If there’s one thing that AI is good at, particularly language models, it’s detecting patterns in datasets so large that it would be practically impossible for humans to sift through them all, quickly and accurately. That certainly seems to be the case with Anthropic’s new general-purpose model, Claude Mythos, as the company has announced that it used it to detect “thousands of high-severity vulnerabilities, including some in every major operating system and web browser.”
Alongside the launch of Claude Mythos, Anthropic also announced Project Glasswing, an “initiative that brings together Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks in an effort to secure the world’s most critical software.”
In addition to this vulnerability, Mythos Preview identified several other important vulnerabilities in FFmpeg after several hundred runs over the repository, includ[ing] further bugs in the H.264, H.265, and AV1 codecs, along with many others.”
It’s worth noting that there’s a distinct financial cost to all of this, because running all those mega AI servers isn’t free, and code repositories need to be repeatedly scanned to find bugs. Anthropic discovered a vulnerability via a 27-year-old bug in OpenBSD:
“Across a thousand runs through our scaffold, the total cost was under $20,000 and found several dozen more findings. While the specific run that found the bug above cost under $50, that number only makes sense with full hindsight. Like any search process, we can’t know in advance which run will succeed.”
One good bit of news is that Anthropic actually sent patches out to FFmpeg, though it’s not clear as to whether AI was used to generate the fixes themselves. Another bit of good news is actually the whole caboodle.
Mythos is way better than Anthropic’s other models at creating successful exploits. (Image credit: Anthropic)
As worrying as it may seem that an AI model has discovered thousands of vulnerabilities in the software that we all use on a daily basis, with the issues now exposed, Claude Mythos has found exposable bugs that passed mere humans by. If the AI model can find new ones quicker than any human can, it’s perhaps the turning point in staying one step ahead of hackers and cybercrime.
And this makes me wonder as to whether the future of software will see email servers using AI servers to detect spam, phishing mail, or other dodgy messages and delete them so that they never get sent out. Imagine the same thing running on phone networks, nixing spam SMS and robocalls.
Hmm, that sounds suspiciously like the beginning of a Skynet-type of AI that decides the real problem isn’t vulnerabilities and exploits, but human beings. Yeah, maybe traditional spam filters aren’t so bad after all.
Best gaming rigs 2026
All our favorite gear
