Anthropic stated this The debut of its brand new Claude Mythos Preview model The evolution of cyber security is at a crucial juncture, posing a unique existential challenge to current software defense strategies. So, is it more AI hype—or a true turning point?
Anthropic claims that Mythos Preview is able to detect vulnerabilities within virtually every software application, including operating systems, browsers, and other products, and develop exploits autonomously. With this in mind, the company is only releasing the new model to a few dozen organizations for now—including Microsoft, Apple, Google, and the Linux Foundation—as part of a consortium dubbed Project Glasswing. After years of speculation on how generative AI might impact cybersecurity, this week’s news sparked controversy over whether the reckoning is really here and what that could look like.
Anthropic claims are viewed with skepticism by many. Many people are skeptical about Anthropic’s claims. Anthropic’s latest model will benefit from being positioned as exclusive, mysterious and powerful. Some researchers and practitioners agree, but point out they also believe Anthropic. The company claims that Mythos is only the first of many models to offer capabilities.
“I typically am very skeptical of these things, and the open source community tends to be very skeptical, but I do fundamentally feel like this is a real threat,” Alex Zenla is the chief technology officer at cloud security company Edera.
Zenla, and others point specifically to Mythos Preview as the pivotal capability. They say that generative AI is becoming more adept at developing and identifying what they call “Mythos”. “exploit chains,” or groups of vulnerabilities that can be exploited in sequence to deeply compromise a target—essentially Rube Goldberg–machine-style hacking. Some of the most advanced hacking techniques use exploit chains. zero-click attacks This compromises the system without any user interaction.
“We are already living in the world where companies run vulnerable software, vulnerable hardware, and struggle to patch. Many companies are not capable of securing their infrastructure—that hasn’t really changed from yesterday to today,” Niels P. Provos is a long-time researcher and security expert. “But from what I understand, Mythos is really good at coming up with multistage vulnerabilities, and then also provides the proof of exploitation. I don’t think it intrinsically changes the problem space, but it changes the required skill level to find these vulnerabilities and exploit them.”
The limited distribution of Mythos Preview for Project Glasswing participants gives the defenders only a short lead time before they can use it to identify weaknesses in their systems and begin to think more widely about how to improve software development and update cycles and adopt patches, all without giving attackers widespread access.
The industry leaders are heeding this warning. Logan Graham of Anthropic, who leads the frontier red team, told WIRED that, as they reached out to companies about Project Glasswing in preparation for this week’s official announcement, their phone calls became shorter.
“This is an issue that involves all of the model developers. Our goal here is just to kick things off,” Graham Graham “It’s really important that Mythos Preview gets in the hands of defenders to give a head start.”
