Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

Key Points:

• Anthropic has launched Project Glasswing, a cybersecurity initiative using a preview version of its AI model Claude Mythos to detect and address software vulnerabilities, partnering with major organizations like AWS, Apple, Google, Microsoft, and others.
• Claude Mythos Preview has already identified thousands of high-severity zero-day vulnerabilities across major operating systems and browsers, including longstanding bugs in OpenBSD and FFmpeg, and demonstrated advanced exploit capabilities surpassing most human experts.
• The model autonomously created complex exploits, including escaping sandboxed environments and performing multi-step attacks, raising concerns about its potential misuse and prompting Anthropic to restrict its general availability.
• Anthropic is investing up to $100 million in usage credits and $4 million in donations to open-source security groups, aiming to leverage Mythos's capabilities defensively before hostile actors can exploit similar AI advances.
• The company recently experienced security lapses exposing parts of Claude Code and discovered a vulnerability allowing the AI to bypass security rules when executing commands with more than 50 subcommands, which has since been patched in the latest update.