Here's an overview of Claude Mythos Preview, announced just a few days ago:
What is it?
Claude Mythos Preview is a new general-purpose language model from Anthropic. It performs strongly across the board, but is strikingly capable at computer security tasks.
Why isn't it public?
Anthropic has decided to hold back the full release because it believes the model is too dangerous for the public at this stage. Instead, it's being made available to a select group of technology firms including Microsoft, Apple, and CrowdStrike.
What can it do in cybersecurity?
Over the past few weeks, Anthropic used Claude Mythos Preview to identify thousands of zero-day vulnerabilities — flaws previously unknown to software developers — many of them critical, in every major operating system and every major web browser. It was able to identify nearly all of these vulnerabilities and develop many related exploits entirely autonomously, without any human steering.
One striking example: Mythos Preview found a 27-year-old vulnerability in OpenBSD, which has a reputation as one of the most security-hardened operating systems in the world.
How does it work (technically)?
Anthropic launches an isolated container running the project-under-test and its source code, then invokes Claude Code with Mythos Preview, prompting it to find security vulnerabilities. In a typical attempt, Claude reads the code to hypothesize vulnerabilities, runs the actual project to confirm or reject its suspicions, and finally outputs either that no bug exists or a bug report with a proof-of-concept exploit and reproduction steps.
Project Glasswing
Through Project Glasswing, Anthropic is partnering with Apple, Microsoft, Google, and others to use Mythos Preview defensively against future AI-powered cyberattacks.
The bigger picture
Ten years after the first DARPA Cyber Grand Challenge, frontier AI models are now becoming competitive with the best humans at finding and exploiting vulnerabilities. Anthropic frames this as a watershed moment — the same capabilities that could empower attackers are being channeled first toward defense.
It's a significant and somewhat unprecedented release strategy — powerful enough to withhold from the public, but actively deployed to harden critical infrastructure.
No comments:
Post a Comment