Anthropic utilizes powerful AI model for cybersecurity

Anthropic's Claude Mythos Preview model has already identified thousands of cybersecurity vulnerabilities across all major operating systems and web browsers. Instead of releasing it to the public, the company chose to quietly hand it over to organizations responsible for maintaining the internet's infrastructure. This initiative is called Project Glasswing, and its launch partners include Amazon Web Services, Apple, Google, Microsoft, and others.

Anthropic is committing up to $100 million in usage credits for Mythos Preview, along with $4 million in direct donations to open-source security organizations. The model was not specifically trained for cybersecurity tasks; however, its capabilities emerged as a downstream consequence of general improvements in code and autonomy, making it better at both patching vulnerabilities and exploiting them.

Mythos Preview has improved to the extent that it saturates existing security benchmarks, prompting Anthropic to shift its focus to novel real-world tasks, particularly zero-day vulnerabilities that were previously unknown to software developers. Among the findings was a 27-year-old bug in OpenBSD and a 17-year-old remote code execution vulnerability in FreeBSD, which allows an unauthenticated user to gain full control of a server.

Nicholas Carlini from Anthropic's research team noted that the model can chain vulnerabilities together to create sophisticated exploits. He stated, "I've found more bugs in the last couple of weeks than I found in the rest of my life combined." Despite these achievements, Anthropic does not plan to make Claude Mythos Preview generally available due to its cybersecurity capabilities.

The company previously disclosed the first documented case of a cyberattack largely executed by AI, where a Chinese state-sponsored group used AI agents to autonomously infiltrate around 30 global targets. Anthropic has also briefed senior US government officials on Mythos Preview's full capabilities, and the intelligence community is actively considering how this model could reshape both offensive and defensive hacking operations.

As part of Project Glasswing, Anthropic is also supporting open-source software developers by providing them access to AI vulnerability scanning at a scale previously out of reach. Ultimately, the company plans to deploy Mythos-class models at scale, but only when new safeguards are in place. New safeguards will first be launched with the upcoming Claude Opus model, which poses a lower risk than Mythos Preview.