Cover story

Suren Naidoo, TFG

On April 7, Anthropic announced its new general-purpose language model Claude Mythos Preview, putting the wind up governments and the world’s largest technology firms. The model is designed to autonomously find and exploit vulnerabilities in operatings systems and software. Three months later, the shock waves are still radiating through the cyber and analogue worlds. The company “shared” the model with 11 other companies under an effort it called Project Glasswing, so they could get a running start to “secure the world’s most critical software”. The model was also made available to Britain, the only state outside the US, and the country’s AI Security Institute said it did, indeed, seem to represent an improvement over previous frontier reasoning models. Japan’s three largest banks are also set to gain access to the model, and Capitec is said to have asked for early access. Meanwhile, both India and Japan have ordered cyber reviews, specifically citing Mythos. OpenAI’s horse in the race is GPT-5.5-Cyber and its initiative is called Daybreak.

Palo Alto Networks was one of the companies granted early access to Mythos, and in mid-May said it had used it and other models to scan its codebase. It issued 26 new advisories, while it usually finds vulnerabilities in the single figures. Mozilla, meanwhile, published 423 bug fixes for Firefox in April, while it found 31 a year earlier. Nevertheless, some security researchers are sceptical, with one saying Anthropic’s claims appear to be “all marketing and no real results”.