Anthropic’s most succesful AI mannequin has already discovered hundreds of AI cybersecurity vulnerabilities throughout each main working system and net browser. The corporate’s response was not to launch it, however to quietly hand it to the organisations answerable for preserving the web working.
That mannequin is Claude Mythos Preview, and the initiative is known as Project Glasswing.
The launch companions embody Amazon Net Companies, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Basis, Microsoft, Nvidia, and Palo Alto Networks.
Past that core group, Anthropic has prolonged entry to over 40 further organisations that construct or preserve essential software program infrastructure. Anthropic is committing up to US$100 million in utilization credit for Mythos Preview throughout the effort, together with US$4 million in direct donations to open-source safety organisations.
A mannequin that outgrew its personal benchmarks
Mythos Preview was not particularly educated for cybersecurity work. Anthropic stated the capabilities “emerged as a downstream consequence of common enhancements in code, reasoning, and autonomy”, and that the identical enhancements making the mannequin higher at patching vulnerabilities additionally make it higher at exploiting them.
That final half issues. Mythos Preview has improved to the extent that it largely saturates current safety benchmarks, forcing Anthropic to shift its focus to novel real-world duties–particularly, zero-day vulnerabilities. These flaws have been beforehand unknown to the software program’s builders.
Amongst the findings: a 27-year-old bug in OpenBSD, an working system identified for its sturdy safety posture. In one other case, the mannequin absolutely autonomously recognized and exploited a 17-year-old distant code execution vulnerability in FreeBSD–CVE-2026-4747–that enables an unauthenticated person wherever on the web to receive full management of a server working NFS. No human was concerned in the discovery or exploitation after the preliminary immediate to discover the bug.
Nicholas Carlini from Anthropic’s analysis workforce described the mannequin’s capability to chain collectively vulnerabilities: “This mannequin can create exploits out of three, 4, or typically 5 vulnerabilities that in sequence offer you some type of very refined finish end result. I’ve discovered extra bugs in the final couple of weeks than I discovered in the remainder of my life mixed.”
Why is it not being launched?
“We do not plan to make Claude Mythos Preview usually out there due to its cybersecurity capabilities,” Newton Cheng, Frontier Pink Group Cyber Lead at Anthropic, stated. “Given the fee of AI progress, it is going to not be lengthy before such capabilities proliferate, probably past actors who are dedicated to deploying them safely. The fallout–for economies, public security, and nationwide safety–might be extreme.”
This is not hypothetical. Anthropic had beforehand disclosed what it described as the first documented case of a cyberattack largely executed by AI–a Chinese language state-sponsored group that used AI brokers to autonomously infiltrate roughly 30 international targets, with AI dealing with the majority of tactical operations independently.
The corporate has additionally privately briefed senior US authorities officers on Mythos Preview’s full capabilities. The intelligence neighborhood is now actively weighing how the mannequin might reshape each offensive and defensive hacking operations.
The open-source drawback
One dimension of Undertaking Glasswing that goes past the headline coalition: open-source software program. Jim Zemlin, CEO of the Linux Basis, put it plainly: “In the previous, safety experience has been a luxurious reserved for organisations with giant safety groups. Open-source maintainers, whose software program underpins a lot of the world’s essential infrastructure, have traditionally been left to work out safety on their very own.”
Anthropic has donated US$2.5 million to Alpha-Omega and OpenSSF by the Linux Basis, and US$1.5 million to the Apache Software program Basis–giving maintainers of essential open-source codebases entry to AI cybersecurity vulnerability scanning at a scale that was beforehand out of attain.
What comes subsequent
Anthropic says its eventual aim is to deploy Mythos-class fashions at scale, however solely when new safeguards are in place. The corporate plans to launch new safeguards with an upcoming Claude Opus mannequin first, permitting it to refine them with a mannequin that does not pose the identical stage of danger as Mythos Preview.
The aggressive image is already shifting round it. When OpenAI launched GPT-5.3-Codex in February, the firm known as it the first mannequin it had categorized as high-capability for cybersecurity duties beneath its Preparedness Framework. Anthropic’s transfer with Glasswing alerts that the frontier labs see managed deployment–not open launch–as the rising normal for fashions at this functionality stage.
Whether or not that normal holds as these capabilities unfold additional is, at this level, an open query that no single initiative can reply.
See Additionally: Anthropic’s refusal to arm AI is exactly why the UK wants it
Need to be taught extra about AI and large knowledge from business leaders? Try AI & Big Data Expo happening in Amsterdam, California, and London. The excellent occasion is a part of TechEx and is co-located with different main know-how occasions together with the Cyber Security & Cloud Expo. Click on here for extra information.
AI Information is powered by TechForge Media. Discover different upcoming enterprise know-how occasions and webinars here.
Disclaimer: This article is sourced from external platforms. OverBeta has not independently verified the information. Readers are advised to verify details before relying on them.
