The AI Model that Could Reveal the Dark Side of Cybersecurity
Anthropic’s AI model Claude Mythos was discovered due to unpublished information in a publicly accessible database, and the company is now teaming with the biggest companies in the world to let it flag potential security vulnerabilities within their systems. The limited release of Mythos, dubbed Project Glasswing, includes about 40 organizations that will have access to a preview version of the model that is supposedly better than “all but the most skilled humans” at finding software vulnerabilities. Launch partners for the project include Amazon Web Services, Apple, Google, JPMorganChase, Microsoft, and NVIDIA, among others.
According to Anthropic, the early returns from the collaboration have been jarring, as the company claims to have found “thousands of high-severity vulnerabilities,” including some in every major operating system and web browser. It’s unsurprising, given those apparent revelations of serious security flaws, that Anthropic believes the model “could reshape cybersecurity.” But to go from keeping it under wraps because it’s too powerful to release to deploying it across essential tech infrastructure is a bit of a leap.
The Power of Claude Mythos
Claude Mythos is a testament to the power of artificial intelligence in cybersecurity. In benchmark tests, Mythos Preview consistently outperformed Claude Opus 4.6, including on the CyberGym test that seeks to identify how well AI agents can detect and reproduce real-world software vulnerabilities. The model’s capabilities are so impressive that it even found a bug in the open-source operating system OpenBSD that had been there for 27 years and spotted a chain of vulnerabilities in Linux that could be used to completely hijack a machine.
From Potential Risks to Cybersecurity Tool
Just weeks ago, when Mythos was first discovered, Anthropic was positioning the model as being so powerful that it would present unprecedented cybersecurity risks. The company hasn’t totally backed off that notion—it said that it won’t make Mythos Preview available to the public because of the risks it poses to facilitate cybersecurity attacks. However, the fact that it’s now being deployed across essential tech infrastructure suggests a shift in its positioning.
The AI Hype Cycle
Anthropic’s handling of Mythos is reminiscent of the AI hype cycle, where tools are presented as world-altering (and potentially world-destroying) entities, only to be revealed as less impactful than initially claimed. The playbook is familiar: a tool is touted as a game-changer, only to be released without the expected fanfare. In the case of Claude Opus 4.6, the model was released with a fanfare, but its impact was less than expected.
The Future of Cybersecurity
AI models like Mythos will likely play a significant role in the future of cybersecurity, working both as a tool for exploitation and protection. It’ll also likely have a never-ending flow of work in front of it, as AI models like its cousin Claude continue to produce vibe-coded outputs filled with flaws. That’s one way to ensure job security.
The Verdict
Anthropic’s Project Glasswing is a bold move, but it’s hard to remove Anthropic’s positioning of Mythos from the long history of AI hype cycles. While it’s true that AI models like Mythos could reshape cybersecurity, it’s also possible that they could present unprecedented risks. Only time will tell if Anthropic has made the right call in deploying the model across essential tech infrastructure.
The Early Returns from Project Glasswing
According to Anthropic, the early returns from the collaboration have been jarring, as the company claims to have found “thousands of high-severity vulnerabilities,” including some in every major operating system and web browser. This is a stark contrast to the initial warnings about the model’s potential risks, which seemed to suggest that it would be too powerful to be released.
The Anecdotes
Anthropic cites several anecdotes to demonstrate the model’s capabilities. Mythos found a bug in the open-source operating system OpenBSD that had been there for 27 years and spotted a chain of vulnerabilities in Linux that could be used to completely hijack a machine. These anecdotes support the notion that Mythos is a powerful tool for cybersecurity.
The Benchmark Tests
Mythos Preview consistently outperformed Claude Opus 4.6 in benchmark tests, including on the CyberGym test that seeks to identify how well AI agents can detect and reproduce real-world software vulnerabilities. This suggests that Mythos is a highly effective tool for cybersecurity.
The Deployment of Mythos
The fact that Mythos is being deployed across essential tech infrastructure is a significant development. It suggests that Anthropic believes the model is a valuable tool for cybersecurity, despite the initial warnings about its potential risks.
The AI Hype Cycle
Anthropic’s handling of Mythos is reminiscent of the AI hype cycle, where tools are presented as world-altering (and potentially world-destroying) entities, only to be revealed as less impactful than initially claimed. This raises questions about the impact of AI models like Mythos on the future of cybersecurity.
Conclusion
Anthropic’s Project Glasswing is a bold move, but it’s hard to remove Anthropic’s positioning of Mythos from the long history of AI hype cycles. While it’s true that AI models like Mythos could reshape cybersecurity, it’s also possible that they could present unprecedented risks. Only time will tell if Anthropic has made the right call in deploying the model across essential tech infrastructure.
