On April 7 Anthropic announced the preview of a new AI tool called Claude Mythos, and launched an industry group called Project Glasswing to focus on implementing the new model defensively ahead of public release. During internal testing Mythos was astonishingly successful at finding and exploiting zero-day vulnerabilities across all major operating systems and browsers, some them decades old.

Mythos access will initially be limited to Project Glasswing members, comprising around 50 organizations including Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.

The Good

Mythos has the potential to identify thousands of previously unknown coding bugs, allowing software vendors to fix them before they can be exploited by criminals and others. (Expect a flood of OS and browser updates in the coming months!) Presumably this is why Anthropic created Project Glasswing – to put this tool in the hands of software companies (including some Anthropic competitors) early enough to correct problems before its general release to the public.

However, there are far more than fifty companies that develop vital software. Consider providers of critical infrastructure in sectors like banking, energy, healthcare, transportation, etc. Project Glasswing should expand to all such companies well before Mythos is generally available, even if that means risking leaks to outside entities.

Anthropic could extend Project Glassing membership to the Information Sharing and Analysis Centers (ISACs) that represent US critical infrastructure sectors. For example, H-ISAC protects healthcare companies. ISACs are regulated and have established procedures for handling sensitive or classified material.

The Bad

Used by criminals, Mythos has the potential to not only find previously unknown bugs, but even to generate the malware to exploit them (so-called “zero day” exploits). The Register called Mythos “literally a zero-day engine.” In a blog post, Anthropic admits the AI improvements “that make [Mythos] substantially more effective at patching vulnerabilities also make it substantially more effective at exploiting them.” Mythos generated successful exploits in 72.4% of trials.

Not only more threats, but also faster. The discovery time to find subtle vulnerabilities will shorten from years to hours. The time to weaponize them into working exploits will collapse to mere minutes.

Anthropic says it’s trying to limit the tool’s offensive capabilities. They trained Mythos not to answer obviously harmful requests and to detect malicious usage. “When activity appears unsafe, we may block output … or escalate for enforcement.” Escalation in this case appears to mean alerting in-house staff to potential abuse. Ideally Anthropic should extend this to law enforcement in confirmed cases.

The Ugly

Mythos has profound consequences for governments. Anthropic admits it has “been in ongoing discussions with US government officials about Claude Mythos Preview and its offensive and defensive cyber capabilities." An anonymous source in the US intelligence community told NextGov that they “want to use AI to find network vulnerabilities.”

In a perfect world, our government would quietly pass that information along to any US domestic software providers so they can take prompt corrective action before harm comes to their users.

We do not live in that perfect world. As I discussed in my blog post about the US Vulnerabilities Equities Process (VEP), our government often keeps zero-day vulnerabilities secret, stockpiling them for use in spying on its adversaries. For example, they didn’t warn Microsoft about the Windows bug that led to the WannaCry malware attacks from North Korea.

VEP has the unfortunate effect of making commercial software vulnerable to attacks from other governments who do the same thing we’re doing. US companies and consumers are the losers in these shadowy cyber battles.

The Pentagon

Earlier this year, the US government designated Anthropic as a supply chain risk, ordering defense contractors – including several Project Glasswing participants -- to stop using Anthropic products in any government defense work. Last March a US District Court judge blocked that restriction, temporarily allowing defense contractors to continue using Claude AI products.

It’s possible the seismic announcement of Mythos and Glasswing was timed to persuade the Pentagon to change its mind about Anthropic before the judge’s temporary order expires. The intelligence community wants to use Mythos, including agencies within the Defense Department such as DIA and NSA.

Anthropic poses no more supply chain risk than other US AI companies. The DoD risks cutting off its nose to spite its face. SecDef Hegseth should listen to the intel chiefs and let them use Mythos. Not doing so risks putting the US at a strategic disadvantage against our adversaries, including Iran.

Michael McCormick is an information security consultant, researcher, and founder of Taproot Security.