Anthropic’s most succesful AI mannequin has already discovered hundreds of AI cybersecurity vulnerabilities throughout each main working system and internet browser. The corporate’s response was to not launch it, however to quietly hand it to the organisations accountable for preserving the web working.
That mannequin is Claude Mythos Preview, and the initiative known as Undertaking Glasswing.
The launch companions embrace Amazon Internet Companies, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Basis, Microsoft, Nvidia, and Palo Alto Networks.
Past that core group, Anthropic has prolonged entry to over 40 extra organisations that construct or keep vital software program infrastructure. Anthropic is committing as much as US$100 million in utilization credit for Mythos Preview throughout the hassle, together with US$4 million in direct donations to open-source safety organisations.
A mannequin that outgrew its personal benchmarks
Mythos Preview was not particularly educated for cybersecurity work. Anthropic mentioned the capabilities “emerged as a downstream consequence of general improvements in code, reasoning, and autonomy”, and that the identical enhancements making the mannequin higher at patching vulnerabilities additionally make it higher at exploiting them.
That final half issues. Mythos Preview has improved to the extent that it largely saturates current safety benchmarks, forcing Anthropic to shift its focus to novel real-world duties–particularly, zero-day vulnerabilities. These flaws have been beforehand unknown to the software program’s builders.
Among the many findings: a 27-year-old bug in OpenBSD, an working system recognized for its robust safety posture. In one other case, the mannequin absolutely autonomously recognized and exploited a 17-year-old distant code execution vulnerability in FreeBSD–CVE-2026-4747–that enables an unauthenticated person anyplace on the web to acquire full management of a server working NFS. No human was concerned within the discovery or exploitation after the preliminary immediate to seek out the bug.
Nicholas Carlini from Anthropic’s analysis workforce described the mannequin’s capability to chain collectively vulnerabilities: “This model can create exploits out of three, four, or sometimes five vulnerabilities that in sequence give you some kind of very sophisticated end outcome. I’ve found more bugs in the last couple of weeks than I found in the rest of my life combined.”
Why is it not being launched?
“We do not plan to make Claude Mythos Preview generally available due to its cybersecurity capabilities,” Newton Cheng, Frontier Pink Workforce Cyber Lead at Anthropic, mentioned. “Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely. The fallout–for economies, public safety, and national security–could be severe.”
This isn’t hypothetical. Anthropic had beforehand disclosed what it described as the primary documented case of a cyberattack largely executed by AI–a Chinese language state-sponsored group that used AI brokers to autonomously infiltrate roughly 30 international targets, with AI dealing with nearly all of tactical operations independently.
The corporate has additionally privately briefed senior US authorities officers on Mythos Preview’s full capabilities. The intelligence group is now actively weighing how the mannequin may reshape each offensive and defensive hacking operations.
The open-source drawback
One dimension of Undertaking Glasswing that goes past the headline coalition: open-source software program. Jim Zemlin, CEO of the Linux Basis, put it plainly: “In the past, security expertise has been a luxury reserved for organisations with large security teams. Open-source maintainers, whose software underpins much of the world’s critical infrastructure, have historically been left to figure out security on their own.”
Anthropic has donated US$2.5 million to Alpha-Omega and OpenSSF via the Linux Basis, and US$1.5 million to the Apache Software program Basis–giving maintainers of vital open-source codebases entry to AI cybersecurity vulnerability scanning at a scale that was beforehand out of attain.
What comes subsequent
Anthropic says its eventual objective is to deploy Mythos-class fashions at scale, however solely when new safeguards are in place. The corporate plans to launch new safeguards with an upcoming Claude Opus mannequin first, permitting it to refine them with a mannequin that doesn’t pose the identical degree of danger as Mythos Preview.
The aggressive image is already shifting round it. When OpenAI launched GPT-5.3-Codex in February, the corporate known as it the primary mannequin it had labeled as high-capability for cybersecurity duties underneath its Preparedness Framework. Anthropic’s transfer with Glasswing alerts that the frontier labs see managed deployment–not open launch–because the rising commonplace for fashions at this functionality degree.
Whether or not that commonplace holds as these capabilities unfold additional is, at this level, an open query that no single initiative can reply.
See Additionally: Anthropic’s refusal to arm AI is strictly why the UK desires it
Wish to study extra about AI and massive knowledge from trade leaders? Try AI & Massive Knowledge Expo happening in Amsterdam, California, and London. The excellent occasion is a part of TechEx and is co-located with different main know-how occasions together with the Cyber Safety & Cloud Expo. Click on right here for extra data.
AI Information is powered by TechForge Media. Discover different upcoming enterprise know-how occasions and webinars right here.
