Anthropic on Tuesday announced plans to limit the release of its artificial intelligence (AI) model, Claude Mythos Preview, to a select group of technology companies, citing concerns about potential damage from a wider public rollout.
According to Anthropic, Claude Mythos Preview is a frontier model with advanced coding capabilities that can surpass most human experts in identifying and exploiting software vulnerabilities.
“The vulnerabilities it has spotted have in some cases survived decades of human review and millions of automated security tests, and the exploits it develops are increasingly sophisticated,” the company stated, adding that without the “necessary safeguards, these powerful cyber capabilities could be used to exploit the many existing flaws in the world’s most important software.”
In recent weeks, the Anthropic said Claude Mythos Preview has identified thousands of previously unknown, or “zero-day,” vulnerabilities across major operating systems, web browsers, and other widely used software, many of them classified as critical.
“We did not explicitly train Mythos Preview to have these capabilities. Rather, they emerged as a downstream consequence of general improvements in code, reasoning, and autonomy. The same improvements that make the model substantially more effective at patching vulnerabilities also make it substantially more effective at exploiting them, the company said in a separate blog post.
The company said the limited rollout will give operators of critical systems the opportunity to advance cybersecurity and related safeguards designed to detect and block the model’s most dangerous outputs.
Anthropic claimed that is has no intention to make Claude Mythos Preview generally available, “but our eventual goal is to enable our users to safely deploy Mythos-class models at scale – for cybersecurity purposes, but also for the myriad other benefits that such highly capable models will bring.”
Some of those safeguards are expected to be introduced with a future Claude Opus model, which the company said carries less risk.
Anthropic also said it has been in discussions with U.S. government officials concerning the model’s cyber capabilities and the broader national security implications. The discussions come as the federal government and the company are embroiled in two separate legal disputes.
Project Glasswing
The restricted release of Claude Mythos Preview is also part of a broader effort – formed by Anthropic – to strengthen cybersecurity. The initiative, dubbed Project Glasswing, brings together major industry partners including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.
Under the initiative, partners will use the model to support defensive security work. Anthropic said it will share findings from those efforts with the broader industry.
Anthropic has expanded access to more than 40 additional organizations that develop or maintain critical software infrastructure. These groups will use the model to scan and secure both proprietary and open-source systems. The company said it is committing up to $100 million in usage credits for the effort, along with $4 million in direct donations to open-source security organizations.
“Project Glasswing is a starting point,” the company said in a statement, adding that governments, private companies, security researchers, and open-source contributors all play key roles in addressing cybersecurity risks.
Project Glasswing participants are expected to focus on tasks such as vulnerability detection, penetration testing, endpoint security, and testing compiled software without access to source code.
The project has also gained attention from members of Congress, including Sen. Mark Warner, D-Va., vice chairman of the Senate Intelligence Committee.
“I applaud these leading companies for recognizing this threat and proactively sharing information, capabilities, and computing capacity to better protect our critical infrastructure,” Warner said in a statement. “We are already seeing cyber threat actors using AI tools to improve their capabilities, putting government, businesses, and consumers’ security and personal information at risk.”