Anthropic's Claude Mythos Preview is an AI model capable of finding and exploiting software vulnerabilities at scale, restricted to ~50 major organizations under Project Glasswing. Bruce Schneier and David Lie analyze the announcement critically: while Anthropic's caution is commendable, the public lacks key data to evaluate the model's real-world performance, including false positive rates. The piece argues that restricting access to 50 large vendors leaves critical infrastructure in specialized domains (medical devices, industrial control systems) underprotected, while motivated attackers with domain expertise could still weaponize the model. The authors call for greater transparency, independent auditing frameworks, and broader academic access rather than unilateral corporate governance of tools with global security implications. OpenAI's similar withholding of GPT-5.3-Codex signals this is a systemic issue requiring regulatory frameworks, not just company-level decisions.
Sort: