Anthropic Plans Public Release of Mythos Vulnerability-Finder Once Safety Guardrails Are Ready
Key Takeaways
- ▸Mythos can find thousands of critical security vulnerabilities at scale, but poses existential risks to cybersecurity if widely accessible to malicious actors
- ▸Project Glasswing is expanding access to include U.S. and allied governments alongside initial partners, signaling growing institutional demand for the tool
- ▸Anthropic has discovered 6,202 high/critical and 23,019 total vulnerabilities in open-source projects, overwhelming maintainers already drowning in low-quality AI-generated bug reports
Summary
Anthropic announced plans to eventually release its Mythos AI model to the public—a system that excels at discovering security vulnerabilities in code—once it develops adequate safety guardrails. Currently, Mythos is restricted to select entities through "Project Glasswing," which Anthropic is expanding to include more governments and critical infrastructure partners. The company revealed that Mythos has identified over 6,200 high-or-critical-severity vulnerabilities in more than 1,000 open-source projects that underpin much of the internet, but candidly admits that "no company—including Anthropic—has developed safeguards strong enough to prevent such models from being misused and potentially causing severe harm." The timeline for public release remains undefined pending the development of substantially stronger protections.
- Industry has no sufficient safeguards yet; governments are already taking action (Japan ordered security reviews; India demanded bank patching sprees)
