We already have a plan. AI would surpass most human abilities one day. In the field of cybersecurity, that day came much earlier, with the recent announcement of the Mythos preview by Claude. The new AI model promises a level of coding skills deemed ‘superhuman in detecting and exploiting software vulnerabilities.’ And this power will now be used in a new, ’emergency’ plan to protect the Internet. All under the name of ‘Project Glasswing.’
Here’s all about Anthropic’s latest effort and why it matters to almost the entire world.
What is Project Glasswing?
The name is not just a mistake. It is inspired by the glasswing butterfly (Greta oto), and represents the two aspects of the step. The butterfly is known for its transparent wings that allow it to hide from being seen. This is exactly how software vulnerabilities often exist. According to another theory, these transparent wings allow the butterfly to avoid injury. Anthropic encourages the same transparency in its approach.
As soon as you go digital, there are dozens of services running in the background to make things work as they do today. Most of these systems are controlled by a select few technology majors in the world. Think Microsoft, Google, Amazon, Apple, Broadcom, and the like. Anthropic is now working with these companies to help protect their critical software networks that directly or indirectly power the cyber world as we know it.
This time, Anthropic released their new Mythos preview. And what’s more, the advanced AI model has already detected ‘thousands of high risks’. Alarmingly, these issues were found in ‘every major application and web browser.’
That’s what Anthropic shared on its blog post announcing the Project Glasswing campaign. That aside, the post sheds a lot of light on the power of the Mythos Preview. Which brings us to our next topic of focus:
What is a Mythos preview?
In a basic sense, the Mythos preview is just another LLM or large language model from the Anthropic house, like Claude Opus or Sonnet. It is considered to excel in software engineering, reasoning, computing, information work, and research assistance
So why does it go viral? If the regular AI we use sounds like Jarvis, Mythos Preview is the Ultron of our age.
And the reasons are clear. First, it is very powerful – there are many people involved in cybersecurity, as shown in the statement I quoted from Anthropic in the introduction to this article. At its launch, Anthropic says the Mythos Preview has capabilities that “exceed those of any model we’ve trained before.”
Here are some examples of Mythos Preview dimensions in testing:
Mythos Preview: The Cybersecurity Revolution
From what Anthropic has shared so far, Mythos Preview does not appear to be a cybersecurity revolution. Here’s an example – Claude’s Opus 4.6 found a vulnerability in the Mozilla Firefox 147 JavaScript engine. When tasked with exploiting them, it could do it ‘only twice out of several hundred attempts.’
In comparison, Mythos Preview improved performance 181 times, and gained registry control 29 times. Note, Claude Opus 4.6 has been called the most powerful AI coding model to date.
Anthropic even claims that its non-security developers were able to get full functionality using Mythos Preview. And AI does all this overnight, without human supervision.
So far, Mythos Preview has been able to find and exploit zero-day vulnerabilities in ‘all major applications and all web browsers’. Moreover, this weakness is often subtle and as old as 27 years.
But most powers always have a flip side.
Preview of Mythos: The Dark Side
Now, here’s the second reason for its Ultron moniker – The Mythos preview doesn’t come without a dark side. In a typical situation like Ultron, it was able to bypass its sandbox location in the research and do the job (send the mail to the researcher).
Anthropic shared many examples like the Mythos Preview going wrong. In internal tests, the model used restricted methods to reach conclusions about certain problems, and even tried to hide its process by trying problems in other ways, after getting the right answers. Mythos Preview has also leaked confidential details of its operations to public facing websites at times.
These are the exact reasons why Anthropic decided against the public release of the model. It’s simply too powerful for a casual, non-technical audience. And the danger that comes with it is gargantuan.
How Anthropic ensures
By seeing the dark side, the benefits are enormous. Once you get over the fear of such actions, you see what is clearly taking place – Mythos Preview is a truly powerful AI model that surpasses everything we know today.
Anthropic says:
‘We believe that the positive potential of the model, especially in cybersecurity, is sufficient to justify the apparently manageable risk of its potential behavior.’
And it proves this with the example of a hiking guide. The more experienced the guide, the stronger the routes they will travel. That is, both – more security but more dangerous for customers.
If it can go beyond its scope during testing and exploit vulnerabilities in known services to find better ways of doing things, so can other software networks. Revealing such vulnerabilities can help fix them and make such networks more secure than ever.
And that’s the exact plan, with Project Glasswing.
Project Glasswing: Who’s Inside
A total of 12 major tech companies appear to be in the mix for Project Glasswing. Here are their names:
- Amazon Web Services
- Anthropic
- an apple
- Broadcom
- Cisco
- CrowdStrike
- JPMorgan Chase
- The Linux Foundation
- Microsoft
- NVIDIA
- Palo Alto
It is interesting to note that some of these have their own AI models that oppose most of the Anthropic contributions of the global community, including Microsoft and Google. However, this organization seems to be very promising in a very important task – the cybersecurity of the world’s most important software networks.
In this case, Anthropic is making ‘up to $100 million in usage credits’ for Mythos previews. It will also provide $4 million in direct donations to open source security organizations. The company is also in talks with US government officials about the Claude Mythos Preview and its cyber capabilities, both offensive and defensive.
Anthropic says that collectively, the systems at the 12 participating companies “represent the largest portion of the global shared cyberattack.” And that’s exactly where Mythos Preview comes in handy to power a new project.
Mythos Preview: A demo of what’s to come
In its internal testing so far, the Mythos Preview has proven to be Excalibur against cyberattacks, all because of its 2 strengths. It is able to identify vulnerabilities that have remained hidden for decades from top security engineers. It is also capable of exploiting these vulnerabilities in previously unimaginable ways. Check out the performance of the Mythos preview in the benchmark scores:
In addition, Anthropic also shared 3 examples that show how the Mythos Preview has proven its worth so far:
1. The 27-year-old vulnerability in OpenBSD
Known for its extreme security measures, OpenBSD is a free, open source, Unix-like operating system based on 4.4BSD. It is considered the world’s most secure platform for firewalls, routers, and web servers.
Now, on a more secure platform, the vulnerability they were able to see for Mythos was very important. It allowed a remote attacker to crash any machine running the operating system by simply connecting to it. After Mythos Preview discovered the vulnerability, Anthropic notified maintainers, and it has now been fixed.
2. A 16-year-old vulnerability in FFmpeg
FFmpeg is a multimedia framework designed to record, transcode, stream, and play audio and video files. It is the leading, free, open-source platform used by many modern services such as YouTube, TikTok, and Instagram, with hundreds of millions, if not billions, of users through direct and indirect use.
Mythos Preview was able to identify the vulnerability in a single line of code within the platform. Note that prior to the Mythos preview, automated testing tools had run through this issue ‘five million times’ without flagging a problem.
3. Four Chained Vulnerabilities in the Linux Kernel
Mythos Preview, by default, detected and merged up to four vulnerabilities in the Linux Kernel.
The platform is known to power most of the world’s servers. The vulnerabilities identified by the AI model allowed an attacker to gain complete control of the machine from normal user access.
Apart from these highlighted tasks, Anthropic says the Mythos Preview identified vulnerabilities in ‘all major applications and all major web browsers’, as well as other critical pieces of software. As seen in the cases above, some of these vulnerabilities remained hidden even after decades of human review and millions of automated security checks.
The conclusion
About a month ago, Microsoft came out with a report saying that hackers are using AI in all stages of cyberattacks. The report was a warning that the cyber security world has shifted to a new way of working. Whether we like it or not, AI is now an integral part of cyber security, both for defenders and those with malicious intent. And there is no turning back.
This inconsistency creates an alarming urgency in the use of AI for good. Also, it also means that the AI capabilities used in cyber security always need to be one step ahead of those used in cyber attacks. Only then can any security measures be maximized enough to prevent any damage to the world’s rotating software infrastructure.
The preview of the Anthropic Mythos is one such step in this direction. And don’t you dare say, it seems like a big leap at the moment. The best part is, Anthropic has kept it limited to a select few for now, so it can’t be abused, at least not yet. But Anthropic will need to be just as careful, as it embeds some of its capabilities into its upcoming AI models that will be released to the public. In the meantime, we can rest easy knowing that the smartest AI model out there is helping us stay safe online.
Sign in to continue reading and enjoy content curated by experts.
