AI lab Anthropic has made headlines with its recent announcement regarding the advent of a new model, Mythos Preview, which the company claims could dramatically change the landscape of cybersecurity. According to Anthropic, this model is capable of identifying “high-severity vulnerabilities” in multiple platforms, including major operating systems and web browsers.
The launch comes amid a significant evolution in AI capabilities, whereby models have transitioned from generating misleading information—often referred to as “hallucinations”—to effectively uncovering security flaws in software utilized throughout the internet ecosystem. This progress has raised dual concerns: while the enhancements can bolster the security of software infrastructure, the potential misuse of such capabilities by malicious actors threatens to compromise sensitive information, disrupt critical services, and in some cases, result in financial loss.
Currently, access to Mythos Preview is restricted to approximately 50 select organizations under a collaborative initiative dubbed Project Glasswing, named after a butterfly known for its transparent wings. Anthropic has expressed reservations about releasing this model to the broader public, citing significant risks of misuse, although it plans to offer other related models in the future. The company’s long-term aim is to empower users to safely deploy Mythos-class models at scale.
Experts within the cybersecurity field have underscored that the risks primarily concern professionals rather than average computer users. Daniel Blackford, Vice President of Threat Research at Proofpoint, noted that for most users, everyday behaviors—such as failing to safeguard their passwords—pose a more substantial risk than sophisticated AI tools.
The new model also appears to outmatch older versions in assisting developers tasked with providing fixes for discovered vulnerabilities. Jim Zemlin, CEO of the Linux Foundation, reported that a group of Linux kernel maintainers is actively experimenting with Mythos Preview to enhance their workflow. This advancement could significantly alleviate the burdens already faced by overworked maintainers in the open-source community.
Despite the promise of advancements like Mythos Preview, the rising capabilities of AI models have sparked apprehension among cybersecurity experts regarding their potential for misuse. With hackers increasingly employing AI to discover software flaws, the cybersecurity community has been working overtime to patch vulnerabilities flagged by AI tools.
Daniel Stenberg, a lead software developer of cURL, noted a noticeable shift in the reliability of security reports since the advent of new AI models at the end of 2025. While his team once faced a deluge of erroneous reports filled with irrelevant information, the current wave of reports displays a significant improvement in quality, allowing his team to fix vulnerabilities at a higher frequency than in previous years.
Stenberg is not isolated in experiencing the positive transformations that AI has brought to the world of software security. Maintainers of the Linux kernel have similarly reported improvements in the quality of bug reports. Crediting Anthropic’s earlier models, researchers have successfully identified vulnerabilities that were previously difficult to uncover.
However, the dichotomy between finding and fixing vulnerabilities remains a critical challenge. While AI has proven adept at pinpointing security flaws, many developers argue that human judgment is necessary to evaluate the validity and implications of these findings. The AI’s efficiency in identifying bugs doesn’t equate to an equal prowess in suggesting effective or appropriate fixes.
Concerns loom about the future if open-source models catch up to those developed by leading AI labs like Anthropic. If adversaries succeed in accessing and modifying less-regulated models, the capacity for exploitation could increase significantly, allowing for the generation of exploit code.
As Anthropic navigates its legal and strategic landscape—contending with the Pentagon’s classification of the company as a “supply chain risk”—its endeavors could theoretically strengthen defenses not just for U.S.-based software but also for crucial components of the global internet infrastructure.
