The technological arms race may have just entered a new phase. Anthropic, one of OpenAI’s primary rivals, announced the creation of Claude Mythos Preview. This software boasts unprecedented capabilities, outperforming most human experts in hunting down and exploiting software vulnerabilities.
Data released by the company indicates that the AI was able to fully autonomously discover thousands of critical bugs across all leading operating systems and browsers. Its “trophies” include a 27-year-old vulnerability in the supposedly secure OpenBSD system and a bug hidden for 16 years in the popular FFmpeg software. The model was also able to chain together weak points in the Linux kernel to seize total control of a system.
Anthropic’s board determined that releasing such a powerful cyberweapon to the public would carry a massive risk of malicious use. As a result, Mythos will not be made generally available. Instead, the company launched an initiative called Project Glasswing. This exclusive consortium includes US heavyweights like Apple, Microsoft, Amazon (AWS), Google, Nvidia, and Cisco, alongside JPMorgan Chase and the Linux Foundation (totaling roughly 40 organizations).
The operation’s goal is to leverage AI to find and patch vulnerabilities in the global digital infrastructure before hackers get their hands on similar, unsecured tools. Anthropic has allocated $100 million in server compute credits for this purpose, along with $4 million in direct security funding for open-source developers.
Europe gets left behind
This unprecedented coalition brings the US–Europe divide into sharp focus as project Glasswing effectively cuts EU politicians off from information regarding the true state of modern AI.
The European Union currently wields some of the strictest regulations in the world, such as the Digital Services Act (DSA) and the AI Act. Officials are trying to rein in the ambitions of companies deploying AI and force them into a regulatory framework. In practice, however, they are being forced to regulate a technology with parameters that no one will even show them.
Anthropic’s decision to lock out the public (and, by extension, government officials) is controversial. It ensures that in the face of genuine cyber threats, innovation and viable defense solutions are being developed in a closed loop across the Atlantic – completely bypassing the member states of the European Union.