Following last week's unveiling that sparked global alarms, Anthropic has restricted its powerful Mythos AI—adept at finding cybersecurity vulnerabilities—to select firms under Project Glasswing, including Amazon Web Services, Apple, and Google, after an accidental leak raised national security concerns.
Mythos, which emerged publicly last month through unsecured website content and private forum access, can identify thousands of high- and critical-severity flaws in software and operating systems. Anthropic cited risks to economies, public safety, and national security, opting for controlled access rather than full release. Under Project Glasswing, companies like Amazon Web Services, Apple, Google, JPMorgan Chase, Microsoft, and NVIDIA are testing it to detect bugs in their systems. Security experts are divided: Davi Ottenheimer called it a legitimate tool framed as a threat; Kevin Curran of Ulster University questioned AI outpacing human hackers; Bobby Holley of Firefox noted it found 271 vulnerabilities in the browser, all detectable by elite humans. The AI Security Institute deemed it effective only against small, weakly defended systems, though advancing rapidly. Alan Woodward of the University of Surrey praised its speed for attackers but noted defenses remain viable. Experts like Holley and Curran see proactive potential for software makers as such tools proliferate.
