Anthropic, a San Francisco-based artificial intelligence startup, has announced that its yet-to-be-released AI model called Claude Mythos has proven highly effective at identifying software weaknesses, according to the Guardian. The model has already uncovered thousands of vulnerabilities in commonly used applications that currently lack patches or fixes, prompting the company to collaborate with cybersecurity experts to enhance defenses and restrict its distribution.

Exclusive Access for Cybersecurity Experts

Mike Krieger of Anthropic Labs stated at a HumanX AI conference in San Francisco that the company is explicitly not releasing the model to the public. Instead, it is allowing cybersecurity specialists and open-source engineers to work with Mythos to use it as a defensive tool, effectively arming them ahead of time, Krieger explained.

Advancements in AI model capabilities have raised concerns about hackers using such tools to discover passwords or break encryption meant to secure data. According to Anthropic. The oldest vulnerabilities uncovered by Mythos date back 27 years and were not previously noticed by their creators, as reported in the Guardian.

Cybersecurity Risks and Collaborative Efforts

Claude Mythos is the latest generation of Anthropic’s Claude family of AI models, though a recent leak of some of its code prompted the startup to issue a blog post warning of historic cybersecurity risks. Anthropic stated in a blog post that AI models have reached a level of coding capability where they can surpass all but the most skilled humans in finding and exploiting software vulnerabilities. The potential fallout for economies, public safety, and national security could be severe.

According to Anthropic. The vulnerabilities exposed by Mythos were often subtle and difficult to detect without AI. As an example. It noted that Mythos identified a previously unnoticed flaw in video software that had been tested more than 5 million times by its creators.

In a precautionary measure, Anthropic has shared a version of Mythos with cybersecurity companies such as CrowdStrike and Palo Alto Networks, as well as with Amazon, Apple, and Microsoft, in a project dubbed “Glasswing.” Networking giants Cisco and Broadcom are also participating in the project, along with the Linux Foundation, which promotes the free, open-source Linux computer operating system.

Collaborative Project and Resource Commitment

Anthony Grieco, Cisco’s chief security and trust officer, stated in a joint release about Glasswing that the work is too important and too urgent to do alone. He added that AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats, and there is no going back.

Approximately 40 organizations involved in the design, maintenance, or operation of computer systems are said to have joined Glasswing. Project partners are to share their Mythos findings, according to Anthropic, which is providing about $100 million worth of computing resources for the mission. Early work with AI models has shown that they can help find and fix software and hardware vulnerabilities at a pace and scale not previously possible, according to Grieco.

Elia Zaitsev, chief technology officer at CrowdStrike, noted that the window between a vulnerability being discovered and being exploited by an adversary has collapsed—what once took months now happens in minutes with AI. He added that the Claude Mythos Preview demonstrates what is now possible for defenders at scale, and adversaries will inevitably look to exploit the same capabilities.

Anthropic has had discussions with the US government regarding Mythos, despite a decree by the White House in February to terminate all contracts with the startup. That directive was put on hold by a federal court judge while a legal challenge by Anthropic works its way through the courts.