Claude Mythos: Anthropic’s Advanced AI Model with Cybersecurity Potential

Claude Mythos, introduced by the US-based company Anthropic, has entered the spotlight as a trailblazing AI model. Launched in preview in April, Claude Mythos boasts sophisticated cybersecurity functions, allowing it to independently evaluate codebases and uncover “Zero-day” vulnerabilities. While it holds promise for fortifying essential software against cyber threats, there are significant worries about its potential for misuse.

What is Claude Mythos?

As detailed in Anthropic’s blog, Claude Mythos Preview is a versatile AI model designed with coding and analytical features. The company asserts that it surpasses earlier models, including Claude Opus 4.6, in performance and efficacy.

In preliminary tests, Claude Mythos revealed a 27-year-old vulnerability in OpenBSD that could allow cybercriminals to remotely crash systems merely by connecting to them. Furthermore, it detected a 16-year-old flaw in FFmpeg, a commonly used video-processing tool. These findings were made autonomously, showcasing the model’s distinct capabilities compared to its competitors.

Who Can Access Claude Mythos?

The deployment of Claude Mythos falls under “Project Glasswing,” and its access is limited to select partner companies, including Amazon Web Services (AWS), Apple, Cisco, Google, Microsoft, NVIDIA, and others, totalling around 40 companies.

Additionally, the US National Security Agency (NSA) has permission to use the model, despite incoming concerns from the government regarding potential risks. According to a report by Axios, access is currently focussed on evaluating risks to operations and clientele. This has raised questions among government authorities and researchers globally about whether these fears are justified or simply exaggerated.

Why Are Authorities Concerned About Claude Mythos?

Although the capability of Claude Mythos to discover and exploit vulnerabilities in significant operating systems and browsers is noteworthy, there are dangers highlighted in media reports regarding the potential misuse of such powerful AI models. There are fears that Claude Mythos could lead to the development of more sophisticated and damaging cyberattacks.

Anthropic notes that “Mythos Preview has already exposed thousands of high-severity vulnerabilities across all major operating systems and web browsers. Given the rapid advancements in AI technology, it may not be long before these capabilities spread, potentially reaching actors who intend to leverage them unsafely.”

Recently, leading financial authorities in the UK, including the Bank of England and the Financial Conduct Authority, have engaged in serious discussions with the National Cyber Security Centre to assess the potential threats Claude Mythos poses to essential finance-related software and systems.

Moreover, the U.S. Treasury Secretary Scott Bessen convened an urgent meeting with Wall Street executives on April 7 to discuss the cyber risks linked to Claude Mythos.

On April 17, the White House also held talks with Anthropic’s CEO, Dario Amodei, focusing on collaboration, cybersecurity measures, and ensuring a balance between innovation in AI and safety precautions.

Consequently, the preview of Claude Mythos will not be made publicly accessible until thorough safety assessments and defensive cybersecurity tests are undertaken as part of Project Glasswing. This development raises questions about how to secure technological systems while preventing the advancement of uncontrollable technologies.