Anthropic’s Claude Mythos Flags 10,000+ Bugs in a Month, Wider Access Planned

Artificial intelligence is rapidly transforming cybersecurity, and Anthropic is at the forefront with its powerful new model, Claude Mythos. Though not publicly available, the system has already demonstrated remarkable capabilities by identifying thousands of critical vulnerabilities across major software systems.

Claude Mythos: A Powerful Yet Restricted AI Model

In April, Anthropic introduced Claude Mythos, an advanced AI model considered too powerful for general release. Instead of making it widely accessible, the company opted for a controlled rollout under an initiative known as Project Glasswing.

Through this programme, access was granted to a limited number of organisations, including major technology players like Amazon and Google. The goal was to test the model’s capabilities in real-world scenarios while minimising the risks associated with unrestricted use.

Concerns about misuse have also attracted attention from governments worldwide, including India, where authorities have reportedly sought equitable access to such advanced AI systems.

Over 10,000 Critical Vulnerabilities Identified

Anthropic revealed that Claude Mythos has identified more than 10,000 significant cybersecurity flaws within just one month. These vulnerabilities were discovered across some of the most critical and widely used software systems globally.

This level of performance marks a major leap in automated cybersecurity, showcasing how AI can significantly enhance the speed and efficiency of vulnerability detection compared to traditional methods.

Tech Companies Report Dramatic Improvement in Bug Detection

Several organisations participating in Project Glasswing have reported substantial improvements in their bug detection processes.

Cloudflare, a leading internet hosting and security platform, disclosed that it identified around 2,000 bugs within its critical systems using Mythos. Of these, approximately 400 were classified as high or critical severity.

Notably, Cloudflare’s team found that Mythos had a lower false positive rate compared to human testers. This means the AI was more accurate in distinguishing real vulnerabilities from harmless code, reducing unnecessary effort in verification.

Mozilla Sees Breakthrough Results in Firefox Testing

The impact of Claude Mythos was also evident at Mozilla, where the model was used to test the Firefox browser.

During testing, Mozilla identified and fixed 271 vulnerabilities in Firefox 150. This represents a more than tenfold increase compared to earlier testing with previous AI models, highlighting the significant advancement Mythos brings to cybersecurity workflows.

Advanced Capabilities in Simulated Cyberattacks

The UK AI Security Institute reported that Claude Mythos became the first AI model capable of successfully completing its cyber range simulations from start to finish. These simulations replicate complex, multi-stage cyberattacks, requiring advanced reasoning and execution capabilities.

This achievement underscores Mythos’ ability not only to detect vulnerabilities but also to understand how they can be exploited in real-world scenarios.

Independent Evaluations Highlight Precision and Limitations

XBOW, an independent cybersecurity platform, described Mythos as a major improvement over existing AI models. It praised the system’s exceptional precision in identifying vulnerabilities.

However, XBOW also noted that while Mythos performs exceptionally well in controlled environments, it is not infallible. Real-world exploitation and validation still require human oversight, emphasising that AI remains a tool rather than a complete replacement for cybersecurity professionals.

Plans to Expand Access Through Government Collaboration

Anthropic has announced plans to expand access to Claude Mythos by collaborating with the United States and allied governments. While specific countries have not been disclosed, the move indicates a broader effort to deploy the technology in a controlled and strategic manner.

Despite this expansion, the company maintains that Mythos will not be publicly released anytime soon. According to Anthropic, existing safeguards are not yet sufficient to prevent potential misuse of such a powerful system.

However, the company has hinted that public availability could be reconsidered if similar capabilities become widespread across the AI industry.

Faster Bug Fixing Across the Tech Industry

The introduction of Mythos has also accelerated the pace of vulnerability patching across major technology firms.

Companies like Microsoft and Oracle have reported an increase in the number of patches being released. In some cases, patch volumes have grown significantly, reflecting the higher rate of vulnerability detection enabled by AI.

Similarly, cybersecurity firm Palo Alto Networks reported releasing more than five times its usual number of patches in its latest update cycle.

Impact on Open-Source Software Ecosystems

Anthropic has also deployed Claude Mythos to scan over 1,000 open-source software projects. These projects form the backbone of much of the internet and are critical to both public and private digital infrastructure.

By identifying vulnerabilities in open-source systems, Mythos contributes to improving the overall security of the digital ecosystem, benefiting a wide range of users and organisations.

Fundraising and Market Valuation Context

The announcement comes at a time when Anthropic is reportedly preparing for another round of fundraising. According to reports, the company could raise up to $30 billion, potentially valuing it at $900 billion.

For comparison, Anthropic’s previous funding round valued the company at $350 billion, while OpenAI is currently valued at approximately $852 billion. These figures highlight the intense competition and rapid growth within the AI sector.

Conclusion

Claude Mythos represents a significant advancement in AI-driven cybersecurity. Its ability to detect thousands of vulnerabilities, improve accuracy and accelerate patching processes demonstrates the transformative potential of AI in safeguarding digital systems.

However, its restricted release also highlights the challenges associated with managing powerful technologies responsibly. As AI continues to evolve, balancing innovation with security and ethical considerations will remain a critical priority for both companies and governments.