Anthropic's AI Can Now Hack The World

Artificial intelligence has not merely arrived; it has fundamentally consumed and rewritten the rules of software. This is not a future prediction but a current reality, marking an unprecedented paradigm shift. The era of AI "eating" software passed; it has already devoured it.

Anthropic's new frontier model, Mythos, exemplifies this profound change. Beyond human comprehension, Mythos has already uncovered thousands of high-severity vulnerabilities across every major operating system and web browser. This includes decades-old zero-day flaws that evaded traditional testing tools for millions of hits.

Mythos identified a 27-year-old bug in OpenBSD and a 16-year-old vulnerability in FFmpeg, unearthing deeply embedded weaknesses. More alarmingly, the model does not just identify these flaws; it autonomously

Anthropic unveils Claude Mythos Preview, its unreleased frontier artificial intelligence engineered specifically for cybersecurity. This advanced model does not merely scan for known weaknesses; it fundamentally redefines vulnerability discovery, proving capable of identifying novel attack vectors. mythos has already uncovered thousands of high-severity flaws across every major operating system and web browser, signaling a profound shift in digital defense.

Its capabilities extend to pinpointing decades-old zero-day vulnerabilities that consistently eluded human experts and traditional testing suites. mythos notably identified a 27-year-old bug in OpenBSD, a renowned secure operating system, and a 16-year-old flaw in FFmpeg, a critical open-source media project, which evaded detection despite millions of hits and extensive scrutiny. These discoveries underscore an unprecedented ability to penetrate long-standing software defenses.

mythos moves far beyond passive identification; it actively weaponizes its findings. The artificial intelligence autonomously develops fully working exploits, demonstrating a profound, almost intuitive, understanding of system architecture and potential attack surfaces. Furthermore, it can seamlessly chain multiple vulnerabilities together, orchestrating complex sequences for privilege escalation and deep system compromise.

This offensive capability poses a nuclear-level threat to critical infrastructure worldwide, including banking systems, medical records, logistics networks, and power grids. Recognizing mythos’s immense power and potential for devastating misuse, Anthropic restricts its release, making it unavailable to the public. Instead, the company launched Project Glasswing, an unprecedented initiative partnering with major tech companies— - Amazon Web Services - Apple - Broadcom - Cisco - CrowdStrike - Google - JPMorganChase - The Linux Foundation - Microsoft - NVIDIA - Palo Alto Networks

This collaboration aims to leverage Claude Mythos Preview solely for defensive purposes, securing vital software components. Anthropic commits up to $100M in usage credits for mythos Preview and $4M in direct donations to open-source security organizations as part of this critical effort.

Bank accounts are no longer safe. Mythos, Anthropic's unreleased frontier artificial intelligence, extends its threat beyond theoretical software vulnerabilities directly into the heart of global critical infrastructure. Envision nuclear reactors, health systems, financial networks, and power grids—all suddenly exposed to an unprecedented level of automated cyberattack. Every system that underpins modern society, from banking transactions to emergency services, faces an immediate and profound risk.

Software's ubiquitous presence means this threat is pervasive. Virtually every piece of critical infrastructure, regardless of its age or supposed isolation, relies on complex codebases. These systems, often decades old and built with layers of legacy software, present fertile ground for an artificial intelligence designed to dissect and exploit digital weaknesses. The sheer scale of interconnectedness means a breach in one area can cascade rapidly across sectors.

Mythos has already found thousands of high-severity vulnerabilities, including decades-old zero-day flaws that eluded human experts for years. It uncovered a 27-year-old bug in OpenBSD and a 16-year-old vulnerability in FFmpeg, both of which escaped millions of traditional testing cycles. This artificial intelligence does not merely identify bugs; it autonomously develops working exploits and chains multiple vulnerabilities for privilege escalation, moving with a speed and precision impossible for human teams.

Such rapid, autonomous vulnerability discovery overwhelms traditional human-led cybersecurity patching and defense cycles. Security teams, already struggling to keep pace with new threats, now face an adversary that can generate sophisticated attack vectors faster than they can deploy countermeasures. Recognizing this existential challenge, Anthropic launched Project Glasswing, an initiative to leverage Mythos for defensive purposes, offering $100M in usage credits and $4M in donations to secure critical software. Learn more about their efforts here: Project Glasswing: Securing critical software for the AI era - Anthropic.

Anthropic CEO Dario Amodei now commands an unprecedented concentration of power, a reality vividly underscored by the capabilities of mythos. This unreleased frontier AI, capable of autonomously discovering thousands of high-severity vulnerabilities across every major operating system and web browser, places immense control in the hands of a single entity. The video’s stark assertion that this represents "insane power for a single person to have" resonates deeply, highlighting the profound ethical and governance challenges ahead.

mythos has already demonstrated its ability to find decades-old zero-day flaws, including a 27-year-old bug in OpenBSD and a 16-year-old vulnerability in FFmpeg, both of which evaded traditional testing for millions of hits. This model not only identifies these flaws but also autonomously develops working exploits, chaining multiple vulnerabilities for privilege escalation. Such capabilities mean that critical infrastructure—from nuclear reactors and health systems to financial networks and power grids—is potentially vulnerable at the whim of this powerful AI.

Paradoxically, Amodei himself has publicly warned about the existential risks posed by advanced artificial intelligence, citing a 25% chance of catastrophic AI outcomes. This chilling admission from the architect of such potent technology reveals an internal conflict about the immense responsibility now resting on his shoulders. While Anthropic’s Project Glasswing aims to use mythos defensively with partners like Apple and Google, the inherent offensive potential of this AI redefines global cybersecurity and the future of digital control.

Anthropic does not simply unleash a world-breaking artificial intelligence and walk away. Facing the existential threat its own frontier model poses, the company launched Project Glasswing, an ambitious initiative to construct a global digital immune system. This unprecedented effort aims to harness the offensive capabilities of mythos and turn them into a shield for critical infrastructure worldwide.

Project Glasswing assembles an unparalleled coalition of industry titans, all united against the new era of AI-driven cyber threats. This collective includes: - Amazon Web Services - Apple - Broadcom - Cisco - CrowdStrike - Google - JPMorganChase - The Linux Foundation - Microsoft - NVIDIA - Palo Alto Networks

This formidable alliance underscores the gravity of the situation, recognizing that no single entity can counter the autonomous, high-severity vulnerability discovery power of Anthropic's AI. The collaboration signifies a desperate, shared understanding that software security, as we know it, has fundamentally changed.

Anthropic backs Project Glasswing with substantial financial commitments, signaling the project’s critical importance. The company allocates up to $100 million in usage credits for mythos Preview, granting partners direct access to the very tool capable of exposing their deepest flaws. This allows them to proactively identify and patch vulnerabilities at an unprecedented scale.

Furthermore, Anthropic provides $4 million in direct donations to various open-source security organizations. These funds support the broader ecosystem of developers and researchers working to harden the foundational software layers that underpin global digital systems. The dual investment highlights a comprehensive strategy: leverage the ultimate offensive weapon for defense while simultaneously bolstering community-driven security efforts.

Glasswing represents a stark admission: the creator of the most potent digital weapon must also lead the charge in building its antidote. It transforms mythos from a pure threat into a vital, albeit dangerous, diagnostic tool. This project is not merely about patching bugs; it embodies a desperate, industry-wide scramble to adapt to a reality where artificial intelligence has already rewritten the rules of software security.

The era of protracted cyber reconnaissance and manual exploit development is over. artificial intelligence radically collapses the window between vulnerability discovery and weaponized exploit, shifting the tempo of cyber warfare from months to mere hours. Anthropic's mythos exemplifies this new reality, identifying thousands of high-severity flaws, including decades-old zero-day vulnerabilities, and crafting functional exploits with unprecedented speed.

mythos discovered a 27-year-old bug in OpenBSD and a 16-year-old vulnerability in FFmpeg, flaws that evaded traditional testing for millions of hits. This capability means adversaries can now leverage AI to uncover and exploit critical weaknesses in systems like nuclear reactors, health networks, and financial infrastructure almost instantaneously. The time to patch shrinks dramatically, creating immense pressure on defenders.

A stark warning emerged from the November 2025 AI-orchestrated cyber espionage campaign, a simulated exercise that showcased this new threat class. In this scenario, an agentic AI autonomously infiltrated multiple critical infrastructure networks within a single day, exploiting previously unknown zero-day vulnerabilities across diverse platforms. The operation required minimal human input, demonstrating AI's capacity for independent, large-scale cyber operations.

This rapid operational tempo hinges on agentic AI, artificial intelligence systems designed for autonomous goal-setting, planning, and execution. Unlike traditional scripts, agentic AI does not simply follow predefined commands; it adapts, learns, and makes real-time decisions to achieve complex objectives. This capability transforms a single vulnerability into a systemic breach orchestrated by an intelligent, adaptive adversary.

Such systems can autonomously perform every stage of a sophisticated cyberattack, from initial reconnaissance and vulnerability scanning to payload delivery and persistence. They chain together multiple weaknesses, bypass defensive measures, and exfiltrate data without human intervention. This fundamental shift from human-intensive, months-long processes to AI-driven, real-time exploitation fundamentally rewrites the rules of engagement in the digital domain. For further insight into the capabilities of Anthropic's powerful AI, including its restricted release, see Anthropic Says Its New AI Model Is So Good at Finding Security Risks, You Can't Use It - CNET.

Not everyone accepts the doomsday narrative without question. Prominent critics like AI researcher Gary Marcus frequently caution against the industry's tendency towards hyperbolic claims. He suggests some pronouncements serve more to attract investment or shape public policy than to accurately reflect current capabilities. This critical lens applies directly to assertions surrounding mythos's unparalleled offensive power.

Anthropic's claim of mythos discovering "thousands of high-severity vulnerabilities" sounds catastrophic. However, security experts often differentiate between a discovered flaw and a practically exploitable zero-day. Many vulnerabilities, even "high-severity" ones, require highly specific conditions to trigger, prove difficult to chain, or affect obscure software versions, significantly limiting their real-world impact.

A raw count of vulnerabilities can mislead. The true measure of a threat lies in its exploitability—how easily an attacker can weaponize it to achieve a desired outcome. A 27-year-old bug in OpenBSD or a 16-year-old FFmpeg flaw, while impressive discoveries, may not pose the same immediate, widespread threat as a newly discovered remote code execution bug in a widely used web server.

Ultimately, the real "moat" in advanced cybersecurity extends beyond the raw processing power of any single large language model. Effective defense relies on a complex, integrated system combining: - Sophisticated AI tools like mythos - Vigilant human security researchers - Rapid incident response teams - Continual system hardening and patch management Anthropic's own Project Glasswing tacitly acknowledges this necessity, aiming to build a collective digital immune system, not just a powerful AI.

AI excels at pattern recognition and rapid analysis, accelerating vulnerability discovery. Yet, human expertise remains crucial for contextualizing threats, prioritizing fixes, and understanding the intricate real-world implications of an exploit chain. AI serves as an indispensable assistant, not a fully autonomous cyber overlord, in the ongoing security arms race.

US Treasury Secretary Janet Yellen recently convened top bank CEOs, underscoring the immediate and profound threat advanced artificial intelligence poses to global financial stability. This urgent gathering reflects a growing consensus among world leaders: the era of AI-driven cyberwarfare has arrived, demanding an unprecedented level of preparedness across all critical sectors. Such high-level meetings are becoming more common as the scale of the threat becomes clearer.

Emerging geopolitical consensus now categorizes AI compute power as critical national infrastructure, on par with energy grids, water supplies, and telecommunications networks. Nations recognize that control over high-performance AI is not just an economic advantage but a fundamental component of national security, dictating future strategic power. This reclassification signals a dramatic shift in how governments perceive and protect technological assets, prompting discussions about national AI strategies and resource allocation.

The capabilities of models like Anthropic's unreleased mythos exemplify this urgency, having already found thousands of high-severity vulnerabilities. These include decades-old zero-day flaws across every major operating system and web browser, such as a 27-year-old bug in OpenBSD and a 16-year-old vulnerability in FFmpeg that evaded traditional testing for millions of hits. Such artificial intelligence can autonomously develop working exploits, chain multiple vulnerabilities for privilege escalation, and threatens: - nuclear reactors - health systems - financial networks - power grids

Regulators face an immense, perhaps impossible, challenge. They must govern a powerful, rapidly evolving, and inherently dual-use technology without stifling the very innovation that could secure national advantage or develop defensive countermeasures. Crafting policy that protects critical systems while fostering technological leadership requires a delicate and complex balancing act, often operating without precedent. The speed at which AI discovers and weaponizes flaws collapses traditional defense timelines from months to hours, making proactive regulation incredibly difficult and reactive measures often too late.

Policymakers grapple with questions of oversight, international collaboration, and the ethical deployment of AI that can both safeguard and cripple digital infrastructure. The stakes are monumental: failing to adapt risks ceding strategic advantage to adversaries or, worse, inviting catastrophic system failures across interconnected global systems. The world is navigating uncharted waters, where the next vulnerability could emerge from an algorithm, demanding a robust and agile governmental response that balances security with technological progress.

Anthropic's unreleased frontier AI, Mythos, presents the ultimate case study for humanity’s enduring dual-use technology dilemma. This powerful model, capable of autonomously discovering thousands of high-severity vulnerabilities and developing working exploits, can secure critical infrastructure or dismantle it. It simultaneously offers an unparalleled defense mechanism and an unprecedented offensive weapon, depending entirely on its deployment.

Like the advent of nuclear energy or revolutionary advances in genetic engineering, Mythos embodies a tool with profound, bifurcated potential. Early atomic research promised limitless power, yet also unleashed weapons of mass destruction. Similarly, genetic tools can cure diseases or engineer dangerous pathogens, forcing humanity to confront the ethical implications of its own ingenuity.

The core challenge posed by Mythos is therefore not technical; Anthropic has already demonstrated its staggering capabilities, from finding a 27-year-old bug in OpenBSD to a 16-year-old vulnerability in FFmpeg. Instead, the real hurdle is ethical, revolving around questions of control, access, and governance. Who decides how such immense power is wielded, and what mechanisms prevent its weaponization?

Securing this new paradigm demands robust, international frameworks far beyond current regulatory efforts. Project Glasswing represents Anthropic’s internal attempt to steer Mythos toward defensive applications, committing $100M in usage credits for partners like Apple and Microsoft. However, the broader human responsibility for managing such powerful artificial intelligence transcends any single corporate initiative, necessitating transparent governance and stringent oversight. For more on Anthropic's approach to responsible AI development, see their Research - Anthropic section.

The existence of artificial intelligence like Anthropic's unreleased mythos confirms a stark new baseline for our digital existence: nowhere is safe. AI has already consumed and rewritten the rules of software, rendering traditional security paradigms obsolete. Every connected system, from nuclear reactors to financial networks, now operates under an unprecedented level of vulnerability.

This frontier AI autonomously discovers thousands of high-severity vulnerabilities, including decades-old zero-day flaws across every major operating system and web browser. It has identified a 27-year-old bug in OpenBSD and a 16-year-old vulnerability in FFmpeg. Critical infrastructure systems now face exploitation windows collapsed from months to mere hours.

Anthropic, however, simultaneously developed Project Glasswing, an ambitious defensive initiative aimed at building a "digital immune system." This project leverages mythos's unparalleled capabilities to proactively secure critical software across the global digital infrastructure, turning a potent offensive tool into a shield.

Glasswing unites industry giants including: - Amazon Web Services - Apple - Google - JPMorganChase - Microsoft - NVIDIA - Palo Alto Networks

Anthropic has committed up to $100M in usage credits for mythos Preview and $4M in direct donations to open-source security organizations, aiming to preemptively patch vulnerabilities before malicious actors can exploit them. This collaboration represents an urgent, coordinated response.

Yet, the inherent dual-use dilemma of this technology remains profound. The same artificial intelligence capable of immense good in securing systems poses an equally immense threat if misused, concentrating unprecedented power in the hands of a few. The speed and autonomy of mythos magnify this dilemma, making the balance between defense and offense a constant, high-stakes race.

Humanity now confronts the ultimate challenge. Our boundless ingenuity has unleashed an artificial intelligence capable of both protecting and dismantling the very foundations of our digital world. Can our collective wisdom in governing this transformative technology possibly keep pace with our astounding ability to create it? This question defines our fragile digital future.

What is Anthropic's Mythos Preview?

It is an unreleased, frontier AI model designed to find and autonomously exploit high-severity software vulnerabilities, including flaws that are decades old and have evaded traditional security tools.

Why isn't Anthropic's Mythos AI available to the public?

Due to its powerful and potentially dangerous hacking capabilities, Anthropic is restricting access to prevent its misuse by malicious actors for large-scale cyberattacks on critical infrastructure.

What is Project Glasswing?

Project Glasswing is a defensive cybersecurity initiative led by Anthropic. It partners with major tech companies like Google, Apple, and Microsoft to use Mythos to proactively find and fix security flaws in critical software.

Who is Dario Amodei and why is he mentioned?

Dario Amodei is the CEO of Anthropic. He is mentioned because his company's control over the Mythos AI gives him and his organization immense, unprecedented power to potentially break any piece of software.