model releaseAnthropic

Anthropic's Claude Mythos can find zero-day exploits faster than defenders can patch them

TL;DR

Anthropic announced Claude Mythos Preview, a new frontier model with advanced reasoning capabilities that can identify and chain together multiple vulnerabilities into novel attacks—abilities the company says outpace current defensive capabilities. The model has already discovered thousands of high-severity vulnerabilities including a 27-year-old OpenBSD flaw and exploits for multiple operating systems. To manage the risk, Anthropic launched Project Glasswing, granting early access to 40+ companies including Apple, Google, Microsoft, and Cisco, providing $100M in usage credits for defensive security work.

3 min read
0

Anthropic's Claude Mythos Can Find Zero-Day Exploits Faster Than Defenders Can Patch Them

AnthropIC announced Claude Mythos Preview on Tuesday after accidentally leaking its existence two weeks prior—a frontier AI model the company explicitly states poses serious new cybersecurity risks that outpace current defensive capabilities.

The model represents a significant capability leap. According to Anthropic's announcement, Mythos achieves 93.9% on SWE-bench Verified, a 13-percentage-point improvement over Claude Opus 4.6's 80.8% score. This performance gain comes directly from improvements in reasoning—the same general capability improvements every AI lab is pursuing—rather than specialized cyber training.

What Mythos Can Already Do

Mythos has identified thousands of high-severity vulnerabilities across major operating systems and web browsers, including:

  • A vulnerability in OpenBSD that evaded detection for 27 years
  • A flaw in FFmpeg video encoder that survived 5 million automated tests
  • Multiple Linux kernel vulnerabilities that could enable complete machine compromise

Crucially, the model can chain together separate vulnerabilities into novel attacks—a capability current models lack. Combined with AI systems' growing ability to operate without human supervision for extended periods, researchers say this represents an inflection point in cybersecurity risk.

Project Glasswing: Controlled Deployment

Rather than releasing Mythos broadly, Anthropic launched Project Glasswing, a coalition of 40+ companies including Apple, Google, Microsoft, Cisco, and Broadcom. Participants receive $100 million in model usage credits to scan and patch vulnerabilities in their own systems and critical open-source infrastructure. Anthropic is also donating $4 million to open-source security initiatives.

Alex Stamos, chief product officer at Corridor and former security lead at Facebook and Yahoo, called Glasswing "a big deal, and really necessary." He warned that "open-weight models will catch up to foundation models in bug finding within six months, at which point every ransomware actor will be able to find and weaponize bugs without leaving traces."

Cisco's chief security officer Anthony Grieco stated: "AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats, and there is no going back."

The Uncomfortable Premise

Glasswing rests on a deeply uncomfortable foundation: the only way to defend against dangerous AI capabilities is for a safety-focused lab to build them first. This centralizes both power and risk. Anthropic now possesses zero-day exploits for virtually all major software systems—a capability whose theft would represent a severe security threat.

The timing is awkward. The Trump administration is resisting AI regulation while the US government previously attempted to declare Anthropic a supply chain risk after it refused to include mass domestic surveillance and autonomous weapons in Pentagon contracts. Anthropic briefed senior government officials including CISA before the announcement but faces unclear government interest in collaboration.

Timeline Uncertainty

Stamos offered two scenarios: an optimistic timeline where superhuman capabilities find a finite, patchable set of flaws, and a pessimistic one where each model release discovers new classes of vulnerabilities we "never even imagined." The actual outcome remains unknowable.

What this means

Mythos validates Anthropic's founding thesis—that a safety-focused lab building frontier models could discover dangerous capabilities first and lead mitigation efforts. However, it also demonstrates that unregulated AI development can create genuine national security risks when capability gains in general reasoning translate directly into cybersecurity threats. The race between Anthropic's responsible disclosure through Glasswing and the inevitable proliferation of these capabilities to open-weight models may determine whether critical infrastructure survives the next two years of AI progress intact.

Related Articles

model release

Anthropic Restores Claude Fable 5 After Government Takedown, With Stricter Cybersecurity Blocks

Anthropic is redeploying Claude Fable 5 after a month-long government-mandated takedown triggered by Amazon researchers discovering a method to bypass the model's cybersecurity safeguards. The returning version includes enhanced safety classifiers that automatically block cybersecurity tasks and revert to Opus 4.8, with restricted availability through usage credits only.

product update

Anthropic Launches Claude Desktop App for Linux, Local AI Integration Fails

Anthropic has released an official Linux desktop app for Claude, bringing feature parity with macOS and Windows versions. However, the app currently fails to reliably connect to locally-installed AI models like Ollama, limiting Linux users to cloud-based Anthropic plans.

product update

Anthropic launches Claude Science beta with NVIDIA BioNeMo integration for life sciences research

Anthropic has launched the public beta of Claude Science, an AI workbench for scientific research that integrates NVIDIA's BioNeMo Agent Toolkit. The platform allows scientists to execute end-to-end research workflows using natural language commands to interact with digital agents.

model release

Anthropic launches Claude Sonnet 5, restores Fable and Mythos models after 18-day US export control pause

Anthropic has launched Claude Sonnet 5 and restored access to its Fable and Mythos frontier models after an 18-day operational pause. The suspension began June 12 following a US government export control directive targeting the company's highest-capability systems.

Comments

Loading...

Claude Mythos: Anthropic's dangerous new AI model | TPS