Anthropic has developed a highly advanced AI model that has uncovered thousands of cybersecurity vulnerabilities across major operating systems and web browsers. Instead of releasing this powerful tool to the public, the company chose to share it with organizations responsible for maintaining internet security. This approach aims to prevent potential misuse while helping improve online safety globally.

Introducing Claude Mythos Preview and Project Glasswing

The AI model, called Claude Mythos Preview, has demonstrated capabilities beyond what was initially expected. It was not specifically trained for cybersecurity but naturally discovered vulnerabilities through its general improvements in coding, reasoning, and autonomy. These enhancements allow the model to both identify and exploit security flaws with impressive accuracy.

Anthropic launched Project Glasswing to collaborate with key industry players. Major companies like Amazon Web Services, Apple, Google, Microsoft, and Nvidia are involved, along with organizations such as the Linux Foundation, Palo Alto Networks, and JPMorgan Chase. The initiative also includes over 40 other organizations involved in critical software infrastructure. To support this effort, Anthropic is offering up to US$100 million in usage credits for Mythos Preview, along with US$4 million in donations to open-source security groups.

Uncovering Hidden Vulnerabilities in Critical Software

Mythos Preview has already found and exploited several long-standing bugs, including a 27-year-old flaw in OpenBSD, known for its security focus. It also autonomously identified and exploited a 17-year-old remote code execution vulnerability in FreeBSD, which could allow hackers to take complete control of affected servers. Remarkably, the AI discovered and exploited these flaws without human intervention after initial prompts.

Nicholas Carlini, a researcher from Anthropic, explained that the AI can chain multiple vulnerabilities together to produce sophisticated exploits. He noted that in recent weeks, he has found more bugs with Mythos Preview than he had in his entire career before. This shows how powerful and efficient the model is at uncovering security issues that often go unnoticed for years.

These findings highlight the potential for AI to play a major role in cybersecurity. However, they also raise concerns about misuse if such capabilities fall into the wrong hands. Anthropic is carefully controlling access to Mythos Preview to prevent malicious use and to ensure it is used responsibly for improving online safety.

Why Anthropic Won’t Release the Model Publicly

Despite its impressive capabilities, Anthropic has decided not to make Mythos Preview widely available. Newton Cheng, the company’s cybersecurity lead, explained that the risks outweigh the benefits. As AI technology advances rapidly, there’s a real danger that such powerful tools could be used maliciously or irresponsibly, causing widespread harm to economies, public safety, and national security.

The company is focused on working with trusted partners and organizations to responsibly develop and test these tools. By doing so, they hope to understand the full implications and establish safeguards before any broader release. Anthropic’s cautious approach aims to prevent scenarios where AI-driven exploits could be used maliciously on a large scale.

This decision is grounded in the reality that the technology’s capabilities are still evolving, and its potential to cause harm is significant if left unchecked. For now, the company prefers to limit access to ensure that the benefits of AI-driven cybersecurity improvements are realized safely and ethically.

Inspired by

• https://www.artificialintelligence-news.com/news/anthropic-keeps-new-ai-model-private-after-it-finds-thousands-of-external-vulnerabilities/

Sources

• anthropic.com
• anthropic.com
• nextgov.com