Anthropic Limits Access to Advanced Mythos Preview AI Model Due to Security Risks

Anthropic has restricted access to its new Mythos Preview AI model, citing its advanced capabilities in identifying and exploiting security flaws. The company is rolling out the preview only to a select group of more than 40 tech and cybersecurity organizations. These partners will use the model to scan and secure their code and open-source systems.

Mythos Preview demonstrates sophisticated reasoning skills comparable to an advanced security researcher. It can identify tens of thousands of vulnerabilities in software, including those in major operating systems and web browsers. 1% of test cases on the first attempt.

In specific tests, Mythos Preview uncovered flaws in the Linux kernel, enabling potential full control of affected machines. It also identified a 27-year-old vulnerability in OpenBSD, an operating system used in firewalls, routers, and high-security servers. These findings include bugs believed to be decades old and undetected by prior human security audits.

Anthropic launched Project Glasswing, involving 12 companies including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks.

These participants will apply Mythos Preview to defensive security efforts, with Anthropic sharing resulting insights. The company is providing up to $100 million in usage credits to testing firms and $4 million to open-source security groups such as OpenSSF, Alpha-Omega, and the Apache Software Foundation.

“— Logan Graham, head of Anthropic's frontier red team, Tuesday (Axios)”

Anthropic has briefed U.S. agencies including the Cybersecurity and Infrastructure Security Agency and the Commerce Department on the model's risks and benefits. A company official noted opportunities for enhancing defensive security measures. The official did not confirm briefings with the Pentagon.

Prior models like Opus 4.6 identified about 500 zero-day vulnerabilities in open-source software. In contrast, Mythos Preview's output is significantly higher. Anthropic decided against general availability after internal testing and limited feedback indicated substantial risks.

models have previously aided malicious activities, including a Chinese spying campaign targeting 30 organizations using Anthropic's technology and cybercriminals automating ransomware. Logan Graham stated that similar capabilities could emerge from other AI firms within six to 18 months. OpenAI and other companies are developing comparable models. >

"More powerful models are going to come from us and from others, and so we do need a plan to respond to this."

“— Dario Amodei, Anthropic CEO, Tuesday (Axios)”

Anthropic aims to eventually enable safe deployment of Mythos-class models for general use. The company plans safeguards for its Opus models to refine controls without the risks posed by Mythos Preview.