Anthropic’s Mythos Could Break the Internet
Quick Reads
- Anthropic has unveiled its most powerful AI model yet, called Mythos, but is refusing to release it to the public because it says the model is too dangerous.
- Mythos has already found thousands of previously unknown security flaws across every major operating system and every major web browser, including a bug that had been sitting undetected in OpenBSD for 27 years.
- Under a new initiative called Project Glasswing, Anthropic is giving over 50 companies, including Apple, Microsoft, Google, Amazon, Nvidia, and JPMorgan Chase, controlled access to the model to patch critical vulnerabilities before hackers find them.
- The model was not specifically trained to hack. Anthropic says its hacking ability emerged on its own as a side effect of general improvements in coding, reasoning, and autonomy, and that is precisely what worries experts.
- This is the first time in nearly seven years that a leading AI company has publicly withheld a model from release over safety concerns.
Anthropic released a preview of its new frontier model, Mythos, describing it as one of its “most powerful” yet, and deployed it through a new security initiative called Project Glasswing, in which more than 40 partner organisations will use the model exclusively for defensive security work. The reason for the restricted release is blunt: Anthropic’s Frontier Red Team Cyber Lead Newton Cheng told VentureBeat the company does not plan to make Mythos generally available due to its cybersecurity capabilities, warning that “the fallout for economies, public safety, and national security could be severe” if such capabilities proliferated beyond actors committed to safe deployment. It is the first time since OpenAI withheld GPT-2 in 2019 that a leading AI lab has publicly pulled back a model on safety grounds.
What Mythos can do is genuinely alarming. The model fully autonomously identified and then exploited a 17-year-old remote code execution vulnerability in FreeBSD that allows anyone to gain complete control over a server from anywhere on the internet, with no human involved in either discovery or exploitation after the initial instruction to find the bug. Critically, Anthropic says it did not train Mythos to have these capabilities; they emerged as a downstream consequence of general improvements in code, reasoning, and autonomy.
Project Glasswing’s launch partners include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks, with Anthropic committing up to $100 million in usage credits for Mythos Preview across the effort and $4 million in direct donations to open-source security organisations. The urgency behind the project is real. Alex Stamos, former head of security at Facebook and Yahoo, told Wired that the window to act is tight: “We only have something like six months before the open-weight models catch up to the foundation models in bug finding at which point every ransomware actor will be able to find and weaponise bugs without leaving traces for law enforcement to find.”
For Africa and other regions where digital infrastructure is being rapidly built from mobile banking to government systems, the stakes are not abstract. Fewer than 1% of the vulnerabilities Mythos found have been patched so far, meaning the world’s most critical software is still exposed. What Project Glasswing buys is time. Whether that time is enough is a question nobody can yet answer.
