Anthropic announced that its as-yet-unreleased artificial intelligence (AI) model, called Claude Mythos, has demonstrated a remarkable ability to detect vulnerabilities in software.

Mythos has exposed thousands of flaws in commonly used applications for which there is currently no patch or fix, leading the San Francisco-based AI startup to form an alliance with Cybersecurity specialists to strengthen defenses against cyberattacks. According to the company, the system has identified serious flaws even in widely used operating systems and browsers, some of which had gone undetected for decades.

“We have a new model that we are explicitly not going to release to the public,” said Mike Krieger of Anthropic Labs at the HumanX AI conference in San Francisco.

An AI model that will not be public

Instead, Anthropic is allowing cybersecurity specialists and engineers from the open-source community to work with Mythos to use the model as a defensive weapon, “in a way arming them in advance,” Krieger explained.

Advances in the capabilities of AI models have raised concerns about the use of these tools by hackers to crack passwords or break encryption intended to protect data.

This risk has raised alarms even in the US financial sector, which has been warning for years about the potential for large-scale cyberattacks. The oldest of the vulnerabilities discovered by Mythos dates back 27 years, and none had apparently been detected by its creators before being identified by the AI ??model, according to Anthropic. Mythos is the latest generation of Anthropic's Claude AI family, and a recent leak of some of its code led the startup to publish a blog post warning that it posed unprecedented cybersecurity risks.

“AI models have reached a level of programmability that allows them to outperform all but the most specialized humans in finding and exploiting software vulnerabilities,” Anthropic noted on its blog.

“The consequences—for economies, public safety, and national security—could be severe.”

The vulnerabilities exposed by Mythos used to be subtle and difficult to detect without AI, according to Anthropic. As an example, the company indicated that Mythos found a previously unnoticed flaw in video software that had been tested more than five million times by its creators.

Concern about these capabilities has already reached Washington. According to the Financial Times and Bloomberg, US Treasury Secretary Scott Bessent recently convened the top executives of several of the country's largest banks to address the cybersecurity risks associated with the new model.

The meeting was attended by executives from Bank of America, Citigroup, Goldman Sachs, Morgan Stanley, and Wells Fargo, as well as Federal Reserve Chairman Jay Powell. Although JPMorgan Chase CEO Jamie Dimon was invited, he was unable to attend. In his annual letter to shareholders, Dimon warned that cyber threats remain one of the “greatest risks” to the financial system and that artificial intelligence will “almost certainly worsen this threat.” Project Glasswing: A Cybersecurity Alliance As a precautionary measure, Anthropic has shared a version of Mythos with cybersecurity firms CrowdStrike and Palo Alto Networks, as well as Amazon, Apple, and Microsoft, in a project it called “Glasswing.” Restricted access is part of a deliberate strategy by the company to allow a limited group of partners to identify and correct vulnerabilities before the system becomes more widely available. Networking giants Cisco and Broadcom are also involved in the project, along with the Linux Foundation, which promotes the free and open-source Linux operating system. “This work is too important and too urgent to do alone,” said Anthony Grieco, Cisco’s chief security and trust officer, in a joint statement about Glasswing. “AI capabilities have crossed a threshold that fundamentally changes the urgency needed to protect critical infrastructure from cyber threats, and there is no turning back.” Approximately 40 organizations involved in the design, maintenance, or operation of computer systems are said to have joined Glasswing. Project partners will share their findings with Mythos, according to Anthropic.which contributes computing resources valued at approximately $100 million to the initiative.

What Mythos Can Change in Digital Defense

Initial work with AI models has shown they can help find and fix software and hardware vulnerabilities at a rate and scale that was previously impossible, according to Grieco.

“The window between the discovery of a vulnerability and its exploitation by an adversary has closed: what used to take months now happens in minutes with AI,” said Elia Zaitsev, Chief Technology Officer of CrowdStrike.

“Claude Mythos Preview demonstrates what is now possible for defenders at scale, and adversaries will inevitably seek to exploit the same capabilities.”

Anthropic noted that it has held discussions with the U.S. government regarding Mythos, despite a White House executive order in February to terminate all contracts with the startup.

That directive was suspended by a federal judge while the appeal The legal action filed by Anthropic is proceeding through the courts. As far as is known, this is also the first time the company has decided to limit initial access to one of its artificial intelligence models, a sign of the extent to which its own capabilities have raised concerns within the technology industry and among authorities. FEW (AFP, EFE)a sign of the extent to which its own capabilities have aroused concern within the technology industry and among the authorities.