On Tuesday, artificial intelligence firm Anthropic officially unveiled "Claude Mythos," its most powerful AI model to date. The release follows an accidental leak of information regarding the model caused by a misconfiguration in a content management system.
Anthropic describes Mythos as a "step-change" in AI performance. The model is capable of not only identifying high-risk vulnerabilities but also chaining multiple exploits together to execute highly destructive attacks. During testing, Mythos uncovered a vulnerability that had remained dormant in OpenBSD for 27 years, as well as a security flaw in the FFmpeg video encoder that had evaded detection by over five million previous automated tests.
Launching the "Project Glasswing" Defense Alliance
In response to the security risks posed by Mythos, Anthropic has partnered with more than 40 global technology giants—including Apple, Google, Microsoft, Cisco, and Broadcom—to launch "Project Glasswing." The alliance aims to leverage the advanced capabilities of Mythos to proactively scan for and patch vulnerabilities across global critical infrastructure and open-source systems.
Anthropic will provide participants with $100 million in Mythos usage credits and has pledged $4 million to support open-source security projects. "AI capabilities have reached a tipping point, fundamentally changing the urgency of protecting critical infrastructure; there is no turning back," said Anthony Grieco, Chief Security and Trust Officer at Cisco.
Alex Stamos, Chief Product Officer at cybersecurity firm Corridor, noted that the Glasswing initiative is vital. He warned that open-source models could reach parity with foundation models in vulnerability discovery within six months. "At that point, ransomware actors will be able to find and exploit vulnerabilities at a very low cost, without leaving a trace," Stamos cautioned.
In its statement, Anthropic emphasized that as AI models become more autonomous, cybersecurity has reached a critical inflection point. Should these capabilities fall into the hands of criminals or state-sponsored hackers, they would pose a severe threat to both the economy and public safety. Currently, Mythos is not available to the public; Anthropic intends to focus its application on defensive tools through the Glasswing program.
The launch comes against a complex backdrop. While Anthropic is positioning the model as a defensive innovation, the company is currently embroiled in a legal dispute with the U.S. government over contract terms. Authorities had previously attempted to classify the company as a supply chain risk, citing Anthropic's refusal to modify contracts to permit large-scale domestic surveillance and the development of fully autonomous weapons. A court has since ordered a temporary stay on that classification.
