InvestMarketplaceEquityNews
Anthropic Restricts New Mythos AI Model As it Finds Thousands of Zero-Day Vulnerabilitiess
Market Updates

Anthropic Restricts New Mythos AI Model As it Finds Thousands of Zero-Day Vulnerabilitiess

WinBuzzer15d ago

Government Tension: The Defense Department designated Anthropic as a supply chain risk, reversing a $200 million DoD agreement signed just months earlier.

Anthropic is restricting its highest-performing AI model to a consortium of security partners after Claude Mythos identified thousands of zero-day vulnerabilities across every major operating system and web browser in recent weeks.

Mythos's capabilities are so far beyond current frontier AI that Anthropic is withholding public release entirely. Under Project Glasswing, the company is granting preview access to 12 major technology firms and 40 additional organizations that build or maintain software infrastructure, backed by $100 million in usage credits and $4 million in direct donations to open-source security organizations. The consortium's goal is straightforward: patch the highest-priority vulnerabilities before capabilities like Mythos's become widely available.

Anthropic's Frontier Red Team reported in its evaluation that its previous flagship model, Opus 4.6, had a near-zero percent success rate at autonomous exploit development, turning known Firefox JS engine vulnerabilities into working exploits only twice in several hundred attempts. Mythos Preview produced 181 working exploits from the same vulnerability set, plus 29 additional instances with register control. The jump is not incremental; it represents a qualitative shift in what AI can do with security research.

The capability gap extends well beyond benchmarks. Mythos discovered a 27-year-old bug in OpenBSD's TCP SACK implementation that could remotely crash any host running the operating system. It found a 16-year-old vulnerability in FFmpeg's H.264 codec, in a line of code that automated fuzz testing had tested five million times without catching the flaw. On FreeBSD, it autonomously wrote a remote code execution exploit using a 20-gadget ROP chain split across multiple network packets.

In OSS-Fuzz testing, where Sonnet 4.6 and Opus 4.6 reached tier 1 in 150 to 175 cases, Mythos Preview achieved 595 crashes at tiers 1 and 2 and full control flow hijack on 10 separate targets at the highest severity tier. Of 198 manually reviewed vulnerability reports, according to Anthropic, expert contractors agreed with Claude's severity assessment 89% of the time, with 98% falling within one severity level.

The capabilities emerged from general improvements in agentic coding and reasoning, not from cybersecurity-specific training. Mythos is a general-purpose system similar to Claude Opus 4.6, but its security research capabilities proved strong enough that Anthropic determined the industry needed preparation time before any broader release. Researcher Nicholas Carlini said he had found more bugs in the preceding weeks than in his entire prior career, capturing the scale of the shift.

Accessibility is equally concerning. Non-security experts at Anthropic asked Mythos to find remote code execution vulnerabilities overnight and woke up to complete working exploits. The model also discovered a guest-to-host memory corruption vulnerability in a production memory-safe virtual machine monitor, details of which are being withheld pending a patch.

Where previous models could identify potential vulnerabilities but rarely weaponize them, Mythos can chain up to five flaws together for sophisticated attack outcomes, including escaping both renderer and OS sandboxes in web browsers by linking four separate vulnerabilities with JIT heap spray techniques. A full OpenBSD audit cost roughly $20,000 for 1,000 runs, with the specific SACK bug discovery costing under $50.

Project Glasswing's partner list reads like a who's who of the technology industry: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks. That fierce competitors are collaborating under the umbrella of an AI startup barely five years old signals just how severe the threat from Mythos has become.

CrowdStrike CTO Elia Zaitsev noted that AI has compressed the window between vulnerability discovery and exploitation from months to minutes, framing the consortium's urgency as a direct response to this acceleration. CrowdStrike's involvement is itself notable: the company's stock fell 8% in February when Anthropic launched Claude Code Security, yet it is now partnering with the same company whose capabilities threaten its core business.

"To see them hand over $100 million in credits and open up unreleased models to one another tells me the threat level has moved from competitive to existential."

For companies that routinely litigate intellectual property disputes against each other, the decision to pool resources around Anthropic's model reflects a shared calculation that unpatched infrastructure poses a greater risk than competitive disadvantage. Google is making Mythos Preview available to participants via its Vertex AI platform, citing its own AI security tools Big Sleep and CodeMender but joining Glasswing rather than competing independently.

Mythos Preview will not be made generally available. Anthropic plans to integrate cybersecurity safeguards into an upcoming Claude Opus model before any broader release, giving consortium partners a 90-day window to patch vulnerabilities first.

The consortium launch comes against a complicated backdrop for Anthropic's government relationships. A data leak on March 27 revealed Mythos's existence before the official announcement.

The tension between Anthropics DoD deal and the supply chain risk label underscores the dual-use dilemma at the heart of Project Glasswing: the same capabilities that make Mythos invaluable for defense also make it a potential threat if access is not carefully controlled. Anthropic referenced both offensive and defensive cyber capabilities in its announcement, one of the few instances where the company has publicly acknowledged offensive applications of its technology.

The model's impact on open-source security is already visible. Linux kernel maintainer Greg Kroah-Hartman described a sudden quality shift in AI-generated vulnerability reports:

"Months ago, we were getting what we called 'AI slop,' AI-generated security reports that were obviously wrong or low quality... Something happened a month ago, and the world switched. Now we have real reports."

curl maintainer Daniel Stenberg echoed a similar shift, noting he now spends hours daily reviewing AI-generated vulnerability reports that are largely legitimate. The $4 million in donations to open-source security organizations addresses the immediate funding gap, but the volume of real findings may require a more permanent support structure for projects whose volunteer maintainers underpin critical infrastructure worldwide.

Anthropic has engaged in discussions with the US government about Mythos's offensive and defensive cyber capabilities. Simon Willison noted that OpenAI's GPT-5.4 already has a strong reputation for finding security vulnerabilities, suggesting the Glasswing consortium should eventually include OpenAI as well. OpenAI's notable absence from the partner list raises questions about whether the consortium can achieve comprehensive coverage of the AI-driven vulnerability landscape without including all major model providers.

Anthropic's Red Team expressed confidence that once the security environment reaches a new equilibrium, AI will ultimately benefit defenders more than attackers, increasing the overall security of the software ecosystem. Whether that equilibrium arrives before malicious actors develop comparable capabilities, or before the next generation of models expands the attack surface further, remains the central question for the 90-day patching window and beyond.

Originally published by WinBuzzer

Read original source →
Anthropic