Anthropic launches the global cybersecurity initiative Glasswing; why isn’t the new model Mythos available for general public use?

Anthropic recently announced the launch of its new AI model, Claude Mythos Preview, and also kicked off a cybersecurity defense initiative called “Project Glasswing.” Because the model’s ability to find software vulnerabilities far surpasses existing technology, Anthropic has decided not to make it publicly available for now. Instead, it is only authorized for use by 40 tech giants and infrastructure companies, including Apple and Google, to prevent the model’s capabilities from ending up in the hands of malicious actors.

Anthropic launches Claude Mythos Preview, giving AI cybersecurity capabilities

The announcement positions Claude Mythos Preview as a general-purpose AI model. Its outstanding coding and reasoning abilities enable it to deliver impressive results in the cybersecurity space.

Anthropic said that, during internal tests over the past few weeks, Mythos Preview has identified thousands of zero-day vulnerabilities that had never been detected before across all mainstream operating systems and mainstream browsers. Many of these have been classified as high-risk, and some vulnerabilities have even been lying dormant in systems for decades.

One example is that Mythos Preview independently identified and exploited a remote code execution vulnerability in the FreeBSD operating system that has existed for 17 years. This could allow an unauthorized person to gain full control of a server from anywhere on the network.

Anthropic emphasized that, of the vulnerabilities discovered so far, more than 99% have yet to be patched. Therefore, the relevant details cannot be publicly disclosed.

Project Glasswing: Patch global critical systems ahead of attackers

To ensure Mythos Preview’s capabilities are used for defense rather than attacks, Anthropic launched the Project Glasswing program. The program’s name is derived from the image of a glasswing butterfly, symbolizing the “thin and invisible” characteristic of software vulnerabilities—like butterfly wings.

Core partners include Amazon Web Services, Apple, Broadcom, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, Nvidia, and others, and 40 organizations responsible for building or maintaining critical software infrastructure are also granted access to the model.

Anthropic committed to provide up to $100 million in model usage credits, so participating companies can use it for free during the cybersecurity research phase. It will also donate $4 million to open-source security organizations, including funding Alpha-Omega and OpenSSF through the Linux Foundation, as well as donating to the Apache Software Foundation. Partners will share testing results, so the broader technology industry can benefit.

The double-edged sword dilemma: Why did Anthropic refuse to publish it for public use?

Newton Cheng, head of Anthropic’s cybersecurity team, said explicitly that it does not plan to make Claude Mythos Preview available to the general public—because it is concerned about its potential attack risks:

As AI capabilities continue to evolve rapidly, powerful tools like this will inevitably spread to malicious actors sooner or later. If that happens, it would pose severe impacts to economic, public, and national security.

Dianne Penn, head of product management for Anthropic’s research, said it is working with the U.S. government to discuss matters, including organizations such as the Cybersecurity and Infrastructure Security Agency (CISA) and the AI Standards and Innovation Center.

It is worth noting that the timing of this release comes just a few weeks after Anthropic and the U.S. Department of Defense sparked a security-use dispute over the use of Claude models. To date, both sides still have an ongoing legal dispute.

(Anthropic sues the Pentagon: Blacklist may lead to losses of tens of billions of dollars and deal a blow to fundraising capabilities)

Dario Amodei: AI will make the cyber world safer, but the transition period will be full of challenges

Anthropic admits that protecting global internet infrastructure may take years. The transition period will also be full of uncertainties. However, the company remains cautiously optimistic about the long-term outlook. It expects that AI’s defensive capabilities will ultimately take the lead, helping to build a safer software ecosystem.

Anthropic also plans to first introduce cybersecurity protection mechanisms for high-risk outputs in the soon-to-be-released Claude Opus series of models. Once the technology matures, it will gradually push for large-scale deployments of Mythos-level models. As the company’s CEO, Dario Amodei, said on X:

Once we get it right, we’ll have an opportunity to build an internet and a world that are safer than they were before AI-driven cyberattack capabilities emerged.

This article, “Anthropic rolls out a global cybersecurity initiative Glasswing, why the new model Mythos isn’t opened up for public use,” first appeared on Chain News ABMedia.