Anthropic withholds Mythos from public release over vulnerability-finding power
Updated
Updated · The Guardian · May 8
Anthropic withholds Mythos from public release over vulnerability-finding power
11 articles · Updated · The Guardian · May 8
Mozilla said Mythos found 271 Firefox vulnerabilities, while the UK AI Security Institute found OpenAI's GPT-5.5 had comparable capability.
The report says such models could help defenders patch software faster, but also enable attackers to discover and exploit flaws at scale, increasing short-term cyber risk.
It argues similar AI reasoning could uncover loopholes in tax and regulatory systems, where fixes are slower and more political than software patches.
As AI automates hacking, are we entering an era of permanent cyber vulnerability for our critical infrastructure?
When AI can find any loophole, will our laws and tax codes become unenforceable for the powerful?
Controlled Access to Claude Mythos: Navigating the Dual-Use Dilemma of AI-Powered Vulnerability Discovery
Overview
In May 2026, Anthropic launched Project Glasswing, a controlled-access initiative that leverages the powerful Claude Mythos Preview AI to discover and fix thousands of hidden software vulnerabilities before attackers can exploit them. This project brings together major tech and infrastructure partners to strengthen global cybersecurity while addressing serious dual-use concerns about the AI's potential offensive misuse. The breakthrough AI dramatically speeds up vulnerability discovery, creating new challenges for security teams to keep pace with patching. Glasswing also aims to rebuild trust with the US government after security concerns, promoting collaboration and ethical oversight to safely harness AI's defensive potential in an evolving cyber threat landscape.