There is an irony behind this situation. The artificial intelligence (AI) model that Anthropic was working on was ‘leaked’ a few days ago. Codenamed Mythos, and with capabilities claimed to be “far beyond any model we’ve trained before, this model was discovered after an ‘error’ in an AI company’s content management system led to details of the model being found in publicly accessible data. Now, Anthropic says Cloud Mythos is so powerful, they won’t make this model generally available. Instead, it’s thanks to something called Project Glasswing to secure every other software. Provides basis.
Where have you heard this before? In 2019, Dario Amodei, now CEO and co-founder of Anthropic, was still at OpenAI as Vice President of Research. In February 2019, OpenAI said that its text-generation GPT-2 algorithm was too dangerous for public release. Has the marketing playbook evolved with the times? Now, this model is the basis of an industry consortium called Project Glasswing with the intention of deploying it for cybersecurity
“Instead, we are using it as part of a defensive cybersecurity program with a limited number of partners,” the company explained in the Cloud Mythos Preview system card released this week. Partners include Apple, Google, Microsoft, Amazon Web Services, Nvidia, and Cisco. Anthropic emphasizes that the model’s “spectacular jump in scores on multiple evaluation benchmarks” is the reason for the advantage over Cloud Opus 4.6 in the agentive coding, reasoning, and computer usage benchmarks.
The GPT-2 similarity seems hard to ignore. At the time, the rhetoric was more about AI responsibility and restraint. Eventually, GPT-2 was released (small model in February 2019, medium model in May, and large model in August and November), lending more importance to the ‘too dangerous to share’ pitch for AI marketing folklore than a pure security debate. Project Glasswing revives those memories, as a model that is claimed to be exceptionally capable and therefore very risky, with the need for controlled use.
“As part of Project Glasswing, the launch partners listed above will use Mythos Preview as part of their defensive security work; Anthropic will share what we learn so the entire industry can benefit. We’ve also expanded access to a group of more than 40 additional organizations that build or maintain critical software infrastructure so they can use the model to scan and secure both first-party and open-source systems,” the company said in a statement.
Anthropic says they will pledge up to $100 million of usage credits for Mythos Previews in these efforts – after that, the cloud will be available to Mythos Preview participants at $25/$125 per million input/output tokens. It’s important to note the business structure being built here, the cloud mythos is still a product in Anthropic’s scheme of things – scarcity, capabilities, and therefore premium pricing strategies will be at work.
They are confident in their claims, saying that the model found a 27-year-old vulnerability in the OpenBSD operating system and a 16-year-old vulnerability in the FFMPEG software used to encode and decode video. They also say that thousands of high-severity vulnerabilities have already been found in Mythos Preview – including some in every major operating system and web browser.
The partners emphasize that this will be a part of their overall cybersecurity efforts.
“We will take a rigorous, independent approach to determine how to proceed and where we can help,” says Pat Opett, JPMorganChase’s chief information security officer. Heather Adkins, vice president of security engineering at Google, says they will make Mythos Preview available through the Vertex AI platform and “will continue to invest in our leading cybersecurity platform and culture focused on protecting users.”
Amy Herzog, vice president of CSIO at Amazon Web Services, notes that her teams analyze more than 400 trillion network flows every day for threats, and AI is key to identifying and defending at scale. They have implemented Cloud Mythos Preview for these security functions, and this has helped strengthen the code in important respects.
Unwritten warnings must be heeded. None of Project Glasswing’s partners are completely handing over their cybersecurity tools or architecture to the new model. This will be an additional layer, not the whole. This provides needed perspective. The claimed scores and capabilities of Cloud Mythos are impressive, but it is unlikely that an AI model will fundamentally restructure the approach to cybersecurity across industries.
Anthropic’s position with the cloud mythos for Project Glasswing is two-fold – secondly, for cybersecurity applications that involve finding vulnerabilities in software, and secondly, for zero-day vulnerabilities that were not previously discovered or did not exist.
Also read: OpenAI, Anthropic, Google join forces to combat AI model copying in China
The AI company’s Frontier Red Team, a specialized technical group that tests AI models for capabilities and any potentially harmful indicators in autonomous or specific behavior, notes that while the Opus 4.6 model had a mostly 0% success rate in autonomous exploit development, the Mythos Preview performs significantly better.
“For example, Opus 4.6 turned vulnerabilities found in Mozilla’s Firefox 147 JavaScript engine – all patched in Firefox 148 – into JavaScript shell exploits only twice out of several hundred attempts. We re-ran this experiment as a benchmark for Mythos Preview, which developed a working exploit 181 times, and gained register control on 29 more,” they say about cybersecurity capabilities. Let me tell you.
Anthropic wants the industry to believe that the cloud mythos is better than anything before it, and so be it. Additionally, selective deployment through a consortium provides credibility to the projection of responsibility. But more than anything else, in its entirety, this appears to be an exceptionally effective narrative starting with the alleged leak.