Anthropic has restricted access to its new Claude Mythos Preview model to a select group of more than 40 organisations, citing concerns over its ability to autonomously identify and exploit software vulnerabilities at scale.

The company announced the move on 7 April as part of a broader cybersecurity initiative, Project Glasswing, which includes partners such as Amazon Web Services, Microsoft and Google. Anthropic said it would commit up to $100m in usage credits to support participants testing the system on critical infrastructure.

According to the New York Times, Anthropic executives described the model as a step change in artificial intelligence capabilities, particularly in cybersecurity research. Jared Kaplan, the company’s chief science officer, said the aim was “to raise awareness and to give good actors a head start on the process of securing open-source and private infrastructure and code”.

The Financial Times reported that the decision to limit distribution follows recent internal security lapses, including a data leak and exposure of source code attributed by the company to human error. Anthropic said the restricted rollout reflects the potential for misuse, as the model can both detect vulnerabilities and generate exploits.

Anthropic stated that Claude Mythos Preview has already identified thousands of previously unknown “zero-day” vulnerabilities across major operating systems and software. Logan Graham, who leads the company’s frontier red team, said the model had found flaws missed by “decades of security researchers” and automated tools.

Participants in Project Glasswing will use the model to scan and secure both proprietary and open-source systems. The company said it is also providing access to additional organisations that maintain critical infrastructure software, alongside $4m in funding for open-source security groups.

Industry partners have highlighted both the defensive potential and emerging risks. Elia Zaitsev, chief technology officer at CrowdStrike, said the model “demonstrates what is now possible for defenders at scale”, adding that adversaries are likely to adopt similar capabilities.

Anthropic said the model would not be made widely available in its current form and that future deployment depends on developing safeguards to limit harmful use. The company is in discussions with government bodies about the national security implications of such systems.

The initiative reflects growing concern that advances in AI-driven coding could accelerate cyberattacks by lowering the expertise required to exploit software flaws, while also offering tools to counter those threats.

---