Claude Mythos by Anthropic: AI Surpasses Developers
Le brief IA que les pros lisent chaque soir
Les 7 actus IA du jour, décryptées en 5 min. Gratuit.
Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.
Choisis ton rythme
Gratuit · Pas de spam · Désabonnement en 1 clic
Anthropic and Claude Mythos Preview: A Breakthrough Advancement
Anthropic, in collaboration with around 50 partners, has recently highlighted the impressive capabilities of its AI model, Claude Mythos Preview. In just one month, this model has identified over 10,000 critical security vulnerabilities in essential system software. This rapid discovery far exceeds developers' ability to verify and fix these flaws, creating a concerning security gap, according to Anthropic.
The company launched the Project Glasswing to test and evaluate the capabilities of Claude Mythos Preview. The preliminary results are striking: the model has detected security flaws at a pace that teams cannot keep up with to verify, disclose, and correct them. Anthropic has chosen to withhold certain technical details, as the industry standard timeline for disclosing new vulnerabilities is 90 days, and most discoveries cannot yet be described without endangering end users.
Glasswing Partners and the Surge in Bug Discoveries
The partners of the Glasswing project, which include key companies in software development at the heart of the Internet and other critical infrastructures, have reported an exponential increase in bug discovery. Each of these partners has found hundreds of critical vulnerabilities. For example, Cloudflare reported 2,000 bugs, including 400 of high or critical severity, and noted that its false positive rate has surpassed that of human testers.
On its part, Mozilla found and fixed 271 vulnerabilities in Firefox 150, a figure that exceeds by more than ten times what its predecessor, Claude Opus 4.6, had detected in Firefox 148. These figures are confirmed by external assessments, such as that of the AI Security Institute in the UK, which states that the latest checkpoint of Mythos Preview is the first model to fully resolve its internal cyber-ranges, simulated multi-stage cyberattacks.
Progress Confirmed by External Assessments
The independent security platform XBOW has described the model as a major advancement compared to all previous models, citing unprecedented accuracy. Anthropic indicates that Mythos Preview also surpasses the academic benchmarks ExploitBench and ExploitGym, with GPT-5.5 being close in most of these benchmarks and already publicly available.
The impact of these discoveries is also reflected in the volume of patches, according to Anthropic. For example, Palo Alto Networks has shipped five times more patches than usual in its latest release. Microsoft stated that the number of new patches will continue to "trend towards higher numbers for some time." Oracle claims it is finding and fixing flaws several times faster than before.
Mythos Preview Beyond Simple Bug Detection
Mythos Preview has also proven useful beyond simple bug detection. In a partner bank, the model helped detect and block a fraudulent money transfer worth over $1.5 million, according to Anthropic.
Vulnerabilities in Open-Source Projects
Alongside its work with partners, Anthropic has scanned over 1,000 open-source projects with Mythos Preview. The model estimates it has found 6,202 high or critical severity vulnerabilities, with a total of 23,019 discoveries across all severity levels. Independent security companies—and partly Anthropic itself—have reviewed 1,752 of the high or critical severity discoveries so far. 90.6% have proven to be true positives, and 62.4% have been confirmed as actually high or critical severity.
Based on these triage rates, Anthropic estimates that Mythos Preview has discovered nearly 3,900 confirmed high or critical severity vulnerabilities in open-source code. The company plans to continue scanning. Among the 23,019 vulnerabilities found in open-source projects, only 97 have actually been patched. The diagram shows the steep drop between discovery, triage, disclosure, and patching.
Several maintainers of open-source projects have asked Anthropic to slow down disclosures as "they need more time to design fixes," the blog post states. On average, fixing a high or critical severity bug takes two weeks. So far, 530 of these bugs have been reported to maintainers. Of these, 75 have been fixed and 65 have received public notices. 827 confirmed vulnerabilities are still awaiting disclosure. To make matters worse, maintainers are already overwhelmed by low-quality bug reports generated by AI.
A High-Risk Transition Period
Anthropic claims that models with similar cybersecurity skills will soon be widely available. Some likely already are. OpenAI's GPT-5.5 fits this profile, and there is also a more specialized variant called GPT-5.5 Cyber, although it is unclear what exactly distinguishes the two.
In any case, these new capabilities create a transition period where vulnerabilities are found quickly but fixed slowly. This gap introduces new risks, according to Anthropic. Models like Mythos reduce the time and cost of discovering and exploiting flaws. No company, including Anthropic, has built strong enough protections to prevent the misuse of these models and avert serious harm.
Over time, these models should help developers create much more secure software by detecting bugs before the code is deployed. Currently, Anthropic advises development teams to shorten their correction cycles and make updates as simple as possible for users. Network defenders should stick to the basics: multi-factor authentication, hardened configurations, and thorough logging.
Brief IA — L'actualité IA en français
L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.