Anthropic flags Mythos risks

Anthropic is limiting access to its new Mythos model after saying the system can find and exploit serious software flaws. (anthropic.com) Anthropic announced Claude Mythos Preview on April 7 and said it would start with a restricted rollout through Project Glasswing rather than a general release. The company said Mythos is a general-purpose model that is also “strikingly capable” at computer security tasks. (anthropic.com) In its technical write-up, Anthropic said Mythos could identify and exploit zero-day vulnerabilities in every major operating system and every major web browser during testing. It also said more than 99% of the vulnerabilities it found had not yet been patched, limiting what it could disclose publicly. (anthropic.com) CNBC reported that Anthropic gave early Mythos access to partners including Apple, Google, Microsoft, Nvidia and Amazon Web Services, plus more than 40 other companies such as CrowdStrike and Palo Alto Networks. Anthropic told CNBC the model was being limited so bad actors could not use it for offensive hacking. (cnbc.com) As Anthropic tightened control over Mythos deployments, a separate dispute over access hit one of its existing products. News18 reported on April 20 that Pato Molina, chief technology officer of Argentina-based fintech Belo, said Anthropic disabled more than 60 Claude accounts tied to his company. (news18.com) Molina said the shutdown came with “no apparent reason,” no prior warning and no specific explanation of which policy had been violated. He posted a screenshot of an Anthropic message saying automated systems had detected signals associated with a Usage Policy breach and that the findings were reviewed by the company’s team. (news18.com) News18 said Molina later posted that Belo’s access had been restored and described the suspension as a “false positive.” His complaint focused on the appeals path, which he said routed the company to a Google Form after the accounts were revoked. (news18.com) The two episodes put Anthropic’s safety posture in two places at once: the company is openly saying Mythos is powerful enough to require a gated rollout, while users of Claude are publicly describing abrupt enforcement on live accounts. Anthropic’s Mythos post says its goal is eventually to let users deploy “Mythos-class models at scale” safely, but not to make Mythos Preview generally available now. (anthropic.com) Anthropic has framed Project Glasswing as a way to get defenders ready before more capable cyber models spread more widely. The account-restoration update from Belo suggests the company’s moderation systems can reverse course, but only after a public complaint and a review process that the customer said was opaque. (anthropic.com (news18.com))