Claude Mythos: The AI from Anthropic Raising Concerns Over Its Cyber Power
Le brief IA que les pros lisent chaque soir
Les 7 actus IA du jour, décryptées en 5 min. Gratuit.
Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.
Choisis ton rythme
Gratuit · Pas de spam · Désabonnement en 1 clic
Claude Mythos Preview: A Technological Advancement Kept Under Wraps
On April 7, 2026, Anthropic unveiled Claude Mythos Preview, an artificial intelligence model of unprecedented power, but chose not to make it publicly accessible. At the same time, the company launched Project Glasswing, a cybersecurity initiative that brings together around fifty partners. During internal testing, Claude Mythos Preview highlighted thousands of critical vulnerabilities in major operating systems and browsers, showcasing its exceptional capabilities in cybersecurity.
Although Claude Mythos Preview was not specifically designed for cybersecurity, its impressive performance in this area stems from significant improvements in reasoning, agentic coding, and autonomy. On the SWE-bench Verified benchmark, a reference in software engineering, it achieved a score of 93.9%, far surpassing the 80.8% of Claude Opus 4.6, Anthropic's most advanced public model.
Anthropic emphasizes the exceptional skills of Claude Mythos Preview in programming and automated reasoning, which allow it to dominate the rankings of current models in various software programming tasks.
Unmatched Cyber Performance
It is in the field of cybersecurity that Claude Mythos Preview particularly stands out. On CyberGym, a benchmark evaluating the reproduction of vulnerabilities, it reached 83.1%, compared to 66.6% for Opus 4.6. On Cybench, a series of 35 Capture The Flag challenges, the model achieved a perfect score of 100%, rendering this test obsolete for this generation of models according to Anthropic.
A Potential Weapon for Cybercriminals?
At the end of March 2026, a data leak revealed the existence of the Mythos project, then known by the code name "Capybara," raising concerns in the cybersecurity sector. The leaked document described a model capable of detecting vulnerabilities with formidable efficiency, raising fears about its potential use by malicious actors.
Anthropic explained that even non-expert users could exploit Mythos Preview to identify and exploit complex vulnerabilities. For example, engineers without specific security training were able to ask the model to detect remote code execution flaws and discovered an exploitable vulnerability the very next day.
The model notably autonomously discovered a 27-year-old bug in OpenBSD, an operating system known for its security, allowing an attacker to remotely crash any machine running it. It also identified a 16-year-old flaw in FFmpeg, a widely used multimedia library, in a line of code traversed five million times by automated tools without the issue being detected. Additionally, it chained several vulnerabilities in the Linux kernel to gain full control over a machine.
In early March, Anthropic announced it had identified 112 bugs in Firefox using its tools, including 14 critical ones. According to Sylvestre Ledru, Mozilla's engineering director, this ability to reduce the time, technical level, and cost of discovering vulnerabilities represents "a turning point in computer security like we've never seen before."
Project Glasswing: Limited Access for Enhanced Security
To counter potential risks, Anthropic launched Project Glasswing, an initiative aimed at using Mythos Preview exclusively for defensive purposes. Only selected organizations tasked with securing critical software infrastructures will have access to the model. Among the partners are giants like AWS, Apple, Microsoft, Google, CrowdStrike, NVIDIA, and the Linux Foundation, along with around forty other organizations involved in building or maintaining essential software infrastructures. Anthropic is committing $100 million in usage credits and $4 million in direct donations to open-source security organizations.
Anthropic emphasizes the need to develop cybersecurity measures capable of detecting and blocking the most dangerous outputs from the model. The company plans to launch new protections with a future Claude Opus model to test and refine them with a model presenting a lower risk level than Mythos Preview.
Anthropic does not plan to make Mythos Preview publicly accessible. However, the company hopes to eventually enable the deployment of models with similar capabilities once adequate safeguards have been put in place.
Finally, Anthropic continues its discussions with the U.S. government regarding the offensive and defensive cyber capabilities of Claude Mythos Preview.
Brief IA — L'actualité IA en français
L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.