Anthropic Mythos Security Flags

Anthropic is investigating after unauthorized users reportedly got access to its restricted Mythos cyber model through a third-party vendor environment on April 21. (bloomberg.com) (techcrunch.com) Bloomberg reported that a small group in a private online forum obtained access the same day Anthropic announced Mythos, and TechCrunch said Anthropic told it the company had found no evidence of impact on Anthropic’s own systems. (bloomberg.com) (techcrunch.com) Mythos is not a general release product. Anthropic said on April 7 that Claude Mythos Preview would stay limited to Project Glasswing, a defensive security program with launch partners including Amazon Web Services, Apple, Cisco, Google, Microsoft, NVIDIA, and Palo Alto Networks, plus more than 40 additional infrastructure organizations. (anthropic.com 1) (anthropic.com 2) Anthropic’s own system card says the company decided not to make Mythos generally available because the model showed a large jump in capability over Claude Opus 4.6 and was being deployed only with a limited set of partners. (www-cdn.anthropic.com) (anthropic.com) The access report landed as Mozilla disclosed that Firefox 150, released this week, included fixes for 271 vulnerabilities found during an initial evaluation with an early version of Claude Mythos Preview. Mozilla security chief Bobby Holley said the Firefox team had been working with frontier AI models on bug hunting since February. (blog.mozilla.org) Mozilla had already credited Anthropic-assisted work in Firefox 148, where its February 24 advisory listed multiple high-severity bugs reported by researchers “using Claude from Anthropic.” Mozilla said that earlier Opus 4.6 collaboration led to fixes for 22 security-sensitive bugs in Firefox 148. (mozilla.org) (blog.mozilla.org) In plain terms, these systems are being used like automated code auditors: they scan huge software projects, suggest where a flaw may exist, and human engineers verify and patch the issue before attackers can use it. Anthropic said Mythos can identify and exploit zero-day vulnerabilities in major operating systems and browsers when directed by a user, which is why it limited release. (blog.mozilla.org) (anthropic.com) That leaves two separate questions for AI providers and software vendors. One is access control — whether a restricted model can be kept inside approved environments — and the other is disclosure control — how quickly vulnerabilities found by a model are validated, patched, and kept out of public view until fixes ship. (techcrunch.com) (blog.mozilla.org) (anthropic.com) Anthropic has framed Project Glasswing as a defensive effort and committed up to $100 million in usage credits and $4 million in donations to open-source security groups. The company’s April 7 materials also said more than 99% of the vulnerabilities it had found were still unpatched, which is why it withheld technical details. (anthropic.com 1) (anthropic.com 2) For now, the same model family is being cited as a tool that helped patch Firefox and as a tool that may have slipped outside its intended gate. Anthropic’s investigation and Mozilla’s next advisories will show whether the industry can keep those two tracks — defensive use and controlled access — aligned. (techcrunch.com) (blog.mozilla.org)