{"id":20873,"date":"2026-04-09T13:31:15","date_gmt":"2026-04-09T13:31:15","guid":{"rendered":"https:\/\/ideainthebox.com\/index.php\/2026\/04\/09\/anthropic-keeps-new-ai-model-private-after-it-finds-thousands-of-external-vulnerabilities\/"},"modified":"2026-04-09T13:31:15","modified_gmt":"2026-04-09T13:31:15","slug":"anthropic-keeps-new-ai-model-private-after-it-finds-thousands-of-external-vulnerabilities","status":"publish","type":"post","link":"https:\/\/ideainthebox.com\/index.php\/2026\/04\/09\/anthropic-keeps-new-ai-model-private-after-it-finds-thousands-of-external-vulnerabilities\/","title":{"rendered":"Anthropic keeps new AI model private after it finds thousands of external vulnerabilities"},"content":{"rendered":"
\n

Anthropic\u2019s most capable AI model has already found thousands of AI cybersecurity vulnerabilities across every major operating system and web browser. The company\u2019s response was not to release it, but to quietly hand it to the organisations responsible for keeping the internet running.<\/p>\n

That model is Claude Mythos Preview, and the initiative is called\u00a0Project Glasswing<\/a>.<\/p>\n

The launch partners include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks.\u00a0<\/p>\n

Beyond that core group, Anthropic has extended access to over 40 additional organisations that build or maintain critical software infrastructure. Anthropic is committing up to US$100 million in usage credits for Mythos Preview across the effort, along with US$4 million in direct donations to open-source security organisations.\u00a0<\/p>\n

A model that outgrew its own benchmarks<\/h3>\n

Mythos Preview was not specifically trained for cybersecurity work. Anthropic said the capabilities \u201cemerged as a downstream consequence of general improvements in code, reasoning, and autonomy\u201d, and that the same improvements making the model better at patching vulnerabilities also make it better at exploiting them.\u00a0<\/p>\n

That last part matters. Mythos Preview has\u00a0improved<\/a>\u00a0to the extent that it mostly saturates existing security benchmarks, forcing Anthropic to shift its focus to novel real-world tasks\u2013specifically, zero-day vulnerabilities. These flaws were previously unknown to the software\u2019s developers.\u00a0<\/p>\n

Among the findings: a 27-year-old bug in OpenBSD, an operating system known for its strong security posture. In another case, the model fully autonomously identified and exploited a 17-year-old remote code execution vulnerability in FreeBSD\u2013CVE-2026-4747\u2013that allows an unauthenticated user anywhere on the internet to obtain complete control of a server running NFS. No human was involved in the discovery or exploitation after the initial prompt to find the bug.\u00a0<\/p>\n

Nicholas Carlini from Anthropic\u2019s research team described the model\u2019s ability to chain together vulnerabilities: \u201cThis model can create exploits out of three, four, or sometimes five vulnerabilities that in sequence give you some kind of very sophisticated end outcome. I\u2019ve found more bugs in the last couple of weeks than I found in the rest of my life combined.\u201d\u00a0<\/p>\n

Why is it not being released?<\/h3>\n

\u201cWe do not plan to make Claude Mythos Preview generally available due to its cybersecurity capabilities,\u201d Newton Cheng, Frontier Red Team Cyber Lead at Anthropic, said. \u201cGiven the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely. The fallout\u2013for economies, public safety, and national security\u2013could be severe.\u201d\u00a0<\/p>\n

This is not hypothetical. Anthropic had previously disclosed what it described as the first documented case of a cyberattack largely executed by AI\u2013a Chinese state-sponsored group that used AI agents to autonomously infiltrate roughly 30 global targets, with AI handling the majority of tactical operations independently.\u00a0<\/p>\n

The company has also privately briefed senior US government officials on Mythos Preview\u2019s full capabilities. The intelligence community is now\u00a0actively<\/a>\u00a0weighing how the model could reshape both offensive and defensive hacking operations.\u00a0<\/p>\n

The open-source problem<\/h3>\n

One dimension of Project Glasswing that goes beyond the headline coalition: open-source software. Jim Zemlin, CEO of the Linux Foundation, put it plainly: \u201cIn the past, security expertise has been a luxury reserved for organisations with large security teams. Open-source maintainers, whose software underpins much of the world\u2019s critical infrastructure, have historically been left to figure out security on their own.\u201d<\/p>\n

Anthropic has\u00a0donated<\/a>\u00a0US$2.5 million to Alpha-Omega and OpenSSF through the Linux Foundation, and US$1.5 million to the Apache Software Foundation\u2013giving maintainers of critical open-source codebases access to AI cybersecurity vulnerability scanning at a scale that was previously out of reach.<\/p>\n

What comes next<\/h3>\n

Anthropic says its eventual goal is to deploy Mythos-class models at scale, but only when new safeguards are in place. The company plans to launch new safeguards with an upcoming Claude Opus model first, allowing it to refine them with a model that does not pose the same level of risk as Mythos Preview.\u00a0<\/p>\n

The competitive picture is already shifting around it. When OpenAI released GPT-5.3-Codex in February, the company called it the first model it had classified as high-capability for cybersecurity tasks under its Preparedness Framework. Anthropic\u2019s move with Glasswing signals that the frontier labs see controlled deployment\u2013not open release\u2013as the emerging standard for models at this capability level.<\/p>\n

Whether that standard holds as these capabilities spread further is, at this point, an open question that no single initiative can answer.<\/p>\n

See Also: Anthropic\u2019s refusal to arm AI is exactly why the UK wants it<\/a><\/strong><\/p>\n

\"Banner<\/a><\/figure>\n

Want to learn more about AI and big data from industry leaders?<\/strong> Check out AI & Big Data Expo<\/a> taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx<\/a> and is co-located with other leading technology events including the Cyber Security & Cloud Expo<\/a>. Click here<\/a> for more information.<\/p>\n

AI News is powered by TechForge Media<\/a>. Explore other upcoming enterprise technology events and webinars here<\/a>.<\/p>\n<\/p>\n

The post Anthropic keeps new AI model private after it finds thousands of external vulnerabilities<\/a> appeared first on AI News<\/a>.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Anthropic\u2019s most capable AI model has already found thousands of […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":""},"categories":[226],"tags":[],"class_list":["post-20873","post","type-post","status-publish","format-standard","hentry","category-technology"],"acf":[],"_links":{"self":[{"href":"https:\/\/ideainthebox.com\/index.php\/wp-json\/wp\/v2\/posts\/20873","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ideainthebox.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ideainthebox.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ideainthebox.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ideainthebox.com\/index.php\/wp-json\/wp\/v2\/comments?post=20873"}],"version-history":[{"count":0,"href":"https:\/\/ideainthebox.com\/index.php\/wp-json\/wp\/v2\/posts\/20873\/revisions"}],"wp:attachment":[{"href":"https:\/\/ideainthebox.com\/index.php\/wp-json\/wp\/v2\/media?parent=20873"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ideainthebox.com\/index.php\/wp-json\/wp\/v2\/categories?post=20873"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ideainthebox.com\/index.php\/wp-json\/wp\/v2\/tags?post=20873"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}