Anthropic has opened access to some companies to a new AI model under development, Claude Mythos, and introduced Glasswing, a cybersecurity project it is running with more than 40 major tech companies.

It is a step aimed at reducing the scope for hackers to misuse Claude Mythos.

Anthropic said Mythos has already found thousands of high-risk vulnerabilities across all major operating systems and web browsers. They include an OpenBSD vulnerability that went undiscovered for 27 years, a flaw in the FFmpeg video encoder that passed 5 million automated tests, and a Linux kernel vulnerability that could allow full takeover of a user device.

Using AI models to find security vulnerabilities is not new, but why should Mythos in particular be treated with caution?

In this regard, Platformer founder and editor Casey Newton pointed to Mythos' advanced reasoning capabilities. He said, "Existing models were at the level of finding vulnerabilities, but Mythos can find five vulnerabilities in a single piece of software and link them into a chained attack." He also conveyed Anthropic's view that, combined with the ability for AI to keep working for long periods on its own without humans, it could mark a turning point in cybersecurity threats.

Participants in the Glasswing project include Apple, Google, Microsoft, Cisco and Broadcom. These companies will scan major open-source systems and patch vulnerabilities.

Cisco Chief Security Officer Anthony Grieco (앤서니 그리에코) said, "AI capabilities have crossed a threshold, and the urgency of protecting critical infrastructure has fundamentally changed." Alex Stamos, chief product officer at cybersecurity company Corridor, warned, "It is less than 6 months before open-weight models catch up to foundation models' bug-detection capabilities," adding, "When that happens, any ransomware attacker will be able to find and weaponize vulnerabilities without leaving traces."

Newton also highlighted concerns about a concentration of power linked to Mythos. It means one company has become too influential in finding security vulnerabilities.

Quoting Kelsey Piper, who runs the media outlet Argument, he pointed out: "One of the things not properly addressed with Mythos is that a private company holds unbelievably powerful zero-day vulnerabilities for almost every software project you have ever heard of."

As power concentrates, risks can also rise. Newton said, "The incentive to steal Anthropic model weights has increased sharply." He added, "Glasswing rests on a very uncomfortable premise that the only way to protect ourselves from dangerous AI models is to develop such models first," and said, "Anthropic is pushing this in an environment with little regulation."