Anthropo, recently converted into the The highest rated frontier AI lab in the game. and announcing plans for its initial public offeringhas expanded access to Claude Mythos Preview, its model that would supposedly destroy the very concept of cybersecurity as we know it if it were released to the market. According to the companyis expanding access to the model through its Project Glasswing initiative, making it available to 150 new organizations in 15 countries.
by anthropicIts new partner organizations include those in the energy, water, healthcare, communications and hardware industries. Many are vendors that “maintain code bases that are trusted by many other organizations around the world, including governments.” They are also potential targets of “catastrophic” cyberattacks. By Anthropic’s calculations, a major cyberattack against any of them could affect more than 100 million people and have ramifications for national and global security.
Their access to Claude Mythos Preview will be the same as previous partners: they will be able to use the model in a limited capacity to test and identify security vulnerabilities so they can be patched and resolved before being exploited by hackers or other models for malicious purposes.
Mythos remains a mystery to those not part of the group (making its name appropriate!), but we’ve taken a couple of looks at the model and how it’s used. Cloudflare, for example, shared That Mythos Preview was particularly adept at constructing exploit chains, which is basically spotting how multiple bugs can be used to create a series of attacks that cause more damage than a single exploited flaw.
But Anthropic also revealed that Mythos isn’t necessarily ready for prime time, which could also be part of why it’s keeping it for such a small, controlled user base. It found that the model’s organic safeguards (i.e. what requests it will say “no” to) were inconsistent and could change after seemingly unrelated changes. He also found that while Mythos Preview is good at detecting vulnerabilities, it is not as equipped to patch them. The company found that letting the model write its own patches would typically result in breaking another part of the code base in the process.
Cloudflare also noted that other models found many of the same bugs as Mythos, an observation that has been made elsewhere. A security company called Aisle tested several small open source models and was able to find the same vulnerabilities That’s what Anthropic highlighted when it announced Mythos: vulnerabilities that went unnoticed by humans for decades.
That’s not to say that the Mythos Preview isn’t a step up from other models, but it does make Project Glasswing and its slow release seem more like a marketing gimmick than a true security precaution. Some cybersecurity experts suggested to the New York Times that keeping the model under lock and key does not really solve the problem of widespread security vulnerabilities; it only gives an advantage to a handful of players.
It also has the added effect (and benefit to Anthropic) of making it extremely difficult to evaluate Mythos Preview if you are not one of the few organizations with access. It is a modern version of “security through obscurity”, a method that is widely ridiculed in modern cybersecurity practices. But it seems Anthropic’s plan for now is to see how high they can build the walls of their black box.
