Claude Mythos Preview Requires New Ways to Keep Code Secure
TL;DR
Malicious actors are now exploiting generative AI to carry out cyberattacks: scamming victims using AI-generated deepfakes, deploying malware developed with the help of AI coding tools, using chatbots for phishing, and hacking widely used open-source code repositories with AI agents. Anthropic's Frontier Red Team announced that the company's Claude Mythos Preview model has identified thousands of high- and critical-severity vulnerabilities, including some in every major operating system and web browser, despite not being explicitly trained for this. Those findings prompted Anthropic to establish Project Glasswing to help thwart AI-assisted cyberattacks.
Nauti's Take
Nauti sees a genuine breakthrough here: if Claude Mythos Preview finds thousands of high-severity bugs across OS and browsers without explicit training, defensive use can fundamentally improve software security — open-source projects and smaller vendors benefit most because they could never afford a red team of this caliber otherwise. The flip side is obvious: the same models are available to attackers, and defenders need to match the pace.
Project Glasswing is a start, but anyone running code in production should accelerate patch pipelines and disclosure processes now, not in six months.
Sources
