Claude Mythos just first of power models to come warns Anthropic co-founder
Anthropic co-founder and policy lead, Paul Clark. Image: Anthropic
The world needs to prepare for powerful Mythos-like models that can dig out new security flaws in all systems, Anthropic co-founder Paul Clark told the Semafor World Economy event on Monday.
Anthropic's much discussed Claude Mythos is not a 'special' model and there will more models just like it in coming months, so the world needs to prepare. That was the view of Anthropic co-founder and policy lead, Jack Clark, speaking at the Semafor World Economy event in Washington DC yesterday.
"We're grateful for our success and our customers, of course, but this is not a special model," said Clark "There will be other systems just like this in a few months from other companies, and then a year to a year and a half later, there'll be open weight models from China that have these capabilities. So the world is going to have to get ready for more powerful systems that are going to exist within it."
Claude Mythos has been causing industry-wide alarm as it was discovered that Anthropic's new AI model discovered previously unknown security flaws in every major web browser and operating system. Clark admitted it also caused alarm at Anthropic when its scope became apparent.
It led to the launch of 'Project Glasswing' gives partnering companies access to Anthropic's unreleased Claude Mythos, which, according to the AI giant, has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser. Mythos was launched in preview on 7 April.
Anthropic's Mythos is significantly more capable at generating exploits. In its research, the company noted that Mythos developed working exploits 181 times out of the several hundred attempts, while Opus 4.6 had a near 0pc success rate.
"We did not explicitly train Mythos preview to have these capabilities. Rather, they emerged as a downstream consequence of general improvements in code, reasoning and autonomy," the company noted.
Rather than release the model, the company is bringing together leading businesses, including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JP Morgan Chase, the Linux Foundation, Microsoft, Nvidia and Palo Alto Networks, allowing them to access Mythos preview to boost their cyber defences.
The company has extended Mythos access to a group of more than 40 organisations that build or maintain critical software infrastructure, and Clark said it planned to widen this group in coming days. Anthropic has also promised to share learnings from Project Glasswing to benefit the wider industry.
"Let's be very clear, though," said Clark. "During testing, Mythos jumped out of the sandbox, the sandbox which is basically meant to corral a test system and 'for your eyes only' kind of thing. And not only did it do that, it went out and it emailed one of the programmers who was out at a park having a sandwich."
When asked if Anthropic would eventually "sell" the new model, Clark said no decision had yet been made but that "eventually, models that have these kind of capabilities will be in the world - whether Mythos is or isn't going to get there. We don't know yet. We're in the process of broadening access through Glasswing and seeing what we can learn."
It is a stark warning for all cybersecurity defenders and organisations generally. The next 'Mythos' may not be released as responsibly.
Don't miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic's digest of need-to-know sci-tech news.