Anthropic previews Mythos, claims it found thousands of zero-day vulnerabilities in cybersecurity initiative
Anthropic unveiled a preview of Mythos, a frontier model it claims is the most powerful in its Claude lineup, for use in Project Glasswing—a cybersecurity initiative with 40+ partner organizations. According to Anthropic, Mythos identified thousands of zero-day vulnerabilities, many critical and up to two decades old, during early testing. The model will not be made generally available and is restricted to defensive security work by vetted partners.
Anthropic Previews Mythos Frontier Model for Cybersecurity Initiative
Anthropio on Tuesday released a limited preview of Mythos, claiming it as the most powerful model in its Claude AI lineup, exclusively for cybersecurity applications through a new program called Project Glasswing.
The model will be deployed by more than 40 partner organizations—including Amazon, Apple, Broadcom, Cisco, CrowdStrike, the Linux Foundation, Microsoft, and Palo Alto Networks—for defensive security work and vulnerability identification in first-party and open-source software systems.
Vulnerability Claims
According to Anthropic, Mythos identified "thousands of zero-day vulnerabilities, many of them critical" within weeks of initial testing. The company claims many of these vulnerabilities date back one to two decades, suggesting the model can surface long-undetected security issues across established codebases.
While the model was not specifically trained for cybersecurity work, Anthropic positions it as a general-purpose frontier model with "strong agentic coding and reasoning skills" suitable for complex tasks including agent-building and coding-related security analysis.
Limited Availability and Governance
Anthropio made clear that Mythos will not be made available to the general public. Partner organizations participating in Project Glasswing are expected to share their findings with the broader tech industry to advance collective cybersecurity knowledge.
The company also claims to be in "ongoing discussions" with federal officials regarding Mythos deployment. These discussions occur amid an active legal dispute between Anthropic and the Trump administration, which labeled the company a supply-chain risk after Anthropic refused to enable autonomous targeting or surveillance capabilities.
Background and Leak Context
Details about Mythos emerged following a data security incident last month in which a draft blog post and related documentation were left accessible in an unsecured cache. The leak, which Anthropic attributed to "human error," contained the model's original codename: "Capybara."
The exposed documentation stated that the model was "larger and more intelligent than our Opus models" and described it as "by far the most powerful AI model we've ever developed." The leak also noted potential dual-use risks, acknowledging that adversaries could theoretically weaponize the model to discover vulnerabilities rather than patch them.
This incident compounds recent operational security challenges. In March, Anthropic accidentally exposed nearly 2,000 source code files and over half a million lines of code through a mistake in the Claude Code software package version 2.1.88. The subsequent cleanup effort inadvertently triggered mass removal of thousands of code repositories on GitHub.
What This Means
Anthropio is positioning Mythos as a specialized frontier model for high-stakes defensive security applications rather than general-purpose use. The restricted preview with vetted partners resembles a staged rollout approach common for models with dual-use risk potential. The vulnerability claims, if independently verified, would represent meaningful security impact; however, the lack of public benchmarks or third-party validation means claims about discovery rates remain unverified. The ongoing federal discussions and legal disputes add complexity to what appears to be a deliberate, security-conscious deployment strategy for its most powerful model to date.
Related Articles
Anthropic Restores Claude Fable 5 After Government Takedown, With Stricter Cybersecurity Blocks
Anthropic is redeploying Claude Fable 5 after a month-long government-mandated takedown triggered by Amazon researchers discovering a method to bypass the model's cybersecurity safeguards. The returning version includes enhanced safety classifiers that automatically block cybersecurity tasks and revert to Opus 4.8, with restricted availability through usage credits only.
US lifts export restrictions on Anthropic's Mythos and Fable models after compliance agreement
The US government has removed export restrictions on Anthropic's Mythos and Fable models, ending a ban that forced the company to cut off public access on June 12. Anthropic will begin restoring access on July 1 after agreeing to proactively detect security risks and coordinate with the US government on protocols for current and future model releases.
Anthropic Launches Claude Desktop App for Linux, Local AI Integration Fails
Anthropic has released an official Linux desktop app for Claude, bringing feature parity with macOS and Windows versions. However, the app currently fails to reliably connect to locally-installed AI models like Ollama, limiting Linux users to cloud-based Anthropic plans.
Anthropic launches Claude Science beta with NVIDIA BioNeMo integration for life sciences research
Anthropic has launched the public beta of Claude Science, an AI workbench for scientific research that integrates NVIDIA's BioNeMo Agent Toolkit. The platform allows scientists to execute end-to-end research workflows using natural language commands to interact with digital agents.
Comments
Loading...