Anthropic unveils Claude Mythos Preview to auto‑detect security flaws for select partners
Key Points
- Anthropic launches Claude Mythos Preview, an AI model that autonomously detects high‑severity software vulnerabilities.
- The model is part of Project Glasswing and is limited to about 40 defensive‑security partners, including JPMorgan Chase and the Linux Foundation.
- Anthropic claims Mythos Preview has flagged vulnerabilities in every major operating system and web browser.
- Company will provide up to $100 million in usage credits and $4 million in donations to open‑source foundations.
- Access is restricted to prevent adversaries from using the model for offensive purposes.
- Anthropic has briefed senior U.S. government officials about the model’s capabilities.
- Tech partners such as Nvidia, Google, AWS, Apple and Microsoft are involved in the broader Glasswing initiative.
Anthropic has rolled out Claude Mythos Preview, a new AI model under the Project Glasswing initiative, to a handful of defensive‑security partners. The model, which the company says can identify high‑severity vulnerabilities across major operating systems and browsers without human guidance, will initially be available only to firms like JPMorgan Chase, Cisco and the Linux Foundation. Anthropic is backing the launch with up to $100 million in usage credits and a $4 million donation to open‑source foundations, while also holding preliminary talks with U.S. officials about its offensive and defensive capabilities.
Anthropic announced the debut of Claude Mythos Preview, a general‑purpose AI model designed to hunt for software vulnerabilities with little to no human oversight. Branded under the Project Glasswing partnership, the offering is limited to a curated list of "defensive security" collaborators, including JPMorgan Chase, Broadcom, Cisco, CrowdStrike, the Linux Foundation, Palo Alto Networks and roughly 40 other organizations that build or maintain critical software infrastructure.
The company says Mythos Preview’s "strong agentic coding and reasoning skills" enable it to flag "thousands of high‑severity vulnerabilities, including some in every major operating system and web browser." In internal testing, the model reportedly identified flaws and even generated related exploits autonomously, without any human steering. Newton Cheng, Anthropic’s cyber lead for the frontier red team, told The Verge the tool is intended to give defenders a "head start" against potential attackers.
Access to the model remains tightly controlled. Anthropic’s blog notes that limiting availability helps keep adversaries from leveraging the same technology to locate weak points for attacks. As a result, the company is not planning a public release of Mythos Preview at this time.
To encourage adoption, Anthropic will subsidize usage for its Glasswing partners. The firm pledged up to $100 million in usage credits and a $4 million direct donation split between the Linux Foundation and the Apache Software Foundation. These contributions aim to offset the cost of running the model while the company evaluates its long‑term commercial viability.
Anthropic’s move comes amid heightened scrutiny of AI firms’ role in cybersecurity. The company, which recently faced a public dispute with the Trump administration, said it is in "ongoing discussions with US government officials" about the model’s capabilities. Dianne Penn, head of product management, confirmed that senior U.S. officials have been briefed on Mythos Preview, though she declined to name specific agencies.
Project Glasswing also brings together tech giants such as Nvidia, Google, Amazon Web Services, Apple and Microsoft, though the exact nature of their involvement was not detailed. The partnership underscores a broader industry push to embed AI into security operations, a trend that could reshape how enterprises and governments address software risk.
While Anthropic touts the model’s autonomous vulnerability detection, critics caution that relying on AI alone may introduce new challenges. The Verge’s interview with Cheng avoided disclosing concrete success metrics beyond the company’s own examples, leaving external validation pending.
For now, Mythos Preview remains a private tool aimed at fortifying the defenses of select partners. Its performance, cost structure and potential evolution into a broader paid service will likely be watched closely by both the cybersecurity community and regulators interested in the intersection of AI and national security.