Anthropic's Claude Mythos Preview Uncovers Major Software Vulnerabilities, Raising Concerns Over Corporate Control

Anthropic released Claude Mythos Preview, an AI model capable of identifying and exploiting software vulnerabilities, but restricted its access to around 50 organizations—including Microsoft, Apple, Amazon Web Services, and CrowdStrike—under Project Glasswing. The model uncovered thousands of vulnerabilities across major operating systems and browsers, including a 27-year-old bug in OpenBSD and a 16-year-old flaw in FFmpeg, and weaponized Firefox vulnerabilities into 181 usable attacks (compared to two by Anthropic’s previous model). Security contractors agreed with Mythos’ severity ratings 198 times, achieving 89% alignment, though the model’s false-positive rate remains undisclosed. OpenAI similarly announced GPT-5.4-Cyber, another AI model deemed too dangerous for public release. Security firm Aisle replicated many of Mythos’ findings using smaller, publicly available AI models. The article highlights concerns over unilateral corporate control of such technologies and calls for greater transparency and independent auditing.