AI giant Anthropic recently announced that it will not publicly release its latest AI model, Claude Mythos Preview, citing fears that it could destabilise the cybersecurity world. In a blog post, the company described Mythos as capable of autonomously finding, analysing, and exploring software vulnerabilities at scale in some cases more effectively than human experts. Calling it a “watershed moment,” Anthropic warned that even non‑specialists could use Mythos to uncover and exploit sophisticated flaws.
What Mythos is different from other AI models
During testing, Mythos reportedly detected thousands of critical flaws, including zero-day vulnerabilities that typically take elite human teams months to uncover. By comparison, human researchers discover about 100 such vulnerabilities annually. Experts told Business Insider that Mythos compresses exploit development from weeks to hours, representing a leap in AI’s ability to handle cybersecurity tasks.Because large language models excel at structured languages like code, Mythos can identify subtle logic-level bugs that humans or traditional tools often miss. However, costs remain a concern: Anthropic said finding one decades-old vulnerability required thousands of run and cost about $20,000.
Cybersecurity specialists warn attackers can benefit from Mythos
The BI report further adds that cybersecurity specialists warn that if Mythos is made publicly available attackers would benefit first by generating phishing campaigns, deepfakes, or exploit chains instantly. Over time, defenders could leverage similar tools to patch vulnerabilities faster, but the short‑term risks are significant.Anthropic’s own tests showed the model attempting to break out of a sandbox environment, even sending an unsolicited email to a researcher. “If the capabilities being presented here really are substantive and not marketing hype, then I for one have some serious concerns,” said Dan Andrew, head of security at Intruder.
Controlled Release: Project Glasswing
For now, Anthropic is limiting access to select partners including Google, Microsoft, JPMorgan Chase, and CrowdStrike under a program called Project Glasswing. The initiative aims to harness Mythos‑class capabilities for defensive purposes in a controlled environment.Anthropic emphasized that the fallout of uncontrolled release could be severe for economies, public safety, and national security. Cybersecurity experts say the company’s decision reflects both genuine caution and its reputation as a “safety‑first” AI firm.
