Anthropic has revealed a new AI system it says is too powerful to release.
The model, known as “Mythos”, is able to find unpatched vulnerabilities in security tools and so could undermine the very foundations of how the internet works, the company warned.
That could allow it to discover – and allow attackers to exploit – problems with the encryption and other security tools that keeps our private messages, browsing and other personal data safe, experts suggest.
“AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities,” Anthropic said in its announcement.
The danger is such that it has launched a new initiative called Project Glasswing that is aimed at protecting the internet and the world from the danger posed by systems such as Mythos. The project brings together “Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks in an effort to secure the world’s most critical software”, it said.
For now, the general-purpose Mythos is not being released, and is only available as a preview. But it had already revealed the “stark fact” of the danger posed by such systems, Anthropic said.
“Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser,” Anthropic wrote. “Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely.
“The fallout—for economies, public safety, and national security—could be severe. Project Glasswing is an urgent attempt to put these capabilities to work for defensive purposes.”
The power of Mythos stands in contrast to Opus 4.6, the most powerful public version of the system that powers Anthropic’s Claude chatbot. While powerful in other ways, that system was unable to find exploits that had not been made public, but Mythos has already discovered “thousands” of problems, “many of them critical”.
It also notably more powerful in a range of other tasks, such as “agentic coding”, where the AI is able to design systems itself, as well as more broad reasoning tests.
The announcement from Anthropic led to a flurry of concern among security experts and other internet users. Many advised taking the usual advice: securing systems with additional protections such as two-factor authentication, as well as only using systems that were trusted and being actively updated to protect against threats.