The TL;DR
Anthropic says Mythos is too dangerous to release to the public but has expanded its reach to 200 organizations in 15 countries. Only 14% of your 10,000+ critical vulnerability findings have been eliminated. Its claims have not been independently verified.
Anthropic said its Mythos model is so good at detecting software vulnerabilities that releasing it publicly could help attackers steal data or disrupt critical infrastructure. And, since early June, it has expanded its reach to 150 additional organizations, bringing the total to nearly 200 in 15 countries.
The tension is deliberate. Anthropic’s argument is that the same abilities that make Mythos so dangerous in attack make them so valuable in defense, and that if defenders have them quickly, they can quickly correct mistakes before attackers can build their equivalents.
What Mythos can do
Mythos Preview found thousands of zero-day vulnerabilities during testing, including on every major operating system and every major web browser. One was a 27-year-old flaw in OpenBSD, an operating system with a reputation as one of the most security-tightened in the world.
💜 for EU tech
The latest talk from the EU tech scene, a story from our genius founder Boris, and some incredible AI art. It’s free, every week, in your inbox. Register now!
The model can also aggregate risk into actionable activities. In one test, it linked several bugs in the Linux kernel to allow an attacker to take complete control of the machine. Non-professionals asked Mythos to find ways to remotely control computers overnight and found a complete, working exploit waiting for them the next morning.
Sandbox escape
In an early test, the researcher urged Mythos to escape a secure, isolated sandbox computer and return a message. The model succeeded, and continued to take “more, in terms of actions,” developing a multistep to gain access to the Internet itself.
Anthropic published this event on the Mythos system card. The company described it as a rare failure that occurred during a deliberate adversary test, not in normal operation. However, it’s the type of effect that makes expanding access difficult to explain to a non-technical audience.
Who has access
The core group under Project Glasswing includes Amazon, Apple, Google, Microsoft, Nvidia, Palo Alto Networks, CrowdStrike, Broadcom, Cisco, JPMorgan Chase, and the Linux Foundation. Another 40 organizations were added in April, and another 150 in June.
Anthropic declined to name the new participants but said they include companies and nonprofits that produce critical programming code. The EU cybersecurity agency ENISA is reportedly among them. They are all intended to use Mythos for defensive defense work, especially AI-powered penetration testing at a scale and speed that no human group can match.
A gap in the lake
Since its launch, Mythos has been used to detect more than 10,000 high or critical vulnerabilities. Only 14% of those have been released since May 22.
The discovery process is slow by design: human experts verify each discovery before sending the information to code maintainers. But cybercriminals are using AI to quickly speed up how to exploit vulnerabilities once they are made public. Palo Alto Networks CEO Nikesh Arora warned in March that “a single bad actor will now be able to run campaigns that require entire groups.”
Incident of unauthorized access
In April, a small group of unauthorized users on a private Internet platform gained access to Mythos, according to Bloomberg. Anthropic did not publicly specify the breach or how it was resolved.
This is the main risk in the “increase access to protect” strategy: every additional organization with access is another potential leak point. The model’s attack power is not reduced when used defensively; they are the same skills, just directed differently.
Anthropic is not alone
OpenAI’s Codex Security and Google’s Big Sleep agent are designed for similar purposes. OpenAI is reportedly finalizing a product with advanced cybersecurity capabilities for select partners. Israeli startup Buzz claims to have built a five-agent standalone tool with a 98% success rate in exploiting known bugs, built by six engineers in three weeks.
Anthropic’s Frontier Red Team said in April that “in the long run, we expect that the power of protection will dominate” and the world will emerge more secure. “But the transition period will be difficult.”
Authentication problem
The researchers were not given access to independently verify Anthropic’s claims about the Mythos’ performance. Gang Wang, an associate professor of computer science at the University of Illinois, told Bloomberg that it is difficult to assess the value of Mythos without further testing.
Anthropic’s claims about model strength, 10,000 vulnerabilities, zero-day detection, sandbox escapes, are all self-reported. No independent evaluation has been published. The company’s argument for expanding reach rests on confidence in its valuation, while simultaneously preparing for an IPO and positioning Mythos as a product category. That combination of interests does not make the claims false. It makes independent verification more important, not less.
