Anthropic's groundbreaking AI model, Claude Mythos Preview, has identified thousands of critical zero-day vulnerabilities across major operating systems and web browsers. In response to these alarming discoveries and the potential for misuse, Anthropic has launched Project Glasswing, a collaborative cybersecurity initiative aimed at proactively patching these flaws before malicious actors can exploit them.

Key Takeaways

• Claude Mythos Preview has discovered thousands of high-severity zero-day vulnerabilities in major operating systems and web browsers.

• Project Glasswing is an initiative by Anthropic and industry partners to use Mythos's capabilities for defensive purposes.

• Anthropic is not releasing Mythos Preview publicly due to its potent cybersecurity capabilities.

• The initiative involves collaboration with major tech companies, financial institutions, and cybersecurity firms.

A New Era of Vulnerability Discovery

Anthropic's Claude Mythos Preview has demonstrated an unprecedented ability to not only find but also exploit software vulnerabilities. The AI model has autonomously identified thousands of high-severity zero-day flaws, some of which have existed for decades, across virtually every major operating system and web browser. This capability marks a significant leap from previous AI models, which could identify bugs but struggled to create functional exploits.

One notable example highlighted by Anthropic involved Mythos Preview autonomously developing a web browser exploit that chained together four vulnerabilities to escape sandboxes. The model also successfully solved a complex corporate network attack simulation in under 10 hours, a task that would typically take a human expert significantly longer.

Project Glasswing: A Defensive Alliance

In response to the potent capabilities of Claude Mythos Preview, Anthropic has initiated Project Glasswing. This initiative brings together a select group of leading organizations, including Amazon Web Services, Apple, Google, Microsoft, and NVIDIA, along with financial institutions and cybersecurity firms. The goal is to leverage Mythos's advanced vulnerability detection to secure critical software before these flaws can be weaponized.

Anthropic is committing significant resources to Project Glasswing, including up to $100 million in usage credits for Mythos Preview and substantial donations to open-source security organizations. The company emphasizes that these capabilities emerged as a consequence of general improvements in coding, reasoning, and autonomy, rather than explicit training for exploitation.

Concerns and Responsible Disclosure

Anthropic has opted not to make Claude Mythos Preview generally available due to concerns that its cybersecurity prowess could be misused. The company acknowledges that the same advancements that enable Mythos to find and patch vulnerabilities also make it exceptionally effective at exploiting them. This dual nature necessitates a cautious approach, prioritizing defensive applications.

Anthropic is employing a rigorous process for responsible disclosure, triaging identified bugs and working with professional human triagers to validate reports before sending them to maintainers. The company aims to collaborate with maintainers to develop patches and follows a coordinated vulnerability disclosure framework, typically waiting 45 days after a patch is available before releasing full technical details.

The Future of Cybersecurity

The emergence of AI models like Claude Mythos Preview signals a transformative shift in cybersecurity. While these tools offer powerful defensive capabilities, they also present new challenges. Project Glasswing represents a proactive effort to harness AI for good, fostering collaboration among industry leaders to stay ahead of potential threats in an increasingly complex digital landscape.

Sources

• Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems, The Hacker News.

• Anthropic's latest AI model identifies 'thousands of zero-day vulnerabilities' in 'every major operatingsystem and every major web browser' — Claude Mythos Preview sparks race to fix critical bugs, some unpatched fordecades, Tom's Hardware.

• Anthropic's new AI model finds and exploits zero-days across every major OS and browser, Help Net Security.

• Anthropic Introduces Claude Mythos & Joins Forces With Rivals To Stop AI From Hacking Everything, LinkedIn.

• Anthropic says its most powerful AI cyber model is too dangerous to release publicly — so it built ProjectGlasswing, Venturebeat.