Anthropic unveils Mythos AI model in limited rollout for cybersecurity partners
Key Points
- Anthropic previewed its new frontier model, Mythos, on Tuesday.
- Mythos will be used by 12 partner organizations in Project Glasswing for defensive cybersecurity.
- The model has already identified thousands of zero‑day vulnerabilities, many critical and decades old.
- Partners include Amazon, Apple, Broadcom, Cisco, CrowdStrike, the Linux Foundation, Microsoft, and Palo Alto Networks.
- Forty organizations will have preview access, but the model is not slated for general release.
- Anthropic is in ongoing talks with U.S. officials about broader use of Mythos amid a legal dispute with the Pentagon.
- A recent leak of a draft blog about the model, previously codenamed “Capybara,” was traced to human error.
Anthropic announced Tuesday that its newest frontier AI model, Mythos, will be deployed in a restricted preview for twelve leading tech firms under a new initiative called Project Glasswing. The model, described as the company’s most powerful to date, will scan both proprietary and open‑source software for zero‑day vulnerabilities. Anthropic says Mythos has already identified thousands of critical bugs, many decades old, and will be used for defensive security work while the firm continues discussions with U.S. officials about its broader applications.
Anthropic released a preview of Mythos, its latest frontier AI model, on Tuesday, marking the first public glimpse of what the company calls its most powerful system yet. The rollout is limited to a select group of twelve partner organizations that will employ the model for defensive cybersecurity tasks under a program dubbed Project Glasswing.
Mythos is a general‑purpose model that powers Anthropic’s Claude suite, but it boasts enhanced agentic coding and reasoning abilities. While not trained exclusively for security work, the model can analyze first‑party and open‑source codebases to locate vulnerabilities. Anthropic claims that within weeks of testing, Mythos uncovered “thousands of zero‑day vulnerabilities, many of them critical,” some of which date back one to two decades.
Project Glasswing brings together a cross‑industry coalition that includes Amazon, Apple, Broadcom, Cisco, CrowdStrike, the Linux Foundation, Microsoft, and Palo Alto Networks. The partners will share findings from their deployments, with the goal of raising the overall security posture of the tech ecosystem. In total, forty organizations will gain access to the Mythos preview, though only the twelve core partners will participate directly in the initiative.
The model’s primary function will be to scan software for bugs that could be exploited by malicious actors. By flagging these issues early, Anthropic hopes to give developers the chance to patch weaknesses before they are weaponized. The company says the early results are promising, noting that many of the identified flaws are older code that has lingered in the supply chain unchecked.
Anthropic emphasized that the preview is not a commercial release and that broader availability is not planned at this stage. Nevertheless, the firm is in “ongoing discussions” with federal officials about potential wider use of Mythos, a dialogue complicated by a pending legal dispute with the Pentagon. The Department of Defense has labeled Anthropic a supply‑chain risk after the company refused to permit autonomous targeting or surveillance of U.S. citizens.
The Mythos announcement follows a recent data‑security incident in which a draft blog about the model—then codenamed “Capybara”—was inadvertently exposed in a public data lake. Anthropic attributed the leak to human error, and security researchers quickly flagged the oversight. The incident resurfaced after Anthropic accidentally released nearly 2,000 source‑code files and over half a million lines of code while launching version 2.1.88 of its Claude Code package, leading to the temporary removal of thousands of GitHub repositories.
Despite these setbacks, Anthropic remains confident in Mythos’s capabilities. The company argues that the model’s ability to identify deep‑seated vulnerabilities could be a game‑changer for defensive security, provided it stays in the hands of trusted partners. As Project Glasswing progresses, the participating firms will compile and share insights, potentially shaping industry‑wide best practices for AI‑assisted code auditing.