Claude Mythos and Project Glasswing: why an AI superhacker has the tech world on alert

Westend61 / Getty Images New, more powerful artificial intelligence (AI) models are announced pretty regularly these days: the latest version of ChatGPT or Claude or Gemini always has new features and new capabilities that its makers are eager for customers to try out. But now Anthropic has announced a new model with great fanfare, but is only giving access to a select handful of users. In what the New York Times calls a “terrifying warning sign” of the model’s power, the company has instead started an initiative called Project Glasswing to use the model for good instead of evil. Why? Early reports indicated that the model, with instruction, had been able to move outside a contained testing “sandbox” and send an email to a researcher. A little alarming, perhaps. But more significantly, Anthropic claims Mythos has uncovered software vulnerabilities and bugs “in every major operating system and every major web browser”. Finding hidden vulnerabilities In one remarkable example, the model found a flaw in OpenBSD, a security-focused operating system used in firewalls and routers, which had gone undetected for 27 years. According to Anthropic, it also found a 16-year-old vulnerability in FFmpeg, a little-known but widely used behind-the-scenes piece of software that helps computers, apps, and websites handle audio and video files. Anthropic also says Mythos found several vulnerabilities in the kernel of the Linux operating system, and chained them together in a way that could gi...