A new Anthropic model found security problems ‘in every major operating system and web browser’

Details

Anthropic has launched Project Glasswing, a restricted cybersecurity initiative deploying Claude Mythos Preview to more than 40 partner organizations including Amazon, Apple, Microsoft, Nvidia, Google, JPMorgan Chase, Broadcom, Cisco, CrowdStrike, the Linux Foundation, and Palo Alto Networks. The model is explicitly not being made publicly available — Anthropic's stated reason is the security risk of giving adversaries access to a system that can find and exploit vulnerabilities at scale. The capabilities on display are striking: in recent weeks, Mythos Preview identified thousands of high-severity vulnerabilities including some in every major operating system and web browser, many of them one to two decades old. Crucially, it did this entirely autonomously, with no human steering — Anthropic's own blog post highlights the absence of human-in-the-loop as a feature, not a concern. Claude Mythos was first leaked last month as 'Capybara,' described in internal documents as 'by far the most powerful AI model we've ever developed' — larger and more intelligent than the Opus tier. It was not specifically trained for cybersecurity; its performance stems from general-purpose agentic coding and reasoning capabilities, which has significant implications for the baseline danger of frontier models. Anthropic has engaged U.S. federal officials about deploying Mythos, though those discussions are complicated by an ongoing legal dispute with the Trump administration after the Pentagon designated Anthropic a supply-chain risk. Partners will share findings to benefit the broader industry.