Anthropic restricts Claude Mythos to security researchers under Project Glasswing
Anthropic has not publicly released Claude Mythos, instead restricting access to a vetted set of partners through Project Glasswing. The company claims the model's cybersecurity research abilities—including finding thousands of high-severity vulnerabilities in major operating systems and browsers—warrant controlled deployment until industry safeguards mature.
Claude Mythos Preview — Quick Specs
Anthropic Restricts Claude Mythos to Security Researchers Under Project Glasswing
Anthropic has withheld public release of Claude Mythos, instead limiting access through Project Glasswing, a controlled preview program for vetted security partners. The company cites the model's exceptional cybersecurity research capabilities as the reason for restricted deployment.
The Model and Its Capabilities
Claude Mythos is described as a general-purpose model comparable to Claude Opus 4.6. According to Anthropic's system card, the model has already discovered thousands of high-severity vulnerabilities, including flaws in every major operating system and web browser. Notably, the model can chain multiple vulnerabilities together—combining three, four, or sometimes five separate issues to create sophisticated multi-stage exploits that wouldn't be possible with individual vulnerabilities alone.
Real-World Vulnerability Discoveries
Nicholas Carlini, an Anthropic researcher, demonstrated the model's capabilities in Project Glasswing documentation. He reported finding "more bugs in the last couple of weeks than I found in the rest of my life combined." Specific discoveries include:
- OpenBSD: A 27-year-old TCP SACK validation vulnerability that could crash the kernel. The flaw was patched on March 25, 2026 (CVE reference: OpenBSD 7.8 errata 025).
- Linux: Multiple privilege escalation vulnerabilities allowing unprivileged users to gain administrator access.
These findings align with recent warnings from prominent security figures. Greg Kroah-Hartman of the Linux kernel noted that AI-generated security reports shifted from low-quality "AI slop" to credible, actionable vulnerabilities within the past month. Daniel Stenberg of curl reported spending hours daily handling AI-discovered security issues—"less slop but lots of reports. Many of them really good."
Project Glasswing Structure
The program provides $100M in usage credits plus $4M in direct donations to open-source security organizations. Partner organizations—including AWS, Apple, Microsoft, Google, and the Linux Foundation—receive early access to find and remediate vulnerabilities in foundational systems before broader vulnerability proliferation occurs.
Anthropic explicitly states: "We do not plan to make Claude Mythos Preview generally available," indicating this is a permanent access restriction, not a temporary embargo. The company plans to eventually enable safe large-scale deployment through safeguards designed to "detect and block the model's most dangerous outputs," with new protections expected in an upcoming Claude Opus model.
What This Means
This represents a significant shift in how frontier AI labs approach model release. Anthropic has essentially declared certain capabilities too risky for unrestricted distribution, betting that an industry preparation period—funded and coordinated through Project Glasswing—will reduce overall security risk more effectively than immediate public release would.
The question is whether this approach will hold. Other frontier labs like OpenAI (with GPT-5.4 already showing strong security research capabilities) have not adopted similar restrictions. A fragmented approach where some labs restrict access while others don't could create perverse incentives—security researchers and malicious actors alike may migrate to unrestricted alternatives, potentially accelerating rather than delaying vulnerability proliferation. Anthropic's success depends partly on industry adoption of their safeguards and on whether competitors follow suit.
Related Articles
US lifts export restrictions on Anthropic's Mythos and Fable models after compliance agreement
The US government has removed export restrictions on Anthropic's Mythos and Fable models, ending a ban that forced the company to cut off public access on June 12. Anthropic will begin restoring access on July 1 after agreeing to proactively detect security risks and coordinate with the US government on protocols for current and future model releases.
Anthropic Launches Claude Desktop App for Linux, Local AI Integration Fails
Anthropic has released an official Linux desktop app for Claude, bringing feature parity with macOS and Windows versions. However, the app currently fails to reliably connect to locally-installed AI models like Ollama, limiting Linux users to cloud-based Anthropic plans.
Anthropic launches Claude Science beta with NVIDIA BioNeMo integration for life sciences research
Anthropic has launched the public beta of Claude Science, an AI workbench for scientific research that integrates NVIDIA's BioNeMo Agent Toolkit. The platform allows scientists to execute end-to-end research workflows using natural language commands to interact with digital agents.
Anthropic Restores Claude Fable 5 After Government Takedown, With Stricter Cybersecurity Blocks
Anthropic is redeploying Claude Fable 5 after a month-long government-mandated takedown triggered by Amazon researchers discovering a method to bypass the model's cybersecurity safeguards. The returning version includes enhanced safety classifiers that automatically block cybersecurity tasks and revert to Opus 4.8, with restricted availability through usage credits only.
Comments
Loading...