Project Glasswing: Anthropic's Restricted AI Security Model

Anthropic has a new AI model called Claude Mythos Preview. They're not releasing it to the public. Instead, a small group of companies and organizations get to use it for security work. The long list includes Amazon, Apple, Google, Microsoft, Cisco, CrowdStrike, and the Linux Foundation.

Here's what makes this model different. In tests on Firefox's JavaScript engine, it turned 72% of the bugs it found into working exploits. Anthropic's previous best public model only managed a couple of successes out of hundreds of attempts. This one got 181. It also chained together multiple Linux kernel bugs to go from a regular user account to full system control. And it wrote a browser exploit that used four separate vulnerabilities to break out of security sandboxes.

So Anthropic is keeping it restricted. They're putting $100 million in credits into the project and donating $4 million to open-source security groups. The idea is to let defenders patch things before attackers get similar capabilities. The company expects other AI labs to have comparable models within the next year or so. This is their attempt to get ahead of that timeline.