How Anthropic’s New AI Model ‘Mythos’ Revolutionizes Cybersecurity: 50 Organizations Get Early Access

Translation result

[Digital Today reporter Hwang Chi-gyu] Anthropic has granted limited early access to its new AI model, Claude Mitos, to roughly 50 organizations, saying the model is too effective at finding and exploiting software vulnerabilities. The rollout is being conducted under “Project Glasswing.”

Anthropic says Mitos identified thousands of vulnerabilities across major operating systems and browsers, including a 27-year-old OpenBSD bug and a 16-year-old FFmpeg flaw. Anthropic also reported that Mitos produced 181 pieces of exploit code for a Firefox vulnerability—compared with just two from the company’s prior flagship model.

Global cryptographer and security expert Bruce Schneier wrote on his website that Anthropic’s approach resembles the “responsible disclosure” process security researchers have long advocated, but that there is too little information to properly evaluate the company’s decision. The published cases are notable, he said, but they don’t reveal how often Mitos was wrong.

Anthropic reported that external security contractors concurred with Mitos’s vulnerability-severity ratings 89% of the time. Schneier called that figure “impressive but incomplete.” Independent researchers studying similar models have found that systems good at catching real bugs also tend to generate plausible false positives in code that has already been fixed. Without an error-rate breakdown, the 89% statistic is insufficient to draw firm conclusions.

That distinction matters for operational risk. “A model that reliably finds and weaponizes hundreds of vulnerabilities would be a game changer,” Schneier wrote. “A model that spits out thousands of false positives still requires skilled humans. If we don’t know Mitos’s error rate, we can’t tell whether Anthropic’s examples represent the whole picture or are cherry-picked successes.”

Large language models like Mitos perform best on inputs similar to their training data. In practical terms, Anthropic trained Mitos heavily on publicly available code: open-source projects, major browsers, the Linux kernel, and widely used web frameworks.

Concentrating initial access with major software vendors is sensible because it gives defenders a chance to patch before attackers can exploit findings. That advantage erodes, however, when the focus shifts to software domains that were underrepresented in Mitos’s training data.

Schneier warned that Mitos would likely struggle with vulnerabilities in industrial control systems, medical-device firmware, bespoke financial infrastructure, regional bank software, and legacy embedded systems. An attacker who does have domain expertise could weaponize Mitos’s advanced reasoning to probe systems where Anthropic’s engineers lack deep knowledge. The real danger is not that Mitos fails in those fields, but that it succeeds in the hands of skilled adversaries.

To reduce that asymmetry, Schneier urged Anthropic to broaden access to experts such as medical-device security cardiologists, control-systems engineers, and researchers familiar with less common languages and ecosystems. “No matter how carefully you select partners, 50 companies cannot substitute for the distributed expertise across the research community,” he said. “Anthropic is a private company with limits on staff, budget, and expertise. It will unilaterally decide which critical infrastructure to prioritize—and it will miss some. If what’s missed includes hospital or power-grid software, the costs will be borne by people who had no voice in that decision.”

AI-driven security risks are not unique to Mitos. Schneier noted that OpenAI chose not to release GPT-5.3-Codex publicly because of safety concerns, and that security firm Aisle reproduced many of Anthropic’s published cases using smaller, cheaper open-source AI models.

Schneier said regulation will ultimately be necessary, but that crafting effective rules takes time and public debate. In the interim, he argued, companies like Anthropic should share more information with a broader community of experts.

“I’m not calling for a broad public release of a powerful model like Mitos,” he wrote. “But Anthropic should share as much data and supporting information as possible so the community can make informed, collective decisions. It should support international cooperation for independent audits, require publication of aggregated performance metrics, and enable access for academic and civil-society researchers.”