Author: Author: Andrew Mikhaliuk, CEO of CoreWin
Amid the stream of bad news for cybersecurity professionals, from the poisoned Axios package to UAC-0001 (APT28), there is hardly a moment to catch one’s breath. But amid this juggling act between update speed (to defend against 0-days) and update quarantine (to defend against poisoned updates), a ray of hope seemed to appear — the divine glow of artificial intelligence from Anthropic: its newest model, Mythos.
This ray of hope managed, on its own, to find a 27-year-old vulnerability in OpenBSD and a 16-year-old one in FFmpeg. In other words, these vulnerabilities had existed for decades and remained unknown to the wider public. And only Mythos managed to uncover them.
How was this possible?
According to Anthropic’s report, this was achieved through a combination of contextual analysis. Put more simply: the point is not identifying one bug in the code as an isolated fact, but rather correlating that bug with other vulnerabilities, the software environment, the operational context, and the function in which the bug was found. This is not about a single isolated vulnerability. It is about building a logical chain of subsequent actions, each of which on its own does not make an attack possible, but in the right sequence becomes critical.
Is Mythos the first to have found a vulnerability autonomously? No… Big Sleep was the first, nearly a year ago, and I wrote about that here. Back then I joked about the singularity in cybersecurity and came to the conclusion that it was too early to talk about it. But perhaps its time has come now? Perhaps this additional context will decide the fate of humanity? Perhaps the day has already come when a CISO can cut the security engineering staff in half and forget about incident calls at night and on weekends as if they were a bad dream?
Let’s return to reality.
The first thing worth saying is that Anthropic will illuminate only the chosen ones with the rays of its mythical holiness — namely 12 companies, including Anthropic itself. That’s right… ordinary mortal specialists outside this chosen circle do not have access to the model, and therefore must continue searching for vulnerabilities with their own eyes. An attentive reader will notice the mistake in the previous sentence.
We have long stopped looking for vulnerabilities either on our own or with our eyes.
There is an entire ecosystem for that: from centralized vulnerability databases such as NVD to specialized code security testing tools such as Mend or Invicti. One of the arguments in favor of Mythos being epoch-making is precisely that this product will change the ecosystem itself (Forrester’s article is one example). But I’m getting ahead of myself — let’s return to the issue of the chosen few the closed nature of the model, and the reason for such a decision.
According to Anthropic’s report, if Mythos is released into the wild and falls into the hands of malicious actors (and researchers believe that it will), then cyberspace in its current form will not be ready for it, and attackers will hack everything capable of generating binary code. That is why the decision was made to grant access to only 12 companies, and even the US government did not receive access to this model. Could that be exactly why Hegseth wanted to abandon Claude altogether?
Competitors did not take long to respond.
On April 14, OpenAI launched GPT 5.4 Cyber, expanding access to the tool and broadening the pool of those who can access it, and Google is in no hurry to wind down Big Sleep as part of Project Zero either. Stop… Let’s take a breath. So Anthropic was not even the first in the field of LLM-powered bug-hunting. A few more facts:
- Before releasing Mythos through Project Glasswing, Anthropic used this model for Autonomous Security Testing.
- A large number of agents were used in parallel to find the OpenBSD vulnerability, and Mythos is capable of working with 1,000 agents in parallel. The cost of the scan was around $20,000.
Two questions arise from these facts:
- How is it that, with such a powerful model, Claude’s API keeps going down, while the model itself was accidentally made available to everyone?
- Couldn’t Opus have shown similar results if the same amount of money and compute allocated to Mythos had been thrown at it?
I would also ask you, dear reader, to look at this situation from a different angle. In retrospect. This is already the third time (by my count) since 2019 that a company preparing to release its model has said that the model is “too dangerous to release.”
- 2019 OpenAI. GPT-2. Too dangerous to release, because it would lead to an uncontrollable flood of fakes.
- 2024 OpenAI. A voice generation feature will lead to the collapse of internet banking — and more besides.
- Project Glasswing is meant to prepare the world (through 12 companies) for the threats posed by a new model that will hack
your brainevery computer on the planet.
Conclusion
As you may have already guessed, I am personally skeptical of this hype. Although I have to admit that, as a marketing campaign, this is a very successful project.
The singularity is canceled once again. All that remains is to exhale, clean the machine gun implement classic cybersecurity tools, and wait for the call about the next incident. Whether it comes at night or on the weekend.
