Anthropic Mythos found thousands of zero-days; White House blocks expansion
TL;DR: Anthropic says its Claude Mythos Preview model has surfaced thousands of previously unknown software vulnerabilities — “zero-days” — across every major operating system and web browser, including a 27-year-old flaw in OpenBSD. Access is restricted to a vetted partner group under “Project Glasswing” (Amazon, Apple, Google, Microsoft, Nvidia, Palo Alto Networks, CrowdStrike, Broadcom, Cisco, JPMorgan Chase, Linux Foundation plus around 40 others). The White House opposes Anthropic’s plan to add 70 more organisations on national-security and compute-availability grounds. A small group of unauthorised users obtained access through a private forum, according to documentation seen by Bloomberg.
A capability that changes the threat-model
Mythos can chain known-but-unpatched flaws into working exploits, including a Linux-kernel chain that grants full machine control. Non-experts asked the model overnight to find ways to remotely take over computers and came back to a complete, working exploit. Independent researchers have not been given access to verify Anthropic’s claims, and Gang Wang at the University of Illinois told Bloomberg that hands-on testing is needed to gauge the real significance.
This pairs directly with the UK AI Safety Institute’s evaluation of GPT-5.5, also published this week, which concluded GPT-5.5 has reached a similar offensive-cyber level to Mythos Preview on AISI’s narrow tasks and corporate-network attack range. Two frontier vendors are now within touching distance of an autonomous-cyber capability that AISI estimates would take a human expert around 20 hours per chain. Mythos is the productised version of that capability; Project Glasswing is Anthropic’s containment strategy.
Looking forward
For UK readers, the immediate hooks are AISI’s parallel work, the Cyber Security and Resilience Bill currently in flight, and the £90m cyber-resilience funding announced this week. Anthropic argues defenders will eventually win — software hardened largely by code these models write — but concedes the transition will be “fraught”, with less than 1% of Mythos-found vulnerabilities patched so far. For UK CISOs the practical question is whether equivalent defensive capability will be available through trusted-access programmes or government-mediated cohorts, or whether private-cohort access programmes like Glasswing will set the de facto distribution model. The unauthorised-access incident is a reminder that controlled distribution and effective distribution are not the same thing.