Anthropic has announced its plan to release Mythos-class AI models to the general public once it develops adequate safeguards. Currently, these models are available only to select partners. The announcement was made as part of an initial update on Project Glasswing, Anthropic's program that provides restricted access to Mythos.
The company acknowledged that no organization, including Anthropic, has yet developed safeguards strong enough to prevent misuse or potential harm from such models. It did not specify what timeframe constitutes the near future for the public release.
Additionally, Anthropic intends to expand Project Glasswing to include more partners, such as US and allied governments, before making the models widely available.
What Anthropic’s Mythos Model Is and What It Has Found So Far
Mythos is an AI model created by Anthropic, known for its ability to identify security vulnerabilities in software code. It was first introduced in early April. Instead of a public release, Anthropic limited access to select organizations through Project Glasswing, citing concerns that cybercriminals could use unrestricted access to quickly find and exploit flaws before they could be fixed.
Participants in Project Glasswing have reported that Mythos is effective at spotting many vulnerabilities, although the volume at times exceeds their capacity to patch them all in a timely manner.
Anthropic reports that Mythos has scanned over 1,000 open-source projects that support much of the internet and Anthropic's own infrastructure. The findings so far include a total of 23,019 flaws identified, with 6,202 estimated to be high or critical severity vulnerabilities.
Of the 1,752 high or critical vulnerabilities verified by Anthropic, 90.6% (1,587) were confirmed as valid flaws. Among these, 62.4% (1,094) were confirmed as high or critical severity.
One critical flaw uncovered by Mythos affected the wolfSSL cryptography library, which is used by billions of devices. Anthropic states that Mythos was able to construct an exploit allowing attackers to forge certificates, potentially impersonating banks or email providers.
The flaw has been patched, and Anthropic plans to publish a detailed technical analysis in the coming weeks. The vulnerability is tracked as CVE-2026-5194.
Disclosure and Patching Challenges From Mythos’s Vulnerability Flood
Anthropic verifies each flaw with the security community before reporting it to maintainers, then writes detailed reports for the affected projects. Out of 530 high or critical vulnerabilities reported, 75 have been patched and 65 have public advisories.
The company attributes the low fix rate to still being early in the 90-day Coordinated Vulnerability Disclosure window. It also notes that patches occurring without public advisories are likely undercounted.
The volume of Mythos findings is adding pressure to maintainers, who are already overwhelmed by a high volume of low-quality bug reports generated by AI. Some maintainers have asked Anthropic to slow down its rate of disclosures to give them more time to develop patches.
Why It Matters for Everyday Users and Defenders
Even before a public release of Mythos-class models, the broader implication is that lesser AI models are already capable of finding software vulnerabilities. Defenders should expect attackers to weaponize more flaws more frequently, including before patches are available.
Several governments have already responded to Mythos's existence. Japan ordered a sweeping security review, and Indian authorities demanded patching efforts at financial institutions.
Anthropic suggests overwhelmed security teams use AI tools, including its own Claude model with developer-focused capabilities, to accelerate patch development.
A timeline for public release of Mythos-class models has not been provided.
Thank you for being a Ghacks reader. The post Anthropic Plans Public Release of Mythos-Class AI Bug Finder Once Safeguards Are Ready appeared first on gHacks.
☞ El artículo completo original de Arthur Kay lo puedes ver aquí
No hay comentarios.:
Publicar un comentario