Anthropic’s most advanced AI model, Claude Mythos Preview, has demonstrated an unprecedented ability to identify thousands of cybersecurity vulnerabilities across all major operating systems and web browsers. Instead of releasing this potent tool, Anthropic has opted for a strategic, controlled distribution through its “Project Glasswing” initiative, aiming to bolster global digital defenses.
This proactive approach involves furnishing early access to Claude Mythos Preview to a select group of industry leaders and critical infrastructure organizations. Launch partners include technology giants such as Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, Microsoft, and Nvidia, alongside financial powerhouse JPMorgan Chase and the foundational Linux Foundation. The initiative also extends to over 40 other organizations instrumental in building and maintaining vital software ecosystems. Anthropic is backing Project Glasswing with up to $100 million in usage credits for Mythos Preview and an additional $4 million in direct donations to open-source security organizations.
A Model That Outgrew Its Own Benchmarks
Claude Mythos Preview was not initially designed with cybersecurity as its primary function. Anthropic revealed that its remarkable security detection capabilities emerged as an unforeseen “downstream consequence” of general advancements in its code comprehension, reasoning, and autonomy. This dual nature means that the very improvements enhancing the model’s ability to patch vulnerabilities also equip it to exploit them with formidable efficiency.
This dual-use potential is a critical factor. Mythos Preview has advanced to a point where it largely saturates existing security benchmarks. This has necessitated a pivot in Anthropic’s strategy, shifting focus towards identifying novel, real-world threats, particularly zero-day vulnerabilities – flaws previously unknown to software developers. Among its significant discoveries are a 27-year-old bug in OpenBSD, an operating system renowned for its robust security, and a 17-year-old remote code execution vulnerability in FreeBSD (CVE-2026-4747). In the latter instance, the model autonomously identified and exploited the flaw, granting unauthenticated users internet-wide access and complete control over servers running the Network File System (NFS). This entire process, from discovery to exploitation, occurred without any human intervention beyond the initial prompt.
Nicholas Carlini from Anthropic’s research team highlighted the model’s sophisticated exploit chaining capabilities. “This model can create exploits out of three, four, or sometimes five vulnerabilities that in sequence give you some kind of very sophisticated end outcome,” he explained. “I’ve found more bugs in the last couple of weeks than I found in the rest of my life combined.”
Why It’s Not Being Released Publicly
“We do not plan to make Claude Mythos Preview generally available due to its cybersecurity capabilities,” stated Newton Cheng, Frontier Red Team Cyber Lead at Anthropic. “Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely. The fallout – for economies, public safety, and national security – could be severe.”
This concern is not merely theoretical. Anthropic previously disclosed what it identified as the first documented cyberattack significantly executed by AI. A Chinese state-sponsored group leveraged AI agents to autonomously infiltrate approximately 30 global targets, with AI handling the majority of tactical operations independently. Anthropic has also privately briefed senior U.S. government officials on Mythos Preview’s full potential, and the intelligence community is actively assessing how such advanced models could fundamentally reshape both offensive and defensive cyber operations.
Addressing the Open-Source Vulnerability Gap
A crucial facet of Project Glasswing extends beyond its headline coalition to address the inherent security challenges within open-source software. Jim Zemlin, CEO of the Linux Foundation, articulated the issue: “In the past, security expertise has been a luxury reserved for organizations with large security teams. Open-source maintainers, whose software underpins much of the world’s critical infrastructure, have historically been left to figure out security on their own.”
Anthropic’s commitment includes significant financial contributions to open-source security initiatives. Through the Linux Foundation, the company has donated $2.5 million to Alpha-Omega and the OpenSSF, and an additional $1.5 million to the Apache Software Foundation. These donations provide maintainers of critical open-source codebases with unprecedented access to AI-driven vulnerability scanning at a scale previously unattainable, democratizing advanced security measures.
The Path Forward for Advanced AI Security
Anthropic’s ultimate objective is to deploy Mythos-class models at scale, but this will only occur once robust safeguards are established. The company plans to introduce these new safety protocols with an upcoming Claude Opus model. This staged approach will allow Anthropic to refine its safeguards with a model that poses a lower risk profile than Mythos Preview.
The competitive landscape for advanced AI models is rapidly evolving. OpenAI’s February release of GPT-5.3-Codex, classified under its Preparedness Framework as high-capability for cybersecurity tasks, signals a broader industry trend. Anthropic’s strategic move with Project Glasswing underscores the emerging consensus among leading AI labs: controlled deployment, rather than open release, is becoming the standard for models possessing such potent capabilities. The long-term question remains whether this standard will be maintained as these sophisticated AI tools become more widely accessible.
Original article, Author: Samuel Thompson. If you wish to reprint this article, please indicate the source:https://aicnbc.com/20509.html
