What is the story about?
Anthropic has taken the unusual step of holding back one of its most advanced artificial intelligence models, even as competition in the sector intensifies.
The company says the decision is deliberate and necessary. Its unreleased model, Claude Mythos, is simply too powerful when it comes to identifying and exploiting software vulnerabilities.
“AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities,” Anthropic said in a blog post. “The fallout – for economies, public safety, and national security – could be severe.”
That warning underscores a growing concern in the AI industry: that rapid advances in model capability may outpace the world’s ability to secure itself against misuse.
Unlike most AI launches that are accompanied by public demos and developer access, Claude Mythos is being kept behind closed doors. “We have a new model that we’re explicitly not releasing to the public,” Mike Krieger of Anthropic Labs said at a HumanX AI conference in San Francisco.
The model, part of the broader Claude family, has demonstrated an extraordinary ability to uncover weaknesses in widely used software. According to Anthropic, Mythos has already identified thousands of vulnerabilities, many of which had gone undetected for years. The oldest dates back 27 years.
In one instance, the AI discovered a subtle flaw in video software that had been tested more than five million times by its developers without detection. These findings highlight how traditional testing methods may struggle to keep up with increasingly complex systems.
Such capabilities have raised fears that, in the wrong hands, similar tools could be used to crack passwords, bypass encryption, or exploit critical infrastructure. A recent leak of portions of Mythos’s code only heightened these concerns, prompting Anthropic to publicly acknowledge the model’s potential risks.
Rather than releasing Mythos widely, Anthropic is deploying it as part of a coordinated cybersecurity effort. The company has launched an initiative called Project Glasswing, bringing together around 40 organisations involved in building and maintaining digital infrastructure.
“This work is too important and too urgent to do alone,” Anthony Grieco, Cisco’s chief security and trust officer, said in a joint release about Glasswing. “AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats, and there is no going back.”
Through Glasswing, Anthropic is sharing controlled access to Mythos with cybersecurity firms and major technology companies, including CrowdStrike, Palo Alto Networks, Amazon, Apple and Microsoft. Networking giants Cisco and Broadcom are also participating, alongside the Linux Foundation.
The goal is to use the model as a defensive tool, allowing experts to identify and patch vulnerabilities before malicious actors can exploit them. As Krieger explained, Anthropic is effectively “arming them ahead of time”.
To support the effort, the company is committing roughly $100 million in computing resources. Early results suggest that AI can dramatically accelerate the discovery and remediation of both software and hardware flaws, operating at a scale previously unattainable.
Anthropic has also held discussions with the US government regarding Mythos, even as it navigates a legal challenge over a directive to terminate federal contracts with the company.
For now, Claude Mythos represents both the promise and peril of next-generation AI: a tool capable of strengthening digital defences, but one that must be handled with extreme caution.
The company says the decision is deliberate and necessary. Its unreleased model, Claude Mythos, is simply too powerful when it comes to identifying and exploiting software vulnerabilities.
“AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities,” Anthropic said in a blog post. “The fallout – for economies, public safety, and national security – could be severe.”
That warning underscores a growing concern in the AI industry: that rapid advances in model capability may outpace the world’s ability to secure itself against misuse.
Claude Mythos AI model: Why Anthropic is withholding public release
Unlike most AI launches that are accompanied by public demos and developer access, Claude Mythos is being kept behind closed doors. “We have a new model that we’re explicitly not releasing to the public,” Mike Krieger of Anthropic Labs said at a HumanX AI conference in San Francisco.
The model, part of the broader Claude family, has demonstrated an extraordinary ability to uncover weaknesses in widely used software. According to Anthropic, Mythos has already identified thousands of vulnerabilities, many of which had gone undetected for years. The oldest dates back 27 years.
In one instance, the AI discovered a subtle flaw in video software that had been tested more than five million times by its developers without detection. These findings highlight how traditional testing methods may struggle to keep up with increasingly complex systems.
Such capabilities have raised fears that, in the wrong hands, similar tools could be used to crack passwords, bypass encryption, or exploit critical infrastructure. A recent leak of portions of Mythos’s code only heightened these concerns, prompting Anthropic to publicly acknowledge the model’s potential risks.
Project Glasswing and AI cybersecurity: How Anthropic is using Mythos defensively
Rather than releasing Mythos widely, Anthropic is deploying it as part of a coordinated cybersecurity effort. The company has launched an initiative called Project Glasswing, bringing together around 40 organisations involved in building and maintaining digital infrastructure.
“This work is too important and too urgent to do alone,” Anthony Grieco, Cisco’s chief security and trust officer, said in a joint release about Glasswing. “AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats, and there is no going back.”
Through Glasswing, Anthropic is sharing controlled access to Mythos with cybersecurity firms and major technology companies, including CrowdStrike, Palo Alto Networks, Amazon, Apple and Microsoft. Networking giants Cisco and Broadcom are also participating, alongside the Linux Foundation.
The goal is to use the model as a defensive tool, allowing experts to identify and patch vulnerabilities before malicious actors can exploit them. As Krieger explained, Anthropic is effectively “arming them ahead of time”.
To support the effort, the company is committing roughly $100 million in computing resources. Early results suggest that AI can dramatically accelerate the discovery and remediation of both software and hardware flaws, operating at a scale previously unattainable.
Anthropic has also held discussions with the US government regarding Mythos, even as it navigates a legal challenge over a directive to terminate federal contracts with the company.
For now, Claude Mythos represents both the promise and peril of next-generation AI: a tool capable of strengthening digital defences, but one that must be handled with extreme caution.
