Anthropic’s new AI found thousands of zero-day flaws on its own

On Tuesday, Anthropic unveiled its latest AI model called Claude Mythos. This “general-purpose, unreleased frontier model” is so impressively powerful that Anthropic is wary of releasing it to the public at large.

Claude Mythos Preview “surpasses all but the most skilled humans at finding and exploiting software vulnerabilities” and it has the receipts to back that up. In just the past few weeks, it was able to spot thousands of previously undiscovered zero-day vulnerabilities, including:

• A 27-year-old vulnerability in OpenBSD (one of the most secure operating systems in the world that’s used for critical infrastructure) that allowed attackers to remotely crash any OpenBSD machine just by connecting to it.
• A 16-year-old vulnerability in FFmpeg, an open-source framework used by thousands of apps to encode and decode video.
• Several vulnerabilities in the Linux kernel that allowed attackers to escalate access and completely control a machine.

Claude Mythos Preview caught all these security flaws autonomously, proving how invaluable it could be for the future of cybersecurity. The idea here is that Anthropic wants Claude Mythos to be used for good rather than evil, to defensively fight all the additional security threats that have risen (and continue to rise) with ubiquitous generative AI.

We do not plan to make Claude Mythos Preview generally available, but our eventual goal is to enable our users to safely deploy Mythos-class models at scale. […] To do so, we need to make progress in developing cybersecurity (and other) safeguards that detect and block the model’s most dangerous outputs.

Claude Mythos is part of the new Project Glasswing, a major security initiative involving 11 of Anthropic’s partners: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks.

Further reading: Claude tips to help you avoid hitting usage limits