Claude Mythos and Project Glasswing: The Rise of the New Cybersecurity Gatekeepers

No other technological shift has raised as many concerns as the current AI revolution. These reactions, some of which border on panic, have not occurred all at once. They emerge gradually as the technology ecosystem gains new capabilities. The latest in this series of “panic attacks” is Anthropic’s Claude Mythos Preview, an AI system capable of detecting software vulnerabilities with precision. Certainly, this ability has the potential to make everything from healthcare infrastructure to financial systems significantly safer. However, Mythos can also use the bugs it discovers to create complex exploits to attack systems. In other words, it acts as both a shield and a sword.

This dark side of the Mythos is so unsettling that Anthropic has chosen not to make it available to the public. Instead, it has launched an initiative known as Project Glasswing. It is a broad coalition of technology firms and other stakeholders to ensure that Mythos is deployed to strengthen cyber defence, rather than enable misuse.

Machine as a Hacker

Claude Mythos is not a typical cybersecurity tool. It is a general-purpose AI that excels at understanding code deeply and applying this learning across contexts. If Anthropic’s claims are to be believed, this system produces an unexpected result: the ability to think like a hacker. Not just a hacker, but one with superhuman abilities.

To most people, hacking is an esoteric craft practiced by shady figures with malicious intent. This picture is mostly correct. But hacking almost always starts with a simple idea that mistakes exist in human-made systems, even if they are difficult to identify. Software engineering uses three terms—bug, vulnerability, and exploit—to talk about this situation that makes hacking possible. A bug is a mistake that happens by accident and may not be harmful on its own. When it turns out that the flaw makes it easier to break security, it becomes a vulnerability. An exploit is a way to take advantage of a vulnerability for malicious purposes. The Heartbleed bug in the OpenSSL library, discovered in 2014, is a well-known example of a mistake turned into a potential exploit. It was a simple coding error that, once discovered, turned into a major vulnerability. It let hackers read sensitive information from servers, like passwords and encryption keys. This caused a global security emergency.

Anthropic claims that Mythos is capable of performing precisely such tasks with incredible efficiency.

The company has not provided complete details about the internal testing it conducted. According to the information made public, Mythos discovered thousands of high-severity bugs that had never been seen before in widely used systems such as operating systems, browsers, and critical infrastructure software. Some of these flaws had been hidden for years—if not decades—in complex codebases. What distinguishes Mythos from earlier tools is not just its ability to find bugs but to understand them in context. It can follow how different parts of a system work together, find small weaknesses, and then make realistic plans to exploit them.

In one striking case, the model found a memory corruption flaw that was deeply buried in a code used in many systems. It took a very specific and unlikely set of steps to cause the bug. It would have taken days or weeks for experts to figure this out. Mythos not only found the flaw quickly but also showed how it could be exploited reliably. In another case, the system found a logic error in the authentication layer of a major web application framework. The flaw let attackers get higher privileges and get unauthorized access in rare but possible situations.

Perhaps its ability to combine small weaknesses into a larger chain of attacks is probably the most impressive—and unsettling—thing about it. In one test, the model connected a low-severity input validation problem with a configuration mistake, creating a high-impact exploit that could take down an entire system.

Threat or theatrics?

This kind of reasoning blurs the boundary between passive tool and active agent. But Anthropic maintains that the model acting harmfully on its own is highly unlikely. The greater risk, it suggests, lies with human users who might deliberately direct the system to do harm.

Many people in industry and government agree with Anthropic’s risk assessment of Mythos’ capabilities. Anthony Grieco, Cisco’s senior vice president and chief security and trust officer, said that AI capabilities have crossed a line, changing the level of urgency needed to protect important infrastructure. US Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell called an emergency meeting with the CEOs of major American banks because they were worried about Mythos. Officials said that the system could make cybersecurity threats a lot worse because it can find and exploit software flaws on widely used systems on its own, possibly at a speed and scale that is much faster than what human hackers can do. They want financial institutions to take note of these new risks and start building up their defences against a new type of AI-driven cyberattack.

There are also sceptics. Several experts have dismissed the concern about Mythos as exaggerated. Yann LeCun, Meta’s Chief AI Scientist, labelled the hysteria as “BS from self-delusion,” suggesting that the panic is largely a product of corporate theatrics. Cognitive scientist Gary Marcus, who is one of the most outspoken critics of AI hype, stated that Mythos is not as scary as people made it out to be.

But most of the experts agree that Mythos Preview marks a notable leap in AI-driven cybersecurity capabilities compared to predecessors, and it can be misused. For example, an evaluation by the UK’s AI Security Institute (AISI) found that Mythos could autonomously exploit vulnerabilities in small, poorly defended enterprise networks within controlled environments. However, AISI notes these “cyber ranges” lack the active monitoring and defensive tooling found in the real world, leaving Mythos’s efficacy against hardened targets unproven. The report concludes that as models like Anthropic’s advance, testing must evolve to include real-time defensive responses to accurately measure emerging risks.

It is not the first time the creators of an AI model characterized their creation as too dangerous to release. In 2019 OpenAI decided to release only a smaller version of GPT-2. Interestingly, it was quite rudimentary when compared to sophisticated AI models we have now, including its own newer iterations. This also holds a lesson for the sceptics. Even if Anthropic’s claims appear exaggerated now, it is only a matter of time before they become reality. Given the exponential growth of AI capabilities today, it could happen soon.

Project Glasswing

The consequences of these capabilities are significant. For a long time, cybersecurity has relied on a rough balance: skilled attackers could find weaknesses, but it took time and  knowledge to do so. Mythos could upset that balance. Anthropic says that AI systems like Mythos could cut the time it takes to find a vulnerability and use it from months to minutes. This means that the time organisations get to fix serious bugs could get much shorter or even go away completely.

The problem is particularly acute in sectors that rely on legacy systems, such as banking, healthcare, and public infrastructure. These environments often combine decades-old software with modern components, making rapid updates difficult and risky. In such cases, the lag between bug discovery and remediation could become a critical vulnerability in itself.

Faced with these risks, Anthropic has chosen to fight fire with fire. Instead of releasing Mythos publicly, it has launched Project Glasswing, a controlled-access initiative with a few stakeholders. It includes major technology companies like Microsoft, Amazon, Google, Apple, Cisco, and NVIDIA, as well as financial institutions like JPMorgan Chase and open-source organizations like the Linux Foundation. These selected partners are given restricted access to the model, allowing them to scan their systems, identify weaknesses, and deploy patches before those vulnerabilities can be exploited.

The project is also described as a race against time. The capabilities demonstrated by Mythos are unlikely to remain unique for long. Other organizations, including state actors, are expected to develop similar systems in the near future. The goal of Glasswing, therefore, is not just to fix current vulnerabilities but to prepare the broader ecosystem for an AI-driven security landscape.

Concerns

To pull off a complex cyberattack, three things are needed: top-notch talent, a lot of money, and time. Mythos could help people get past these problems. If it were widely available, it could let people or small groups do things that only big businesses and governments could do. This would put everyone, including the people with criminal intent, on equal footing.

In this context, Anthropic’s decision to restrict access to Claude Mythos appears logical. However, by limiting this powerful defensive tool to a small group of organizations in the Global North, the company may be establishing a two-tier system in which the wealthy are protected while smaller organizations and entire regions are left vulnerable.

And it is very dangerous to frame the AI debate only around “hacker misuse.” It can subtly legitimize the consolidation of AI power in the hands of a few dominant players—large technology firms and powerful states. History provides a cautionary analogy. The same countries that first made and used weapons of mass destruction eventually put themselves in charge of controlling them. Other countries were seen as threats for trying to do the same. A similar pattern could happen with advanced AI. The governance of AI is as much about power as it is about safety. Efforts to mitigate risk must not be used to justify technological monopolies or geopolitical inequalities.

Mythos also raises questions about its impact on jobs. Cybersecurity is a thriving field. But systems like Mythos could automate routine tasks such as detecting threats and responding to incidents and reduce job opportunities. Also, if only a few companies can get their hands on such powerful defensive tools, the industry could become more concentrated. This would change where the best opportunities are.

And, as technology advances, concerns are expanding beyond job loss and control to become more existential. There is a growing unease that human distinctiveness is being absorbed into systems we neither fully understand nor meaningfully govern. This anxiety is not without basis. Unlike earlier forms of automation, AI is the automation that strives to automate human intelligence itself. When it is objectified into machines, the consequences will be difficult to predict. Aside from its own specific concerns, Mythos contributes to these broader concerns about AI’s general trajectory as well.