Anthropic released a preview version of its new model, Claude Mythos, on the 7th. This model will initially be provided to a select group of partners for security defense efforts.
The preview version of Anthropic’s new Claude Mythos model reveals a fact: “AI models have reached a level of programming capability that surpasses all humans except the top experts in discovering vulnerabilities and finding exploitation methods,” Anthropic stated.
Claude Mythos differs significantly from Claude Opus 4.6. Anthropic recently acknowledged that Claude Opus 4.6 performed poorly in developing effective exploit code, with a near-zero success rate, while the Claude Mythos preview version boasts a 72.4% success rate. Exploit development here refers to analyzing security flaws in software, systems, or hardware and writing specialized code to exploit these weaknesses.
Over the past few weeks, Anthropic has used a preview version of Claude Mythos to identify thousands of zero-day vulnerabilities (security flaws unknown to software developers), some of which are quite serious and exist in every major operating system, web browser, and a range of critical software applications.
Instead of releasing Claude Mythos publicly, Anthropic has made a preview version available to industry partners so they can identify vulnerabilities in their own systems.
Therefore, Anthropic launched Project Glasswing, a cybersecurity initiative with industry partners including AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, to apply Claude Mythos to defensive security efforts.
In addition to these tech giants using Claude Mythos to scan their own systems, Anthropic has invited approximately 40 organizations to participate in this vulnerability discovery program, providing up to $100 million in Claude Mythos usage credits and directly donating $4 million to open-source security organizations.
News about Claude Mythos leaked last month when a draft of an official Anthropic blog post revealed the new product. Details released on the 7th stated, “In our tests, the Claude Mythos preview version, with user instructions, can identify and exploit zero-day vulnerabilities in all major operating systems and major web browsers.” Anthropic cited an example: the Claude Mythos preview version discovered a 27-year-old vulnerability in OpenBSD. OpenBSD is considered one of the world’s most secure operating systems, often used to run firewalls and other critical infrastructure. This vulnerability allows attackers to remotely control and cripple any machine running OpenBSD, a vulnerability that the Claude Mythos preview version was able to find.
Anthropic believes that no single organization can solve cybersecurity problems alone. AI developers, software companies, cybersecurity researchers, open-source maintainers, and governments around the world all play crucial roles in maintaining information security. Project Glasswing is just a starting point; action must be taken now to ultimately succeed.
About The Author
