critical infrastructure — especially in the banking, insurance, and financial sectors. While these sectors are significant given their direct economic impact, telecommunications has drawn particular scrutiny in light of a spate of cyberattacks and data theft incidents that struck all major providers last year. SK Telecom's breach of 26.95 million user records, KT's unauthorised micropayment incident resulting in losses of 240 million won, and LG Uplus's server hack that compromised data of 42,000 customers and 167 employees have all damaged these companies' reputations with both the public and the government. Consequently, first-quarter operating profit projections for all three telecom companies were down.
The development has particularly alarmed authorities and regulators, who have long flagged the inadequacy of cyber defence mechanisms protecting the country's critical infrastructure — especially in the banking, insurance, and financial sectors.
In the aftermath of last year's incidents, Korean regulators had already taken the companies to task, imposing heavy financial penalties and requiring them to implement stringent measures against cyberattacks and data breaches. Following the Mythos development, however, cybersecurity guidelines and their implementation are expected to become stricter still, with no room for error. This will also pile additional pressure on companies to fast-track the five-year cybersecurity plans they had announced last year.
The government's compliance-heavy approach is also expected to gain broader public support, amid growing calls for stronger corporate accountability, closer coordination, and on-site inspections. The silver lining is that the crisis may compel the government and the private sector to work more closely together and take the necessary steps to improve cybersecurity. Priorities should include rigorous audits, better institutional support, smoother policy coordination, faster incident reporting mechanisms, a more secure certification process, and simpler regulatory, legal, and procurement requirements — all of which would ease the burden on both sides.
Following the Mythos announcement, South Korea is now exploring participation in Project Glasswing with Anthropic. To that end, a South Korean delegation — comprising the head of the National Intelligence Service, the AI Safety Institute (AISI), the Korea Internet and Security Agency (KISA), the FSC, and the Financial Security Institute — met with Michael Sellitto, Anthropic's Head of Global Policy, to discuss potential participation and deliberate on AI safety and policy implementation. Initially, the White House's opposition to expanding access to the Mythos model, along with the absence of a memorandum of understanding (MoU) with South Korea, impeded deeper cooperation with the company. However, a recent development allowing access to South Korean companies and agencies, such as KISA, Samsung, SK Hynix, and SK Telecom, came as a relief to the government. The opening of Anthropic's new Seoul office further fosters closer collaboration with the American AI ecosystem.
Nonetheless, the Mythos development has also triggered debate over existing gaps in South Korea's technological capabilities, innovation ecosystem, regulatory frameworks, safety assessment mechanisms, and institutional capacity. Underlying this is a broader set of tensions: expectation versus reality; the lag between policy implementation and technological advancement; public safety versus economic potential; and the question of sovereign AI versus dependence on foreign technology. The conversation has once again prompted a rethinking of South Korea's existing AI strategy, its sovereign AI model, the pace of its flagship projects, and whether the current direction meaningfully advances the country's standing in the global AI landscape.
The Mythos development has also triggered debate over existing gaps in South Korea's technological capabilities, innovation ecosystem, regulatory frameworks, safety assessment mechanisms, and institutional capacity.
On the question of sovereign AI, South Korea has set its sights on becoming one of the world's top three AI powers. Speaking to this ambition, Baek Kong-hoon, Minister of Science and ICT, reiterated the emphasis on sovereign AI, stating that "the real question should be whether Korea can develop an AI model on par with Mythos." In light of recent developments, the country is reviewing its AI strategy once more, aiming to incorporate large language models (LLMs) — which were not explicitly addressed in either the broader 2045 national development strategy or the existing 2025-2030 technology roadmap. The government is also revisiting its assessment criteria for sovereign AI support, which has drawn criticism over policy rigidity around qualifications such as technological independence and the use of open-source models.
South Korea is also grappling with how to equitably distribute the gains from the AI boom, particularly given the substantial windfall profits accrued by SK Hynix and Samsung — leaders in the memory chip segment critical to AI infrastructure. Recently, Kim Yong-beom, the top presidential policy aide, floated the idea of a national dividend, sparking a heated debate. This came amid a simmering dispute between Samsung Electronics's labour union and management over performance-based bonuses linked to the company's booming AI semiconductor profits. While the swift resolution between Samsung and the labour union, resulting in an operating profit-sharing deal, was an example of effective crisis management, it has also established a precedent for other companies to follow.
Another concern voiced in the AI debate is that the new technological era could see chaebols once again dominate — this time the AI race — buoyed by government subsidies and preferential support. This would not only crowd out AI startups but also undermine fair competition. Small and medium enterprises face particular pressure, constrained by limited resources vis-à-vis larger companies.
In conclusion, the Mythos development has rightly drawn the attention of both the government and the private sector to strengthening cybersecurity across critical national infrastructure and corporate networks, while also accelerating the country's slow-moving AI agenda. Whether the shock ultimately leads to faster progress on sovereign AI, a more secure cyber ecosystem, or both, remains to be seen. Either outcome would be a significant achievement in its own right — and other countries would do well to watch the Korean experience and find opportunity in crisis.
Abhishek Sharma is a Junior Fellow with the Strategic Studies Programme at the Observer Research Foundation.
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.
Abhishek Sharma is a Junior Fellow with ORF’s Strategic Studies Programme. His research focuses on the Indo-Pacific regional security and geopolitical developments with a special ...
Read More +
PREV
