Anthropic limits rollout of Mythos AI model over cyberattack fears

The model, Claude Mythos Preview, excels at identifying weaknesses and security flaws within software, and Anthropic is limiting access to try to prevent bad actors from exploiting that capability, the company said.

Anthropic said Apple, Google, Microsoft, Nvidia and Amazon Web Services are among the project’s initial launch partners and will be able to use the model for defensive security work. More than 40 other companies, including CrowdStrike and Palo Alto Networks, are also participating, Anthropic said.

“There was a lot of internal deliberation,” Dianne Penn, Anthropic’s head of research product management, told CNBC in an interview. “We really do view this as a first step for giving a lot of cyber defenders a head start on a topic that will be increasingly important.”

Anthropic’s announcement comes after descriptions of the model were discovered by Fortune in a publicly accessible data cache late last month. Cybersecurity stocks fell on the report, which said that the model had advanced cyber capabilities that also posed a significant risk.

The iShares Cybersecurity ETF was mostly flat during intraday trading on Tuesday.

“The dangers of getting this wrong are obvious, but if we get it right, there is a real opportunity to create a fundamentally more secure internet and world than we had before the advent of AI-powered cyber capabilities,” CEO Dario Amodei wrote in a post on X touting the rollout of Project Glasswing.

Anthropic was founded in 2021 by a group of researchers and executives who defected from OpenAI over concerns about its direction and attitude toward safety.

The company spent years carefully constructing its reputation as a firm that was more dedicated to responsible AI deployment, and it unveiled Project Glasswing just weeks after its high-profile clash over safety with the Defense Department spilled into public view. 

Anthropic said it’s been in “ongoing discussions” with U.S. government officials about Claude Mythos Preview’s cyber capabilities.

Employees at Anthropic decided on the name Project Glasswing, a metaphor that likens a transparent butterfly to software vulnerabilities, which are “relatively invisible,” Penn said. 

Claude Mythos Preview is able to find bugs, some of which are critical, that have previously been difficult to detect, Anthropic said. In one case, the company said, the model identified a 27-year old bug in OpenBSD, which, according to its website, is an operating system that emphasizes security. 

Anthropic said Claude Mythos Preview is a general-purpose model that was not specifically trained for cybersecurity, and its improved cyber capabilities are a result of its strong coding and reasoning skills. The company said it does not plan to make the model generally available, but the goal is to learn how it could eventually deploy Mythos-class models at scale.

Companies that participate in Project Glasswing all build or maintain critical software infrastructure, and Anthropic said they will use its models to try to secure both first-party and open-source systems. Anthropic said it has committed up to $100 million in usage credits for these efforts, but partners will pay to use the model past that threshold.  

Newton Cheng, Anthropic’s Frontier Red Team cyber lead, said the company wants the firms to get used to leveraging these capabilities before they become widely available. The company said it’s trying to avoid “recklessly or irresponsibly” releasing a model that adversaries could take advantage of.  

“Cybersecurity is just going to be an area where this broad increase in capabilities has potential for risk, and thus we have to keep a really close eye on what’s going on there,” Cheng said in an interview.

WATCH: Panic on cyber stocks feels overdone, says Big Technology’s Alex Kantrowitz