Anthropic Plans Public Release of Powerful Mythos AI Security Models

AI Bug-Finding Technology Could Eventually Reach Broader Users

AI startup Anthropic says it plans to eventually release versions of its highly capable Mythos cybersecurity models to the public, though the company acknowledges it has not yet solved the safety concerns tied to the technology.

The announcement marks a significant development in the growing debate over how advanced artificial intelligence tools could reshape cybersecurity — both for defenders and attackers. The company says broader access will only happen after stronger safeguards are in place to prevent misuse.

Mythos AI Was Initially Restricted Due to Security Risks

Anthropic first introduced Mythos in April, describing it as an AI system exceptionally skilled at identifying software vulnerabilities. According to the company, the model was powerful enough that unrestricted access could enable cybercriminals to rapidly uncover and exploit weaknesses in widely used software.

Because of those concerns, Anthropic limited access through a program called Project Glasswing, which grants the technology only to selected organizations and security partners.

Participants in the program have reported that Mythos can uncover large numbers of vulnerabilities quickly, although many of the flaws could theoretically still be found by human researchers with enough time and resources. Some organizations testing the system have also said the volume of discovered bugs has created operational challenges, overwhelming existing patching and remediation workflows.

The technology’s emergence has already triggered international concern. Governments in countries including Japan and India have reportedly accelerated cybersecurity reviews and patching efforts, reflecting growing fears that AI-assisted attacks could become more common.

Anthropic Signals Wider Access Ahead

In an update published last week, Anthropic said it plans to expand Project Glasswing to additional partners, including the U.S. government and allied nations.

The company also revealed plans for a broader rollout in the future.

“Once we’ve developed the far stronger safeguards we need, we look forward to making Mythos-class models available through a general release,” Anthropic said.

However, the company offered no specific timeline and admitted the industry still lacks adequate protections against abuse.

“At present, no company — including Anthropic — has developed safeguards strong enough to prevent such models from being misused and potentially causing severe harm,” the company stated.

That warning reflects growing anxiety across the cybersecurity sector, particularly in the United States, where federal agencies and private infrastructure operators are increasingly preparing for AI-driven cyber threats.

Thousands of Serious Vulnerabilities Already Identified

Anthropic disclosed that Mythos has scanned more than 1,000 open-source software projects that support major parts of the internet and digital infrastructure.

According to the company, the system has identified approximately 23,019 software flaws overall, including 6,202 vulnerabilities classified as high or critical severity.

Anthropic says discovered vulnerabilities go through a verification process involving security researchers and software maintainers before disclosure. The company emphasized that it attempts to avoid contributing to the growing problem of low-quality AI-generated bug reports flooding open-source projects.

Maintainers of open-source software have reportedly told Anthropic that many teams are already operating with limited resources and struggling to keep up with disclosure requests.

Of the 1,752 high- or critical-severity issues reviewed so far, Anthropic said 90.6 percent were confirmed as legitimate vulnerabilities. More than 1,000 of those were ultimately classified as high or critical severity.

Critical wolfSSL Flaw Raises Alarm

One of the most serious vulnerabilities reportedly discovered by Mythos involved wolfSSL, a cryptography library used in billions of connected devices worldwide.

Anthropic said Mythos successfully generated an exploit capable of forging digital certificates, potentially allowing attackers to impersonate trusted websites such as banks or email providers.

According to the company, an attacker using the exploit could create fraudulent websites that appear legitimate to end users while secretly being controlled by malicious actors.

Developers have already patched the vulnerability, which is being tracked as CVE-2026-5194. Anthropic said a more detailed technical analysis will be released in the coming weeks.

Security Teams Face Growing Pressure

Anthropic reported that 75 out of 530 disclosed high- or critical-severity vulnerabilities have already been patched, with 65 receiving public advisories.

The company attributed the relatively low patch rate partly to standard 90-day disclosure timelines, noting that many fixes are still in progress.

Anthropic also acknowledged that AI systems like Mythos may intensify existing pressures on cybersecurity teams and open-source maintainers already facing staffing shortages and growing workloads.

The company’s proposed solution relies heavily on AI itself. Anthropic says it is continuing to improve its Claude AI models to help developers identify, prioritize, and repair vulnerabilities more efficiently.

AI Is Rapidly Reshaping Cybersecurity

The Mythos announcement highlights a broader shift occurring across the cybersecurity industry as AI tools become increasingly capable of automating vulnerability discovery and exploit development.

While supporters argue these systems could dramatically improve defensive security research, critics warn they may also lower barriers for cyberattacks if protections fail.

For now, Anthropic appears to be moving cautiously. But its plan to eventually release Mythos-class technology publicly suggests AI-powered cybersecurity tools could soon become a standard part of the global software security landscape.

William Faulkner

“Amateur introvert. Reader. Coffee aficionado. Professional music maven. Bacon practitioner. Freelance travel nerd. Proud internet scholar.”