Anthropic put your complete tech world on discover final week with an unprecedented announcement: it made an AI mannequin so superior that it was too harmful to launch to the general public. Anthropic mentioned the brand new frontier language mannequin, Claude Mythos Preview, would “reshape cybersecurity.”
Anthropic additionally introduced the formation of Project Glasswing, an invite-only group of organizations — together with a few of Anthropic’s largest rivals — to check Claude Mythos Preview and safe their infrastructure.
Anthropic mentioned that Claude Mythos Preview “discovered 1000’s of high-severity vulnerabilities, together with some in each main working system and net browser.” (Emphasis in unique.) The corporate mentioned Undertaking Glasswing was essential “to assist safe the world’s most crucial software program.”
By Friday, CNBC reported that Federal Reserve Chairman Jerome Powell and Treasury Secretary Scott Bessent had summoned the excessive clergymen of finance (aka banking CEOs) for an emergency assembly concerning the new mannequin. New York Times author Thomas Friedman fretted over a “terrifying” future during which any teenager armed with Claude may hack the native energy grid.
The response to Claude Mythos Preview shortly cut up alongside predictable traces. AI boosters hailed the brand new mannequin as proof that synthetic common intelligence (AGI) was nigh, praising Anthropic for rolling it out so responsibly.
Critics and AI skeptics referred to as Undertaking Glasswing a giant publicity stunt.
So, which is it?
To seek out out, Mashable has been reviewing Anthropic’s claims and speaking to AI and cybersecurity specialists.
What’s Claude Mythos Preview?
Claude Mythos is a brand new large-language mannequin that Anthropic says performs considerably higher than Claude Opus 4.6, extensively thought-about one of many best AI models in the world, particularly in cybersecurity.
“In our testing, Claude Mythos Preview demonstrated a hanging leap in cyber capabilities relative to prior fashions, together with the power to autonomously uncover and exploit zero-day vulnerabilities in main working techniques and net browsers,” reads the Claude Mythos system card.
Is Claude Mythos an indication of AGI?
Synthetic common intelligence refers to superintelligent AI that may carry out higher than people throughout a variety of duties. It isn’t an exaggeration to say that our whole financial system has been organized round the quest for AGI, as Anthropic, Google, Meta, xAI, and OpenAI pour tons of of billions of {dollars} into a brand new arms race.
If Claude Mythos is as succesful as Anthropic says, would it not be an instance of AGI? The mannequin card addresses this query immediately, and Anthropic does appear to suppose it is near AGI.
In a piece about Claude Mythos security dangers, Antropic writes: “Present dangers stay low. However we see warning indicators that protecting them low could possibly be a significant problem if capabilities proceed advancing quickly (e.g., to the purpose of strongly superhuman AI techniques).” After all, Anthropic has a robust monetary incentive to advertise this perception.
This chart reveals how Mythos compares to earlier Anthropic fashions on the ECI rating, which mixes a number of benchmarks into one.
Credit score: Anthropic
Finally, the mannequin card for Claude Mythos is extra conservative than the response on-line would recommend.
For instance, whereas the Claude Mythos mannequin card does present that this mannequin performs above the development line for earlier Anthropic fashions, Anthropic says it does not present proof of self-improvement or recursive development. (“The good points we are able to establish are confidently attributable to human analysis, not AI help.”)
Causes to suppose Undertaking Glasswing is a publicity stunt
Do not make me faucet my signal: “[When] an AI salesman tells you that AI is an unstoppable world-changing know-how on the order of the agricultural revolution…you need to take this prediction for what it’s: a gross sales pitch.”
I wrote these phrases of warning in response to an essay by Anthropic CEO Dario Amodei that warned concerning the doubtlessly cataclysmic risks of AI. Anthropic additionally has a historical past of issuing dire warnings about its AI fashions.
It’s possible you’ll keep in mind the story of the Anthropic mannequin that attempted to “blackmail” an organization CEO to stop it from being turned off. In actuality, Anthropic designed a test environment the place blackmail was a possible end result. This can be extra akin to digital entrapment than real mannequin misbehavior.
So, is Claude Mythos the most recent instance of the business’s Rooster Little downside?
On X, AI security engineer Heidy Khlaaf listed quite a few open questions that forged doubt on Anthropic’s claims.
This Tweet is currently unavailable. It might be loading or has been removed.
Anthropic mentioned the Claude Mythos preview discovered 1000’s of zero-day vulnerabilities. However Khlaaf says Anthropic neglected key details wanted to evaluate this declare — the speed of false positives, how Claude Mythos compares to present cybersecurity instruments, and precisely how a lot guide human evaluate was required.
Mashable Gentle Velocity
“Releasing a advertising and marketing submit with purposely obscure language that clearly obscures proof wanted to substantiate Anthropic’s claims brings into query if they’re making an attempt to garner additional funding,” Khlaaf instructed Mashable. “It additionally serves their ‘security first’ picture as they’re capable of body the shortage of public launch, even a restricted one for impartial analysis, as a public service when it merely obscures even specialists’ skills to validate their claims.”
We reached out to Anthropic repeatedly about these issues, however the firm didn’t reply. We are going to replace this text in the event that they do. Within the Claude Mythos system card, Anthropic wrote that extra knowledge will likely be launched within the coming weeks because the bugs Mythos discovered are patched and stuck.
Gary Marcus, an AI skilled, creator, and famous critic of the LLM hype machine, initially instructed Mashable that it was too quickly to know whether or not Claude Mythos represented a brand new sort of menace.
However Marcus has grown extra skeptical since we spoke to him, and he just lately wrote on X that Mythos was “nowhere close to as scary” because it first appeared. “People, you possibly can calm down. Mythos is just not some off-trend exponential acquire,” he wrote.
This Tweet is currently unavailable. It might be loading or has been removed.
Cybersecurity specialists instructed Mashable it is also most unlikely Claude Mythos could possibly be used to “flip off the lights” or deliver down important infrastructure.
“Claims about catastrophic makes use of of Mythos additionally considerably misunderstand menace fashions, cybersecurity dangers, and the power to propagate mentioned dangers in a manner that would truly result in safety-critical incidents,” Khlaaf instructed us. “It isn’t so simple as asking a mannequin ‘hack this technique,’ with Anthropic’s personal technical blog post demonstrating a requisite of experience that Anthropic downplays of their advertising and marketing posts.”
Different specialists expressed skepticism, whereas additionally acknowledging that Mythos does symbolize a real danger, which Marcus has additionally mentioned.
“You can argue it didn’t want a public announcement,” mentioned Div Garg, a Stanford AI researcher and founding father of AGI, Inc.
“Nonetheless, finally, the choice to restrict entry to solely those that develop and keep important software program is exactly what you desire a enterprise to do in such a state of affairs…It’s straightforward to criticize the restricted entry, however worse outcomes would come up in the event that they launched it unchecked.”
Tal Kollender, Founder and CEO of cybersecurity agency Remedio, instructed Mashable that instruments like Claude Mythos are harmful as a result of they’ll exploit discovery.
“It is sensible company theater,” Kolender mentioned. “Labeling a mannequin ‘too harmful to launch to the general public’ is actually a advertising and marketing flex as a result of it instantly creates mystique and alerts immense energy to buyers. However beneath the PR stunt, there’s a very actual, very mundane fact…The cybersecurity business does not even have a ‘discovering’ downside. We’re already drowning in instruments that detect vulnerabilities. What Mythos does is automate that discovery course of at an unprecedented scale.”
TL;DR: Every week after revealing Claude Mythos Preview, a few of Anthropic’s largest claims concerning the mannequin look rather a lot sketchier, specialists say. Nonetheless, additionally they acknowledge that Claude Mythos, and different instruments prefer it, pose an actual danger.
Nonetheless, there are many very legitimate causes to be nervous concerning the new frontier mannequin.
Causes to suppose Claude Mythos Preview is a real menace to world cybersecurity
Within the New York Times, creator Thomas Friedman conjures a state of affairs straight out of Warfare Video games, the place a young person hacks the native energy grid after college.
That state of affairs appears much more far-fetched per week later. However here is a more likely state of affairs: A complicated group of hackers makes use of a instrument like Claude Mythos to seek out zero-day vulnerabilities in our digital infrastructure, launching assaults sooner than organizations can reply.
And that state of affairs ought to fear you.
If Claude Mythos is not the instrument that may do it, most specialists agree such a instrument is not far off.
And among the world’s main cybersecurity specialists actually appear frightened.
“I’ve discovered extra bugs within the final couple of weeks [with Claude Mythos] than in the remainder of my whole life mixed,” mentioned Nicholas Carlini, a analysis scientist affiliated with Anthropic and Google DeepMind, in a video on the Project Glasswing website.
“On Linux, we discovered quite a few vulnerabilities the place, as a consumer with no permissions, I can elevate myself to the administrator by simply operating some binary on my machine,” Carlini mentioned.
This week, the AI Security Institute revealed its findings on Claude Mythos’s capabilities, and it offers some impartial verification that it does symbolize a real leap ahead.
The AISI is analysis group throughout the UK authorities’s science and know-how division.
Credit score: AISI
Claude Mythos handed cybersecurity assessments that no different mannequin had ever accomplished, scoring larger than every other frontier mannequin on just about each check.
“Our testing reveals that Mythos Preview can exploit techniques with weak safety posture, and it’s seemingly that extra fashions with these capabilities will likely be developed,” AISI concluded.
This Tweet is currently unavailable. It might be loading or has been removed.
AISI additionally recognized some limitations with Claude Mythos, which might impair its effectiveness in real-world eventualities.
So, was Anthropic’s rollout of Mythos accountable AI stewardship or self-serving advertising and marketing? Specialists I talked to mentioned these choices aren’t mutually unique.
“I would say it is each, and that is not a criticism,” mentioned Xu. “Any main platform rollout on this period goes to look totally different to totally different audiences relying on their fluency and their worry tolerance. What I care about is whether or not the intent is actual, and the proof I’ve seen from Anthropic suggests it largely is.”
As is commonly the case with fear-inducing AI headlines, the truth turned out to be extra difficult.
“Personally, I do not go to mattress worrying a few child with Mythos hacking the ability grid, however that does not imply the priority is fictional,” mentioned Howie Xu, Gen’s Chief AI & Innovation Officer. “We’re at an inflection level the place the artistic and collaborative upside of those instruments is very large, and the safety infrastructure hasn’t caught up. That hole is strictly what retains me busy. Even a fractional chance of a critical incident is an excessive amount of, which is why constructing a belief and safety layer into the agentic period is my excessive focus.”
Lastly, as Anthropic stresses within the Claude Mythos mannequin card, instruments like it will seemingly profit cybersecurity defenders greater than hackers within the long-term. And within the short-term, a extra cautious strategy — just like the strategy being modeled with Undertaking Glasswing — could also be warranted.
TL;DR: Claude Mythos has formidable cybersecurity coding skills, and it does symbolize a real menace. Nonetheless, if hackers have entry to AI instruments like Claude Mythos, so will the organizations defending towards such assaults.
Matters
Synthetic Intelligence
