Anthropic has developed Cloud Mythos Preview, a pioneering model with unprecedented capabilities in finding and exploiting software vulnerabilities.
There is no mistake in saying that humanity has entered the AI-powered era, where AI models equipped with high levels of coding can overpower skilled humans in discovering these vulnerabilities.
However, such immense potential demonstrated by AI models is not without potential challenges. If used maliciously it can have disastrous consequences.
Recognizing the potential for abuse, Anthropic has launched “Project Glasswing” in collaboration with leading tech giants and organizations, which aims to use Mythos Preview for defensive purposes, scanning critical infrastructure and open-source code to identify vulnerabilities before adversaries can exploit them.
Success of ‘Mythos’
In a recent breakthrough, Cloud Mythos Preview was found to outperform previous models, including Cloud Opus 4.6, in agentic coding and reasoning.
The model automatically found a 27-year-old vulnerability in OpenBSD and a 16-year-old flaw in FFMPEG, which had been ignored in millions of automated tests.
However, the model can discover and chain together multiple vulnerabilities to gain full system control without human intervention, leading to autonomous exploitation.
benchmarking the change
Evaluation benchmarks highlight clear differences between the Mythos Preview and our next best model, Cloud Opus 4.6.
Cyber Security Vulnerability Reproduction
- Mythos Model: 83.1 percent
- Cloud Opus 4.6: 66.6 percent
SWE-Bench Verified (Coding)
- Mythos Model: 93.9 percent
- Cloud Opus 4.6: 80.8 percent
GPQA Diamond (Expert Reasoning)
- Mythos Model: 94.6 percent
- Cloud Opus 4.6: 91.3 percent
OSWorld-Verified (Computer Usage)
- Mythos Model: 79.6 percent
- Cloud Opus 4.6: 72.7 percent
‘Project Glasswing’: A leap towards AI-powered cyber security
It is hard to rule out the possibility that such unprecedented capabilities of the Mythos model could not be misused by rogue actors. Therefore, Anthropic announced the formation of an industry consortium to deal with the cybersecurity implications arising from the new model.
The group includes Microsoft, Apple, Google, Amazon Web Services, the Linux Foundation, Cisco, Nvidia, Broadcom, and more than 40 other technology, cybersecurity, and financial organizations.
The consortium will have private access to the model, which has not yet been released.
The objectives of Project Glasswing included defensive prioritization, ensuring that defenders had the strongest equipment first.
Under this project, partners will gain access to models to find critical vulnerabilities and secure operating systems, financial systems, and web browsers.
Anthropic is also offering $100M in usage credits to help partners and open-source maintainers run these high-cost scans.
The Cloud Mythos preview will be accessible through the Cloud API, Amazon Bedrock, Google Cloud’s Vertex AI, and Microsoft Foundry.
According to Logan Graham, the company’s Frontier Red Team lead, as reported by Wired, “The real message is that this is not about models or anthropic. We need to prepare now for a world where these capabilities will be widely available in 6, 12, 24 months. Many of the assumptions on which we have built the modern security paradigm may break down.”
Graham said, “We’ve seen the Mythos preview accomplish things that a senior security researcher would be able to accomplish. This has huge implications for how capabilities like this should be released. If done carefully, it could be a meaningful accelerator for attackers.”
