Anthropic model reshapes cyber debate

Anthropic’s preview of Claude Mythos has shifted the cyber debate from chatbot safety to whether one model can speed up both hacking and defense at once. (anthropic.com) Anthropic said on April 7 that Mythos Preview is a general-purpose language model with unusually strong computer-security skills, and said it would not release the model publicly. The company instead launched Project Glasswing to give early access to selected defenders. (red.anthropic.com) In its technical write-up, Anthropic said Mythos identified and exploited zero-day vulnerabilities — previously unknown software flaws — in every major operating system and every major web browser during testing. The company said more than 99% of the vulnerabilities it found were still unpatched, so it withheld technical details. (red.anthropic.com) Project Glasswing’s launch partners include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia and Palo Alto Networks. Anthropic said it also extended access to more than 40 additional organizations and committed up to $100 million in usage credits plus $4 million in donations to open-source security groups. (anthropic.com) The underlying issue is simple: a zero-day is a hidden hole in software, and the side that finds it first gets the advantage. Anthropic and outside analysts say newer models can search code, test attack paths and draft exploits much faster than human teams working alone. (red.anthropic.com; weforum.org) That has pushed the policy argument away from whether companies should release stronger models quickly and toward who gets access first, under what controls, and with what government oversight. The World Economic Forum wrote on April 20 that frontier models are starting to look less like consumer products and more like strategic assets. (weforum.org) Foreign Policy reported on April 20 that Mythos “kick-started a new debate” over whether advanced AI will tilt the balance toward attackers or defenders. The same article said Anthropic’s restricted-access group includes major cloud, finance and technology companies that are using the model to patch vulnerabilities before wider disclosure. (foreignpolicy.com) Anthropic’s own framing is defensive: use the model to harden critical software before similar capabilities spread more broadly. Its research post says future models like Mythos will require “substantial coordinated defensive action across the industry,” not just better model filters. (red.anthropic.com) The counterargument is embedded in Anthropic’s rollout itself. A model that can find subtle bugs in old, widely used code can help defenders first, but it also shows how quickly cyber operations could stop being limited by human time and headcount. (red.anthropic.com; weforum.org) For now, the clearest fact is not that Mythos is public — it is not — but that one company’s private testing results have already forced governments, security firms and infrastructure operators to plan for a faster cyber contest. (anthropic.com; foreignpolicy.com)