In April, Anthropic introduced Claude Mythos, a highly advanced AI system that the company chose not to make publicly available because of its capabilities. Rather than opening access to everyone, Anthropic provided the model to a limited number of organisations, including Amazon and Google, through a programme called Project Glasswing.
The company has now shared new details about the project, revealing that Claude Mythos identified more than 10,000 major cybersecurity vulnerabilities in some of the world’s most widely used and critical software systems.
Claude Mythos helped companies detect far more software vulnerabilities:
According to Anthropic, companies participating in Project Glasswing have reported major improvements in their ability to detect software vulnerabilities using Claude Mythos. Many partners reportedly discovered hundreds of serious security flaws in their own systems, with some saying the speed and volume of bug detection increased more than tenfold.
Cloudflare said the model helped uncover around 2,000 issues across critical internal systems, including nearly 400 vulnerabilities classified as high or critical risk. Anthropic added that Cloudflare’s security team found Mythos Preview to be more accurate than human testers in some cases, particularly when identifying real bugs without incorrectly flagging safe code.
Mozilla also reported strong results while testing the model with Firefox 150. The company is said to have identified and fixed 271 vulnerabilities during testing, a significant increase compared to what it previously found while working with earlier Claude models.
Independent cybersecurity platform XBOW described Mythos Preview as a major improvement over existing AI systems in web exploit testing. The company praised the model’s precision but also noted that real-world security testing and live exploitation still require human oversight and expertise.
The UK AI Security Institute reportedly said Claude Mythos became the first AI model capable of completing both of its full cyberattack simulation environments from start to finish. These simulations are designed to mimic complex, multi-stage cyberattacks.
Anthropic is not releasing Claude Mythos publicly yet:
Despite the growing interest around the model, Anthropic maintains that it has no plans to release Mythos-level systems publicly for now. The company said the safeguards needed to fully prevent misuse of such advanced AI technology are still not strong enough, even within the industry itself.