In this newsletter, we discuss what the launch of Claude Mythos—a truly “watershed moment” in cybersecurity—means for the industry, now and in the future.
In April of this year, Anthropic launched the most advanced AI model to date, triggering questions and igniting fears in the cybersecurity world. “Claude Mythos” (also referred to as "Mythos Preview") is an internal, highly advanced artificial intelligence model developed by Anthropic. It has discovered vulnerabilities in software hitherto unknown and is widely considered one of the most powerful and potentially dangerous “frontier” AI models ever created, primarily because of its unprecedented ability to autonomously uncover software security flaws and write complex exploits.
Since Anthropic won’t release Claude Mythos Preview for public use, it has decided to limit its release to a select few organizations. This cybersecurity initiative, called Project Glasswing, will use the preview version of Claude Mythos and allow these organizations to find and address security vulnerabilities.
According to Forbes, by every published benchmark, “Claude Mythos Preview is the most capable AI model ever built. Not only did it score 93.9% on SWE-bench Verified, 97.6% on the USAMO math olympiad, and 83.1% on CyberGym, it proceeded to discover zero-day vulnerabilities in every major operating system and every major web browser.”
Remarkably, Claude managed most of this on its own, without a human in the loop. One cited example was where an “Anthropic engineer with zero security training asked Claude Mythos to find remote code execution bugs overnight. He woke up to a complete working exploit.”
According to Forbes, a few crucial and noteworthy vulnerabilities that were uncovered include: “A 27-year-old vulnerability in OpenBSD, an operating system famous for being one of the most security-hardened in the world, used to power firewalls and critical infrastructure.”
In addition, Claude revealed a “16-year-old vulnerability in FFmpeg, the video encoding library used by countless applications. It also broke cryptography libraries and wrote 181 successful Firefox exploits where Opus 4.6 managed 2. It solved 100% of Cybench CTF challenges.”
How did Anthropic respond? Alarm bells went off. Basically, they said “we’re not going to release it,” at least not for public use. This may come as a surprise in a field where every advancement in technology is a cause for celebration but Anthropic believes that the model is not safe for public use. According to Anthropic, “AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.”
According to Hacker News, Anthropic’s project Glasswing will use a “preview” of Claude Mythos to locate and resolve potential security vulnerabilities. The model will be used by a select number of organizations to secure critical software and patch security vulnerabilities. These organizations include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JP Morgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.
According to Anthropic, “Mythos Preview has already discovered or uncovered thousands of high-severity zero-day vulnerabilities in every major operating system and web browser.”
To illustrate what Mythos can do and the scope of the problem, “Mythos Preview managed to follow instructions from a researcher running an evaluation to escape a secured sandbox computer it was provided with, indicating a potentially dangerous capability to bypass its own safeguards.” The model went on “to perform a series of additional actions, including devising a multi-step exploit to gain broad internet access from the sandbox system and send an email message to the researcher, who was eating a sandwich in a park.”
In a recent post, the Centre for Emerging Technology and Security, a publication out of the UK, claims that not only has Claude Preview “found vulnerabilities in every major operating system and web browser, over 99% of discovered vulnerabilities have reportedly not yet been patched.” It’s ability to evade present day defenses creates real problems for cybersecurity teams.
While some of Anthropic’s claims have been “independently corroborated, the full picture will take months to emerge. Regardless, “autonomously discovered vulnerabilities are likely to emerge at an ever-increasing rate, raising fundamental questions for cybersecurity and how organizations can keep pace.”
Forbes reports that Anthropic, concerned about the implications of Claude Mythos, will publicly report discoveries alongside recommendations for how security protocols can effectively adapt and respond. Such practices will address “vulnerability disclosure processes, software update procedures, open-source supply-chain security, and patching automation.”
Anthropic has also made clear that Claude Mythos is just the beginning, not the end point of its future evolution and possible capabilities and expansion. The company doesn’t plan to lock the model away permanently, but simply to give defenders time to remodel their systems in accordance with these new capabilities.
However, as CrowdStrike CTO Elia Zaitsev warned, “The window between a vulnerability being discovered and being exploited by an adversary has collapsed. What once took months now happens in minutes with AI.”
In other words: the cybersecurity landscape is about to undergo a seismic shift, or, as Forbes puts it “a capability reset.”
According to a post at ArmorCode, there are some positive takeaways. For a long time the “security industry has been fighting a losing battle against the sheer volume of software vulnerabilities. Critical bugs have lurked in foundational code for decades. Human reviewers, no matter how talented, simply cannot audit code at the scale and depth that modern software demands.”
“If the Glasswing initiative succeeds in hardening the most critical open-source and commercial software, everyone benefits.”
However, the problem and the “fundamental challenge” of enterprise security operations has not changed. Rather, it’s been “amplified.”
The problem has never been “we can’t find enough vulnerabilities.” The challenge, according to ArmorCode and many others is: “which of these findings actually matter to our organization, and how do we fix them efficiently?” In other words, how does one vulnerability need immediate attention, such as a “request from a payment processor that’s actually a forgery” versus another vulnerability which has no immediate, real consequences? These are the problems that keep CISOs up at night and will put even more stress on already overwhelmed and understaffed security teams, only this time at warp speed.
Even with Claude Preview contained for now, researchers have found ways to target the world’s computers. It might sound like science fiction, but as first reported in The New York Times in June—only two months after Anthropic launched Claude Mythos—scientists have discovered ways to supercharge dangerous computer “worms.”
Researchers at the University of Toronto say that they have found a way to use artificial intelligence to create a dangerous computer “worm” capable of targeting any known flaw in the world’s computers and quickly spreading mayhem throughout the internet.
According to Scientific American, to make the “worm”—a form of malware that “spreads between devices autonomously—the researchers didn’t rely on proprietary AI models from companies such as Anthropic or OpenAI.” Instead, the researchers used an undisclosed but freely available AI model “that anyone can download off the internet,” they wrote in a post on their lab’s website. Fortunately, for now, the prototype bug was created in an isolated virtual environment—so it isn’t going to be infecting any external computers. However, as Fortune noted, this “AI-driven worm can’t be stopped by patching a single flaw, because it uses reasoning to detect and exploit different vulnerabilities as it spreads.” Some researchers see this more as a warning sign, than a surprise, but as everyone knows, once created in a lab, anything can escape and with AI it can continue to learn and grow.
We live in an increasingly dangerous and dynamic world, where cybersecurity flaws can be increased exponentially with the use of AI. It can become our partner, our friend, but in the wrong hands it can be a dangerous adversary. At CYRIN we’ve been working for years on these problems, setting up realistic skills-based training to develop systems and answers to some of these vexing questions.
At CYRIN we understand that continuing innovation is needed as the marketplace continues to change. That’s why we stress continuing education and training, because the job is never done. We continue to work with our industry partners to address major challenges and set up realistic scenarios that allow them to train their teams and prepare new hires for the threats they will face. Government agencies have been using CYRIN for years, training their front-line specialists on the real threats faced on their ever-expanding risk surface.
For educators, we consistently work with colleges and universities both large and small to create realistic training to meet the environment students will encounter when they graduate and enter the workforce. In an increasingly digitized world, training and experiential training are critical. A full-blown cyberattack is not something you can prepare for after it hits.
Our training platform teaches fundamental solutions that integrate actual cyber tools from CYRIN’s labs that allow you to practice 24/7, in the cloud, no special software required. Our new programs, including our new “mini labs,” AI, and Digital Twins, can create real-world conditions for you to practice before you must act. Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!