When AISLE tested Mythos's showcase vulnerabilities on small, cheap, open-weights models, most found the same bugs. Here's what that means for cyber.
Editorial: Tech can scale cyber-attacks and defences alike, raising questions about private power, public risk and the future of a shared internet
Four days after Anthropic launched Project Glasswing, a security startup reproduced Mythos's flagship findings using tiny open models costing $0.11 per million tokens. The velvet rope was porous on arrival.
Applied mathematician and software architect who occasionally writes music.
A slightly delayed episode of the weakly link. This time, we have a bit of a special outlook on the future in security to do with Quantum and AI. There were a couple of links that really caught my eye and could make a compelling case for usage of the phrase “everchanging landscape…” - stop it Gerald - this is not AI generated! Let’s start with the big announcement: Anthropic announced how their latest Mythos model was so good at vulnerability research that they decided to keep it from the unwashed masses and just give access to select organisations and call it Project Glasswing.
There’s a series of articles that have been written casting doubt on Anthropic’s claims of Mythos as some leap in cybersecurity. Tom’s Hardware wrote up a good summary. I’ve…
I’m sure by now you’ve all read the news about Anthropic’s new “Mythos” model and its apparently “dangerous” capabilities in finding security vulnerabilities. I’m sure everyone reading this also ha…
Anthropic’s Claude Mythos completes 73% of expert-level CTF tasks and writes root exploits autonomously. The harder problem isn’t what AI can find — it’s what happens after it finds something.
This one is different.Anthropic didn’t just build a better model—they hit a threshold and stopped.Claude Mythos (Preview) exists, works, and isn’t being released. Not because it failed.Because it c…
Three months ago, the idea of using AIs to help debug code sounded like complete nonsense to me, given that they couldn’t even write code well. In my experience, the AI models I’ve tried still can’t write code very well, but it turns out this is a completely different skill from finding bugs. In reality, AIs are already superhumanly good at finding logic errors, and while Anthropic’s Mythos is usually what comes to mind, much weaker models can actually find the same security flaws if given specific instructions in highly constrained environments.
i wear this chaos well
No need to panic just yet
In this issue: Defense in Depth, Medieval Style Human Trust of AI Agents Mythos and Cybersecurity Is "Satoshi Nakamoto" Really Adam Back? Mexican Surveillance Company ICE Uses Graphite Spyware FBI Extracts Deleted Signal Messages from iPhone Notification Database Hiding Bluetooth Trackers in Mail Medieval Encrypted Letter Decoded What Anthropic’s Mythos Means for the Future of Cybersecurity Claude Mythos Has Found 271 Zero-Days in Firefox Fast16 Malware A Ransomware Negotiator Was Working for a Ransomware Gang Hacking Polymarket DarkSword Malware Rowhammer Attack Against NVIDIA Chips Smart Glasses for the Authorities Insider Betting on Polymarket LLMs and Text-in-Text Steganography Copy.Fail Linux Vulnerability OpenAI’s GPT-5.5 is as Good as Mythos at Finding Security Vulnerabilities How Dangerous Is Anthropic’s Mythos AI? Upcoming Speaking Engagements
Developments in biology, robotics, web, and more
The arrival of Anthropic's Mythos jolted banks, software giants and governments into reckoning with a new era of cyber attacks. But the threat is already here.
Two weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can autonomously find and weaponize software vulnerabilities, turning them into working exploits without expert guidance. These were vulnerabilities in key software like operating systems and internet infrastructure that thousands of software developers working on those systems failed to find. This capability will have major security implications, compromising the devices and services we use every day. As a result, Anthropic is not releasing the model to the general public, but instead to a ...
Last week, Anthropic pulled back the curtain on Claude Mythos Preview, an AI model so capable at finding and exploiting software vulnerabilities that the company decided it was too dangerous to release to the public. Instead, access has been restricted to roughly 50 organizations—Microsoft, Apple, Amazon Web Services, CrowdStrike and other vendors of critical infrastructure—under an initiative called Project Glasswing. The announcement was accompanied by a barrage of hair-raising anecdotes: thousands of vulnerabilities uncovered across every major...
Last week, Anthropic pulled back the curtain on Claude Mythos Preview, an AI model so capable at finding and exploiting software vulnerabilities that the company decided it was too dangerous to release to the public. In a new op-ed, SRI Director David Lie and Visiting Fellow Bruce Schneier discuss t
Anthropic is not going to release its new most capable model, Claude Mythos, to the public any time soon.
Replicating Mythos bugs with public models and more, building a useful security program for free, new post-exploitation framework for CI/CD pipelines that can replicate the full TeamPCP attack kill chain
The new reality rewards systems that can be tested and patched continuously