Anthropic has revealed plans to release its Mythos-class models, which excel at identifying security vulnerabilities in programming code, to the public. However, the company has emphasized that this will only occur once it can ensure the models are safe to use.
Current Access Limitations
Currently, access to Mythos is restricted to select entities through a program called “Project Glasswing.” This initiative has shown that while Mythos can quickly identify numerous bugs, many of these vulnerabilities are not beyond the reach of human discoverability given sufficient time and resources. Participants in the program have reported that the volume of bugs identified can be overwhelming, complicating their ability to address all findings.
Global Reactions and Security Concerns
The existence of Mythos has prompted significant concern among global authorities. For instance, the Japanese government has initiated a comprehensive security review, and Indian regulators have called for urgent patching efforts within financial institutions. This reflects a broader recognition that even less advanced AI models are capable of discovering vulnerabilities, raising the stakes for cybersecurity defenses.
Future Developments and Safeguards
In a recent update, Anthropic stated that it plans to collaborate with critical partners, including U.S. and allied governments, to expand Project Glasswing. The company has not provided a specific timeline for when the Mythos models will be made publicly available, only indicating that this will happen once stronger safeguards are developed. Anthropic has acknowledged that no existing company has yet created sufficient protections to prevent misuse of such powerful AI models.
Vulnerability Findings and Impact
To date, Mythos has scanned over 1,000 open-source projects, uncovering approximately 6,202 high or critical severity vulnerabilities among a total of 23,019 flaws. Anthropic has confirmed that 1,752 of these high or critical vulnerabilities have undergone validation, with 90.6 percent deemed legitimate. Notably, one critical flaw identified affected the wolfSSL cryptography library, which is widely used across various devices. Anthropic has indicated that this vulnerability has been patched, and further technical analysis will be provided soon.
As of now, 75 out of the 530 high or critical severity bugs reported have been patched, with 65 of these receiving public advisories. Anthropic believes that the current patching rate may be understated, as some vulnerabilities are addressed without public disclosure. The influx of vulnerabilities identified by Mythos is contributing to an already strained security landscape, prompting Anthropic to suggest that AI could assist in alleviating some of the burdens faced by security teams.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
