Anthropic's Mythos alarms

Anthropic’s new Claude Mythos Preview is so strong at finding software flaws that United States officials rushed to brief Wall Street chiefs this week. (anthropic.com) (reuters.com) Anthropic said on April 7 that it would not make Mythos generally available. The company said the model would instead be limited to a defensive security program with selected partners. (anthropic.com) Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened bank executives in Washington on Tuesday, April 7, to discuss cyber risks tied to Mythos and similar systems, according to Bloomberg and Reuters. (bloomberg.com) (reuters.com) A zero-day is a software bug the developer does not know about yet, which means there is no patch on day zero. Anthropic said Mythos has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser. (anthropic.com 1) (anthropic.com 2) Anthropic launched Project Glasswing to put the model into defensive use before wider release. The launch group includes Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, NVIDIA, Palo Alto Networks and the Linux Foundation. (anthropic.com) Anthropic said more than 40 additional organizations that build or maintain critical software infrastructure also received access. The company said it is committing up to $100 million in usage credits and $4 million in donations to open-source security groups. (anthropic.com) The Bank of England plans discussions with financial institutions about Mythos, Bloomberg reported on April 11. The Bank of Canada and major Canadian lenders and financial firms also met on Friday, April 10, to discuss the same risk, Bloomberg reported. (bloomberg.com 1) (bloomberg.com 2) Anthropic says models have now crossed a threshold where they can outperform nearly all human experts at finding and exploiting software vulnerabilities. In its system card, the company said Mythos shows a large jump over Claude Opus 4.6 on coding and other benchmarks. (anthropic.com 1) (anthropic.com 2) Outside researchers have not independently verified Anthropic’s full performance claims. Bloomberg reported that University of Illinois computer science professor Gang Wang said the significance of Mythos is hard to assess without broader hands-on testing. (bloomberg.com) For now, the model is being treated less like a public chatbot and more like restricted security tooling. The next test is whether Anthropic’s closed rollout gives defenders time to patch the flaws Mythos is surfacing before comparable systems spread further. (anthropic.com) (anthropic.com)