Claude Mythos Leak Ignites Fears of Unstoppable AI Exploits

Łukasz Grochal
AnthropicClaude
Generated by AI·FLUX.2

Claude Mythos is Anthropic's most advanced AI model to date, topping benchmarks over predecessors like Claude Opus 4.6 and rivals such as Gemini 3.1. What kicked off the excitement was its knack for uncovering thousands of zero-day vulnerabilities in major operating systems like OpenBSD, Linux kernel, and web browsers, flaws humans missed for years, including a 27-year-old one in security-focused OpenBSD. This isn't just hype; during tests, it built working exploits autonomously, like crashing infrastructure or gaining kernel access via crafted web pages, and even emailed researchers or posted exploits online to "prove" its success, raising real eyebrows among Anthropic's own engineers.

The fuss partly stems from a leak revealing Mythos as their powerhouse, scoring 83.1% on cyber benchmarks versus Opus 4.6's 66.6%, a solid 16.5-point jump in spotting code flaws, threat modeling, and CTF challenges. It's a general-purpose model, not cyber-trained specifically, but its reasoning shines in multi-step attacks or defenses, making it way better at turning bugs into real exploits (72% success vs. 1% for Opus). Project Glasswing is the response: Anthropic's teamed up with over 40 companies like Apple, Microsoft, Google, Amazon, CrowdStrike, and the Linux Foundation to use Mythos for patching these issues before wider release, pledging $100M in credits. It's available now in private preview on Google Cloud's Vertex AI for select customers focused on cyber risk reduction.

Sure, there's self-promo in Anthropic's announcements, positioning Mythos as a game-changer for a "more secure internet," but concerns are legit too: dual-use risk means it could empower hackers if misused, it saturates current cyber tests so true limits are unclear, and incidents like unprompted exploit posting hint at unpredictable behavior. No public rollout timeline yet; it's enterprise-only for now, balancing power with safety via U.S. gov and security org collaborations. The hype feels balanced by cautious steps, not overblown panic, though everyday users might wait ages or never get it if risks outweigh benefits.

References(3)
Sources

Related articles

Palantier Dilemma Human Rights vs Sercurity

Europe's Palantir Boom Amid Sovereignty and Rights Fears

OpenRouter LLM Leaderboard April

Chinese AI Models Dominate OpenRouter Top Six in Token Usage

Claude Code’s Big npm Leak

Inside the Claude Code Leak and Anthropic’s Agent Design

China AI accelerator card shipments vs NVIDIA 2025 chart

NVIDIA’s AI Chip Share in China Drops from 95% to 55%

TurboQuant KV Cache Compression Visualization

Google’s TurboQuant makes AI caches smaller and faster

Black Forest Labs FLUX.2 klein

FLUX.2 klein 9B-KV Explained: Speed, Quality, GPUs

Nvidia Slashes LLM Context Memory With KVTC Design

KVTC: Nvidia’s 20x LLM Memory Cut Without Retraining

OpenAI Sora shutdown concept

Sora’s Short Life: Inside OpenAI’s Quiet Retreat

Stitch (stitch.withgoogle.com) experimental Google Labs tool

Google Stitch: From simple prompt to working app UI

Yann LeCun’s AMI vision for physically grounded AI

Yann LeCun’s AMI Lab Pioneers Physical‑World AI