Why Is Anthropic Holding Back Claude Mythos? Cybersecurity Risks Force a New Approach

AI model's ability to uncover critical vulnerabilities prompts restricted rollout under Project Glasswing

Anthropic has unveiled a powerful new artificial intelligence model capable of identifying and exploiting software vulnerabilities at an unprecedented scale. But the AI giant is withholding it from the public.

The model, called Claude Mythos Preview, is the latest in Anthropic's Claude family and has been released only to a limited group of technology firms. The AI leader said that the system can autonomously detect, analyse and even explore weaknesses in software systems, in some cases outperforming human experts.

The Cyber Factor

During internal testing, Mythos reportedly uncovered thousands of high and critical severity vulnerabilities across major operating systems and web browsers. Some of these flaws are believed to have gone undetected for decades. According to experts, Claude Mythos marks a significant leap, compressing vulnerability discovery and exploit development timelines from months or weeks to hours.

However, this capability has raised an alarm. Cybersecurity specialists have warned that if widely accessible, such tools could be misused to conduct malicious acts by threat actors to rapidly generate exploit chains, phishing campaigns or major cyberattacks.

It should be noted that Anthropic itself described the technology as a potential "watershed moment", noting that even individuals without deep technical expertise could leverage it for harmful purposes.

Controlled Rollout Strategy

To manage these risks, Anthropic has launched a controlled access initiative called Project Glasswing. Under the programme, more than 50 organisations, including Microsoft, Nvidia and Cisco, will receive access to Mythos Preview. The goal is to strengthen cyber defences by enabling trusted partners to identify and patch vulnerabilities before they can be exploited.

But keeping aside the controlled rollout, questions remain about the scope and nature of the vulnerabilities identified. The company said it will reveal details of the hidden vulnerabilities within 135 days after informing the companies responsible for the affected software.

The model has also drawn attention among policymakers. Anthropic has briefed US federal agencies on its capabilities, even as it faces tensions with the administration of Donald Trump. Earlier this year, Defense Secretary Pete Hegseth labelled the company a potential "supply chain risk" to national security.

However, Anthropic's cautious approach echoes a similar decision taken by OpenAI, which in 2019 limited access to its GPT-2 model due to misuse concerns. At the moment, all that the world needs from these tech giants is the balance between innovation and security -- something which is increasingly under scrutiny.