Protecting critical software in the age of AI \ Anthropic

Identifying vulnerabilities and exploits with Claude Mythos Preview

Over the past few weeks, we’ve used Claude Mythos Preview to identify thousands of zero-day vulnerabilities (that is, flaws previously unknown to software developers) across every major operating system, every major web browser, and other critical software. Many of them are serious.

Frontier Red Team blog posts provide technical details about a subset of these vulnerabilities that have already been patched, and in some cases how to exploit vulnerabilities discovered by Mythos Preview. Identifying nearly all of these vulnerabilities and developing many associated exploits was done completely autonomously, without any human interaction. Below are three examples.

Mythos Preview discovered a 27-year-old vulnerability in OpenBSD, which has a reputation as one of the world’s most secure operating systems and is used to run firewalls and other critical infrastructure. This vulnerability allows an attacker to remotely crash a machine by simply connecting to a machine running the operating system.
A 16-year-old vulnerability in FFmpeg, which is used by countless software to encode and decode video, was also discovered in a line of code where automated testing tools failed to detect the issue after 5 million hits.
This model autonomously discovered and chained together several vulnerabilities in the Linux kernel (the software that runs most of the world’s servers), allowing attackers to escalate from normal user access to complete control of the machine.

The above vulnerabilities have been reported to the associated software administrators and all have now been patched. For many other vulnerabilities, we are providing cryptographic hashes of the details today (see Red Team blog) and will reveal more details after the fixes are applied.

Evaluation benchmarks such as CyberGym highlight significant differences between Mythos Preview and the next best model, Claude Opus 4.6.

Reproducing cybersecurity vulnerabilities

In addition to our own efforts, many of our partners have already been using Claude Mythos Preview for several weeks. Here’s what they found:

“AI capabilities have crossed a threshold that fundamentally changes the urgency needed to protect critical infrastructure from cyber threats, and there is no going back. We have found that our foundational work with these models allows us to identify and remediate security vulnerabilities across hardware and software at a pace and scale that was previously impossible. This is a sea change, and a clear signal that traditional methods of hardening systems are no longer sufficient.” Providers now need to be willing to adopt new approaches, and customers need to be ready to adopt them, too. This is why Cisco joined the project.”Glasswing–This work is too important and too urgent to be done alone. ”

“At AWS, we build defenses before threats emerge, from our custom silicon to our technology stack. Security is not a phase for us; it is continuous and embedded in everything we do. Our teams analyze over 400 trillion network flows to detect threats every day, and AI is at the heart of our ability to defend at scale. We use Claude Mythos Preview in our own security operations. We are bringing our security expertise to our partnership with Anthropic to help power Claude Mythos Preview, so even more organizations can move forward with their most ambitious work with standard-setting security.”

“As we enter a phase where cybersecurity is no longer tied to purely human capabilities, the opportunity to responsibly use AI to improve security and reduce risk at scale is unprecedented. By joining Project Glasswing with access to Claude Mythos Preview, you can identify and mitigate risks early and enhance your security and development solutions, so you can better protect your customers and Microsoft. CTI-REALM, our open source security benchmark. The Claude Mythos Preview showed significant improvements compared to its predecessor, and we look forward to partnering with Anthropic and the broader industry to improve security outcomes for everyone.”

Igor Tsygansky

Vice President, Cybersecurity and Microsoft Research, Microsoft

Read the announcement

“The window between a vulnerability being discovered and being exploited by an adversary has collapsed. What once took months can now be done in minutes with AI. The Claude Mythos Preview demonstrates what defenders can do at scale, and adversaries will inevitably seek to exploit the same capabilities. That’s not a reason to slow down. It’s a reason to work together and move faster. AI You need security to deploy it, which is why CrowdStrike has been part of this effort since day one.”

“Traditionally, security expertise has been a luxury reserved for organizations with large security teams. Maintainers of open source, whose software underpins much of the world’s critical infrastructure, have historically been forced to figure out security themselves. Open source software makes up the majority of the code in modern systems, including the very systems that AI agents use to create new software. By giving codebase maintainers access to a new generation of AI models that can proactively identify and fix vulnerabilities at scale, Project Glasswing is a reliable path to changing this equation, thus allowing AI-enhanced security to become a trusted companion for all maintainers, not just expensive security teams.”

“Advancing cybersecurity and resiliency in the financial system is central to JPMorgan Chase’s mission, and we believe the industry is strongest when industry-leading institutions collaborate on a common challenge. We take a rigorous, independent approach to determining how we move forward and where we can help. Anthropic’s efforts reflect the kind of forward-thinking, collaborative approach that this moment calls for. ”

Pat Oppet

JPMorgan Chase Chief Information Security Officer

“Google is pleased to see this cross-industry cybersecurity initiative working together and making Mythos Preview available to participants through Vertex AI. It has always been important for the industry to collaborate on emerging security issues, such as post-quantum cryptography, responsible zero-day disclosure, secure open source software, and defending against AI-based attacks. We have long believed that AI poses new challenges and new opportunities for cyber defense, which is why we are committed to Big Sleep. We continue to invest in our leading cybersecurity platform and culture focused on protecting our users, customers, ecosystem, and national security.”

“For the past few weeks we have been working on the Claude Mythos Preview. We now have access to models that we have used to identify complex vulnerabilities that were completely missed by previous generation models, which is not only a game-changer in discovering previously hidden vulnerabilities, but also allowing attackers to quickly create more zero-day vulnerabilities. It’s clear that discovering and fixing these models will need to be in the hands of open source owners and defenders everywhere.”Perhaps more importantly, AI As attacks become more sophisticated and leveraged, cybersecurity stacks everywhere need to be modernized. We applaud Anthropic for making these powerful features a priority for defense. ”

Claude Mythos Preview’s powerful cyber capabilities are a result of its strong agent coding and reasoning skills. For example, as shown in the evaluation results below, this model has the highest scores of any model developed to date on a variety of software coding tasks.

Mythos preview without tools

Mythos preview using tools

Please refer to the Claude Mythos Preview system card for detailed information on model functionality, safety, and general characteristics.

Although we have no plans to make Claude Mythos Preview publicly available, our ultimate goal is to enable users to safely deploy Mythos class models at scale. Not only for cybersecurity purposes, but also for the countless other benefits that such a highly functional model brings. This requires advancing the development of cybersecurity (and other) safeguards that detect and block the most dangerous outputs of models. We plan to introduce new protections in future Claude Opus models, allowing us to improve and refine protections in models that do not pose the same level of risk as the Mythos Preview.³.

Project Glasswing Plan

Today’s announcement is the beginning of a long-term effort. Success requires broad engagement from within and outside the technology industry.

Project Glasswing partners will have access to Claude Mythos Preview to help them find and remediate vulnerabilities and weaknesses in their underlying systems, which represent a very large portion of the world’s shared cyber attack surface. This work is expected to focus on tasks such as local vulnerability detection, binary black box testing, endpoint protection, and system penetration testing.

Anthropic has committed $100 million in model usage credits to Project Glasswing and additional participants, covering significant usage throughout this research preview. The Claude Mythos preview will then be offered to participants for $25 or $125 per million input/output tokens (participants will have access to the Claude API, Amazon Bedrock, Google Cloud’s Vertex AI, and models on Microsoft Foundry).

In addition to the model usage credit commitment, to help open source software maintainers adapt to this changing landscape, we have donated $2.5 million to Alpha-Omega and OpenSSF through the Linux Foundation and $1.5 million to the Apache Software Foundation (maintainers interested in access can apply through the Claude for Open Source program).

We plan to expand the scope of this work and continue it for many months, sharing as much as we can so other organizations can apply the lessons to their own security. Partners will share information and best practices with each other to the extent possible. Within 90 days, Anthropic will publicly report on what we have learned, any vulnerabilities that have been fixed, and any improvements we can make publicly available. We will also work with leading security organizations to develop a set of practical recommendations on how security practices should evolve in the age of AI. This may include:

Vulnerability disclosure process.
Software update process.
Open source and supply chain security.
Software development life cycle and secure by design practices.
Regulated industry standards.
Prioritize scaling and automation. and
Automate patching.

Anthropic also has ongoing discussions with U.S. government officials regarding the Claude Mythos Preview and its offensive and defensive cyber capabilities. As stated above, protecting critical infrastructure is a top national security priority for democracies. The emergence of these cyber capabilities is another reason the United States and its allies must maintain a decisive lead in AI technology. Governments have a critical role to play in maintaining that lead and in assessing and mitigating national security risks associated with AI models. We stand ready to work with local, state, and federal representatives to support these missions.

We hope that Project Glasswing will be the seed of a larger effort across industry and the public sector, helping all stakeholders tackle the biggest questions about the security implications of strong models. We invite other AI industry members to help set industry standards. In the medium term, independent third parties that can bring together private and public sector organizations may be the ideal home for continued efforts on these large-scale cybersecurity projects.

Source link