For years, the infosec community’s biggest existential worry has been quantum computers blowing away all classical encryption and revealing the world’s secrets. Now they have a new Big Bad: an AI model that can generate zero-day vulnerabilities.
Anthropic made the model and named it Mythos. Thankfully, the AI company decided not to release it, because it would break the internet – and not in a good way.
“AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities,” the company said.
Mythos is markedly different from Claude Opus 4.6, which Anthropic only recently said was not very skilled at developing working exploit code. Where Opus 4.6 managed an exploit development success rate of just over zero percent, Mythos Preview generated a working exploit 72.4 percent of the time.
What Anthropic is describing is literally a zero-day engine: “Engineers at Anthropic with no formal security training have asked Mythos Preview to find remote code execution vulnerabilities overnight, and woken up the following morning to a complete, working exploit.”
Fortunately, instead of releasing Mythos, Anthropic chose to provide a preview version to a set of industry partners so they can use it to find flaws in their systems before adversaries do.
The AI biz calls its limited release initiative Project Glasswing. Participants include: Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.
And while this tech industry anti-rogues’ gallery scans their own systems with the purportedly perspicacious Mythos, Anthropic invited around 40 other organizations to participate in this introspective bug hunt, subsidized by up to $100M in usage credits for Mythos Preview and $4M in direct donations to open-source security organizations.
If that sounds a bit like an arsonist handing out fire extinguishers, well, that’s on you for being so cynical.
- AMD’s AI director slams Claude Code for becoming dumber and lazier since last update
- AWS CEO: It’s funny when people ask me if AI is overhyped
- Hundreds of orgs compromised daily in Microsoft device code phishing attacks
- Intel gets trapped in Elon’s reality distortion field as it joins in megafab delusions
Word of Mythos leaked last month when a draft blog pos