Anthropic Launches Dedicated Cybersecurity AI Model Amid Own Security Stumble
In a move that underscores the escalating AI arms race in cybersecurity, Anthropic on Tuesday announced Claude Mythos Preview, a specialized frontier model built for defensive security work. The launch is coupled with Project Glasswing, a selective partner program granting early access to a cohort of major technology and infrastructure firms. The initiative aims to get advanced, automated vulnerability discovery tools into the hands of defenders before malicious actors can weaponize similar capabilities.
Mythos Preview: Capabilities and the Glasswing Consortium
Anthropic states that Mythos Preview, still in a preview phase, has already autonomously identified thousands of high-severity vulnerabilities across critical software, including major operating systems and web browsers. The company highlighted specific, now-patched examples: a 27-year-old flaw in OpenBSD, a 16-year-old bug in FFmpeg, and a chain of Linux kernel vulnerabilities that could escalate a standard user to full system control. These findings demonstrate the model’s ability to perform complex, multi-step reasoning across large codebases with minimal human guidance.
Access to Mythos Preview is being tightly controlled through Project Glasswing. The inaugural group includes industry heavyweights such as AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks, with over 40 additional organizations also participating. To support this ecosystem, Anthropic is committing up to $100 million in usage credits for partners and $4 million in donations to open-source security organizations. This financial commitment signals a serious, resource-backed effort to shape the defensive use of powerful AI in cyber.
An Ironic Twist: Anthropic’s Recent Source Code Leak
The announcement lands in the shadow of a significant self-inflicted security incident for Anthropic. Barely a week ago, the company accidentally exposed nearly 2,000 files and over 500,000 lines of Claude’s source code due to a packaging error in version 2.1.88 of its software. The situation worsened when Anthropic’s initial takedown request mistakenly targeted approximately 8,100 unrelated GitHub repositories before the notices were largely reversed. This breach of its own operational security raises immediate questions about the company’s internal practices, even as it positions itself as a provider of advanced defensive tools.
Cautionary Deployment and Broader Implications
Anthropic is explicitly not releasing Mythos Preview broadly. In program materials, the company states it has no plans for general availability, citing the model’s dual-use nature and potential dangers. The stated goal is to develop robust safeguards first, ensuring that models of this capability can eventually be deployed at scale safely. This cautious approach aligns with growing regulatory and industry scrutiny around frontier AI models.
A leaked internal document, reported by multiple outlets, describes Mythos as Anthropic’s most capable model yet, representing a “meaningful step change” in reasoning, coding, and cybersecurity. The company has also been engaged in discussions with U.S. government officials regarding the model’s offensive and defensive implications, a necessary step for a technology with national security ramifications. The launch intensifies the focus on how the most advanced AI capabilities will be governed, particularly in the high-stakes domain of cybersecurity where automated discovery could dramatically shift the defender-attacker balance.
Disclosure: This article was edited by Estefano Gomez. For more information on how we create and review content, see our Editorial Policy.
