Anthropic has unveiled its latest artificial intelligence model, Claude Mythos, but has decided against a public release due to its potential to transform computers into crime scenes. The company asserts that Mythos can identify previously unknown 'zero-day' vulnerabilities, exploit them, and even chain these weaknesses to seize control of major operating systems and web browsers. This autonomous capability, which includes writing code and escalating privileges, carries profound implications. It is comparable to a burglar who can target any building, enter, unlock every door, and empty every safe.
Project Glasswing and Defensive Partnerships
To counter these threats, the Silicon Valley firm has enlisted 40 organisations under Project Glasswing, urging them to patch vulnerabilities before malicious actors can exploit them. All partners are American, situated at the core of the US-led digital ecosystem. Outside the United States, Anthropic has only shared Mythos with Britain, allowing the AI Security Institute to test frontier models. After witnessing the model's capabilities, British ministers issued a warning: AI is poised to make cyber-attacks significantly easier and faster, leaving many businesses unprepared. European banks are expected to test the model next.
Systemic Risks and Private Control
This development may be timely. Recent reports of unauthorised access highlight concerns about whether any private company can be trusted with such power. Mythos does not necessarily introduce a new type of cyber threat; rather, it transforms a latent weakness into a systemic risk. Traditionally, hacking has been difficult and time-consuming, requiring specialised skills. However, AI tools are proliferating rapidly, making system breaches accessible to many, not just experts.
A poacher can also become a gamekeeper. Mozilla tested Mythos on its Firefox browser, discovering ten times more flaws than before and subsequently fixing them. Notably, none of these flaws were beyond human detection. What changes is that AI can discover cyber vulnerabilities quickly, cheaply, and at scale.
US Government's Evolving Stance
The US government's embrace of Anthropic marks a significant shift. In February, the Pentagon labelled the company a 'security risk' and barred it from lucrative contracts after it refused to allow its technology for mass surveillance or autonomous weapons. OpenAI secured the contract instead. Anthropic, known for its Claude chatbot, has long positioned itself as the ethical alternative among competitors, though its reputation suffered after a $1.5 billion piracy settlement last year.
Narrative and Technological Reality
Mythos is powerful, but Anthropic's public relations have shaped the narrative as much as the technology itself. There are questions about how advanced Mythos truly is. Researchers have demonstrated that smaller, cheaper models deployed at scale can achieve similar feats. What appears as a breakthrough may reflect a broader trend across the field. The White House now sees strategic value in Anthropic, inviting it back into the fold and signalling a shift from treating AI firms as contractors to partners. This raises deeper concerns about whether private firms should control critical infrastructure risk, especially if less responsible actors gain technical leverage.
Geopolitical Implications and Internet Fragmentation
Clearly, whoever creates the most powerful AI models—whether state or firm—will gain geopolitical advantages over friends and foes alike. Without a framework for international coordination on cybersecurity, however, there is a risk of not having one secure internet but several competing ones. Each entity would 'patch' its own system and fully trust none of the others. The web would no longer be a global commons; instead, it would be carved into security alliances, guarded more closely, even as something broader slips quietly away.
