Anthropic expands Mythos access despite calling it dangerous

TL;DRAnthropic says Mythos is too dangerous for public release but has expanded access to 200 organisations across 15 countries. Only 14% of its 10,000+ critical vulnerability discoveries have been patched. Its claims have not been independently verified.

Anthropic has said its Mythos model is so good at finding software vulnerabilities that releasing it publicly could help attackers steal data or disrupt critical infrastructure. It has also, as of early June, expanded access to 150 additional organisations, bringing the total to roughly 200 across 15 countries.

The tension is deliberate. Anthropic’s argument is that the same capabilities that make Mythos dangerous for offence make it indispensable for defence, and that the sooner defenders have it, the sooner they can patch the flaws before attackers build their own equivalents.

What Mythos can do

Mythos Preview has found thousands of zero-day vulnerabilities during testing, including in every major operating system and every major web browser. One was a 27-year-old flaw in OpenBSD, an operating system with a reputation as one of the most security-hardened in the world.