From defence tool to risk factor: Understanding Anthropic's Mythos AI model

From uncovering decades-old vulnerabilities to autonomously building exploits, Anthropic's Mythos AI frontier model is forcing the industry to confront risks that are arriving faster than safeguards

US-based artificial intelligence entity Anthropic’s unreleased AI model, Mythos, is not supposed to be widely accessible. Built under the company’s Project Glasswing as a tightly controlled cybersecurity system, it is still in limited testing and restricted deployment. However, some of the results that it has produced are astonishing to say the least.

 

In one internal exercise, the model identified 271 previously unknown vulnerabilities in Mozilla’s Firefox codebase, according to a report by Ars Technica. These were not routine bugs flagged by automated scans, but exploitable weaknesses that had persisted despite years of active development and security review.

 

That kind of output changes how vulnerability discovery works in practice. It increases the volume of issues that can be surfaced, compresses the time needed to find them, and shifts the balance between what is visible and what remains hidden inside complex systems.

 

 

At the same time, Mythos is beginning to surface outside its intended boundaries. Reports from TechCrunch suggest that tools linked to the model may have already been accessed beyond authorised channels, while other accounts indicate that government-linked actors are exploring similar capabilities.

 

Within the AI industry, there is no clear agreement on how to interpret this moment. OpenAI CEO Sam Altman has dismissed some of the concern as “fear-based marketing,” even as others frame models like Mythos as a step-change risk.

What is Mythos

Anthropic has not released a full technical paper on Mythos, but its own disclosures through Project Glasswing and the Mythos preview outline the model’s intended role with unusual clarity.

 

Mythos is not a general-purpose AI model adapted for security tasks. It is built specifically for analysing software systems in adversarial ways – examining how code behaves under stress, where assumptions fail, and how those failures can be turned into real vulnerabilities.

Under Glasswing, access to models like Mythos is limited to a small group of external partners, including security researchers, enterprise teams, and organisations working on infrastructure protection. Reuters reporting on Anthropic’s cyber efforts notes that such systems are being handled with caution, reflecting concerns about how easily they could be misused if broadly available.

How Mythos works inside a system

Anthropic’s preview of Mythos describes a model that operates through interaction rather than inspection.

 

Instead of scanning code for known patterns, the system engages with it. It executes functions, tests different inputs, and observes how the software responds. Each result feeds into the next step, allowing the model to refine its approach and move deeper into the system.

 

This creates a continuous loop of testing and adjustment. A failed attempt does not end the process; it informs the next one. Over time, this allows the model to map out behaviour that would be difficult to capture through static analysis alone.

 

Another key element is how it handles complexity. Modern software systems are not made up of isolated components. Vulnerabilities often emerge from how different parts interact. Mythos is designed to follow those interactions, tracing how a small issue in one part of the system might combine with another to create a more serious flaw.

 

This is where the model’s reasoning becomes important. It is not just identifying individual bugs, but evaluating how those bugs could be used in practice.

 

The company has also suggested that Mythos can operate alongside external tools, allowing it to simulate environments and validate its own findings. That gives it a way to move beyond theoretical vulnerabilities and confirm whether they can be exploited.

What Mythos has already uncovered

Anthropic says Mythos has identified thousands of zero-day vulnerabilities, previously unknown flaws, in critical software systems. These include vulnerabilities in every major operating system and web browser, as well as widely used libraries and infrastructure components.

 

Some of the examples are particularly striking.

 

In OpenBSD, a security-focused operating system, the model uncovered a 27-year-old vulnerability that could allow remote attackers to crash systems. In FFmpeg, a widely used media processing library, a flaw was identified that had persisted for 16 years despite extensive automated testing.

 

The model has also demonstrated the ability to chain multiple vulnerabilities together. In the Linux kernel, for instance, it combined separate weaknesses to escalate privileges from a standard user account to full system control. In another case, it autonomously developed a remote code execution exploit in FreeBSD, allowing an attacker to gain root access without authentication.

 

Anthropic’s internal evaluations suggest that Mythos significantly outperforms its previous models on these tasks, achieving a much higher success rate at turning vulnerabilities into working exploits.

Why this changes cybersecurity

Finding critical flaws in complex systems requires specialised knowledge, and even skilled researchers can only examine a limited portion of a codebase at any given time. As a result, many vulnerabilities remain hidden – not because they are impossible to find, but because they have not yet been explored in sufficient depth.

Mythos changes that equation by reducing the cost and effort required to identify and exploit vulnerabilities. Models like Mythos expand how much of a system can be tested and how quickly weaknesses can be uncovered. Anthropic notes that AI-driven cyber capabilities are already lowering the barrier to entry, making it easier to perform tasks that previously required advanced expertise.

The risks

Anthropic acknowledges that the impact of these capabilities may not be evenly distributed, at least in the short term.

 

While tools like Mythos could eventually make systems more secure, the transition period is uncertain. The same capabilities that help defenders find and fix vulnerabilities can also be used to exploit them.

 

This creates a situation where attackers could benefit from faster, more automated ways of discovering weaknesses.

 

Anthropic describes this phase as potentially “tumultuous,” with the balance between attackers and defenders still evolving. How this plays out depends on how quickly defensive systems improve and whether safeguards can keep up with the technology

Project Glasswing

It is the company’s attempt to manage the transition. It brings together organisations including Apple, Google, Microsoft, and Nvidia to use Mythos in controlled environments for defensive purposes. More than 40 additional organisations working on critical infrastructure have also been given access.

 

The goal is to give defenders a head start, allowing them to identify and fix vulnerabilities before similar tools become widely available.

 

At the same time, the model’s growing visibility raises questions about how tightly it can be controlled.

 

Reports from TechCrunch indicate that tools linked to Mythos may have been accessed beyond authorised channels, raising questions about how tightly such systems can be contained once they move beyond internal testing.

 

In parallel, other reports suggest that government-linked actors, including those associated with the US National Security Agency (NSA), are already exploring or using Anthropic’s cyber-focused models despite internal disagreements within defence circles.

 

Within the AI industry, there is still no clear consensus on how to interpret models like Mythos. In comments reported by TechCrunch, OpenAI CEO Sam Altman criticised what he described as “fear-based marketing” around cyber-focused AI systems. This suggests that some view the concerns as overstated, while others see these systems as fundamentally changing the security landscape.

What happens next

Anthropic has made it clear that Mythos, in its current form, is unlikely to be released as a general-purpose product.

 

Instead, the focus is on developing safeguards that can limit the model’s most dangerous capabilities while still allowing it to be used for defensive purposes. Future models may incorporate these protections before being deployed more broadly.

 

What happens next depends less on one model, and more on how quickly the rest of the industry catches up, and how well systems can adapt to a world where finding vulnerabilities is no longer the hardest part.