Products & Announcements

Anthropic Restricts Claude Mythos to Prevent AI-Driven Security Crisis

AI SafetyCybersecurityVulnerability ResearchAnthropicAI & Human Rights
Added
Link13
Article: NeutralCommunity: PositiveMixed
Anthropic Restricts Claude Mythos to Prevent AI-Driven Security Crisis

Anthropic is withholding its new Claude Mythos model from the public, opting instead to share it with a limited group of security researchers through Project Glasswing. The model has already discovered thousands of high-severity vulnerabilities, including decades-old bugs in core internet infrastructure like OpenBSD. This restricted release aims to give defensive teams a head start on patching critical systems before AI-powered exploitation capabilities proliferate.

Key Points

  • Claude Mythos is a frontier model capable of finding and chaining multiple vulnerabilities to create sophisticated exploits in major operating systems.
  • Anthropic is restricting the model's release through Project Glasswing to allow the software industry time to patch critical infrastructure before such capabilities become widespread.
  • Prominent security figures like Greg Kroah-Hartman and Daniel Stenberg confirm that AI-generated security reports have recently shifted from low-quality 'slop' to highly accurate and actionable research.
  • Project Glasswing includes a $104M commitment in credits and donations to bolster the security of open-source organizations and foundational systems.
  • Anthropic plans to develop and refine new safeguards in future public models based on the findings from the Mythos restricted preview.

Sentiment

The Hacker News community is broadly supportive of Anthropic's decision to restrict Claude Mythos, viewing it as a necessary and responsible step. However, there is significant concern about the practical implications: the offense-defense asymmetry, accessibility of these tools for small players, and the growing burden on open-source maintainers. The consensus leans toward agreement that something needed to be done, but with skepticism about whether restricted access alone can solve the underlying problem.

In Agreement

  • AI bug scanning is a net positive that will help catch high-severity vulnerabilities before they reach production
  • Anthropic's cautious, restricted release approach is necessary and appropriate given the capabilities involved
  • Strong privacy laws and technical tools like Roost are needed alongside AI security measures
  • Chinese adversaries likely have similar tools, so waiting too long to deploy defensive AI capabilities is dangerous

Opposed

  • Small companies and individuals with IoT devices cannot afford expensive AI auditing tools, leaving consumer hardware vulnerable
  • The offense-defense asymmetry means the existence of such tools may not favor defenders — attackers need to find one vulnerability while defenders must protect everything
  • Running advanced security harnesses against standard Claude subscriptions can get organizations banned, making this research inaccessible to most
  • Cheap zero-day discovery could create downward pressure on open-source projects already overwhelmed by AI-generated security reports
Anthropic Restricts Claude Mythos to Prevent AI-Driven Security Crisis | TD Stuff