Mythos continues to mystify

TL;DR: Anthropic announced a limited preview of Claude Mythos—an AI model allegedly so dangerous that the company is keeping it off the market entirely. Instead of a public release, Anthropic launched Project Glasswing: a coalition of some of the world's biggest tech companies given exclusive access to use Mythos for defense. The bigger warning: Rival models with similar capabilities could be just months away.

What happened: Mythos can find decades-old vulnerabilities, chain multiple flaws together into novel attacks, and write working exploits autonomously (things previous models couldn't come close to). What makes this especially alarming is that Mythos wasn’t trained to do any of this. These capabilities emerged on their own, according to Anthropic. Launch partners in the Glasswing coalition include Apple, Google, Microsoft, Cisco, and Broadcom. According to reports, Anthropic has also briefed a handful of senior US officials on Mythos's offensive and defensive abilities, but declined to say whether any at the Pentagon, which recently designated the company a supply chain risk, were among them. Anthropic says it has no plans to release Mythos broadly, though it aims to eventually ship Mythos-class models once safeguards are in place.

What everyone is afraid of: Anthropic says Mythos has already:

• Uncovered thousands of zero-day vulnerabilities—flaws unknown to the developers—across virtually every operating system and web browser.
• Found a 27-year-old vulnerability in OpenBSD—an OS known for its supposed ironclad security—that could remotely crash machines running it.
• Turned known Firefox vulnerabilities into working exploits over 180 times out of several hundred attempts, while Opus 4.6 only managed it twice.
• Escaped its testing environment, gained broader internet access, and then—unprompted—posted about its activities on the web.
• Tried to manipulate an AI judge grading its code.
• And of course, it acted like a ruthless corporate executive.

Anthropic also says Mythos can take down a Fortune 100 company and break into national defense systems.

What’s next: Some experts estimate that we have roughly six months before other models develop comparable capabilities, at which point every cybercriminal on Earth gets a world-class exploit writer. Everything’s fine.

Keep in mind: Anthropic's whole reason for existing is to be the safety-focused lab that gets to dangerous AI capabilities first, so it can figure out how to contain them before anyone else does. But the flip side, as journalist Kelsey Piper puts it, is that one private company now holds “zero-day exploits of almost every major software project you've heard of” and is sitting on potentially the world’s most powerful cyberweapon, while making all the decisions about who gets near it. —WK

Also at Anthropic…

• A US appeals court just let the Pentagon’s Anthropic blacklisting stand while litigation proceeds.
• The company also expanded its Google Cloud partnership for “multiple gigawatts” of additional TPU capacity, set to come online in 2027.
• Anthropic might not turn a profit until 2029, per internal documents obtained by the Wall Street Journal.