AI lab Anthropic introduced this week that it had developed a strong new mannequin the corporate believes may “reshape cybersecurity.” It mentioned that its newest mannequin, Mythos Preview, was capable of finding “high-severity vulnerabilities, together with some in each main working system and net browser.”
Patrick Sison/AP
disguise caption
toggle caption
Patrick Sison/AP
Prior to now few months, AI fashions have gone from producing hallucinations to changing into efficient at discovering safety flaws in software program, in accordance with builders who keep broadly used cyber infrastructure. These items of software program, amongst different issues, energy working techniques and switch information for issues linked to the web.
Whereas these new capabilities may help builders make software program safer, they can be weaponized by hackers and nation states to steal data and cash or disrupt crucial companies.
The newest growth of AI’s cyber functionality got here on Tuesday, when AI lab Anthropic introduced it had developed a strong new mannequin the corporate believes may “reshape cybersecurity.” It mentioned that its newest mannequin, Mythos Preview, was capable of finding “high-severity vulnerabilities, together with some in each main working system and net browser.” Not solely that, the mannequin was higher at developing with methods to take advantage of the vulnerabilities it discovered, which suggests malicious actors can extra successfully obtain their targets.
For now, the corporate is limiting the entry to the mannequin to round 50 choose corporations and organizations “in an effort to safe the world’s most crucial software program.” They’re calling the collaboration Challenge Glasswing, naming it after a butterfly species with clear wings.
Anthropic says the danger for misuse is so excessive that it has no plans to launch this explicit mannequin to most people, in accordance with the announcement, however it can launch different associated fashions. “Our eventual objective is to allow our customers to securely deploy Mythos-class fashions at scale,” the corporate wrote.
Nonetheless safety specialists say the potential dangers are for cybersecurity professionals and never on a regular basis individuals. “I do not essentially assume that the common laptop consumer must be essentially nervous about this,” mentioned Daniel Blackford, VP of Menace Analysis at Proofpoint, a cybersecurity agency. “They must be far more nervous about not giving their password away as a result of that simply occurs like all day, every single day.”
Mythos Preview may additionally have higher capabilities to assist builders repair vulnerabilities than earlier fashions, mentioned Jim Zemlin, CEO of the Linux Basis, which hosts the open supply Linux kernel. A kernel is an interface that lets {hardware} speak to software program, and the Linux kernel powers among the most generally used working techniques together with Android, in addition to the entire world’s 500 strongest supercomputers. The muse is part of Challenge Glasswing, and Zemlin mentioned a core group of people that work on the Linux kernel, referred to as maintainers, have began experimenting with the brand new mannequin to determine the best manner to make use of it.
“These maintainers are already overworked earlier than AI,” Zemlin mentioned. “This simply makes their lives so much higher.”
Even earlier than Mythos Preview’s restricted launch, the cybersecurity neighborhood has already been grappling with how succesful essentially the most superior commercially accessible AI fashions have turn into. Builders are racing to patch safety vulnerabilities that hackers flag with AI. Safety specialists are nervous about what may lie forward if such capacities proliferate with out guardrails.
Hackers are utilizing AI to assist them discover bugs. It wasn’t working, till now
Enchancment in AI fashions’ capabilities grew to become noticeable early 2026, mentioned Daniel Stenberg. He’s the lead software program developer behind cURL, a 30-year-old open-source information switch instrument that is broadly used for issues that connect with the web, together with vehicles and medical gadgets. That change adopted the releases of recent cutting-edge fashions late 2025.
Like many within the software program neighborhood, Stenberg will get assist from safety researchers to maintain his software program useful and safe. So-called “white hat” hackers flag safety flaws to builders in personal and in return, they often get reward cash, referred to as “bug bounties,” or bragging rights by getting the safety flaw named after themselves. Whereas all bugs have an effect on the performance of the software program, just some bugs current safety vulnerabilities.
However that course of began to interrupt down final yr. Stenberg’s group was inundated by bogus experiences he was satisfied had been generated by AI. “We received 185 experiences all year long and fewer than 5% of them had been truly safety associated issues in the long run,” Stenberg mentioned.
Even because the report quantity doubled from 2024 to 2025, Stenberg ended up discovering and fixing fewer safety vulnerabilities. The slop experiences received so unhealthy that Stenberg stopped paying out bug bounty rewards for his cURL instrument.
The hackers that file experiences to him are often nameless, mentioned Stenberg, and so they do not talk about whether or not the experiences had been made with AI. However Stenberg mentioned AI has a definite writing model. “They are typically very elaborate and descriptive … You get a 400 line report [when] it is one thing {that a} human would take 50 traces to current.”
HackerOne, a platform that Stenberg makes use of to handle safety reporting, surveyed hackers in the summertime of 2025 and located that just about 60% of respondents had been both utilizing AI, studying it, or studying to audit AI or machine studying techniques.
“LLMs have now bypassed human functionality for bug discovering”
Issues have modified dramatically this yr. The quantity of experiences has been even greater than in 2025, however to date Stenberg mentioned, most of them have uncovered respectable points. “Nearly all of the unhealthy [reports] at the moment are gone.”
He estimates that about 1 in 10 of the experiences are safety vulnerabilities, the remainder are principally actual bugs. Simply three months into 2026, the cURL group Stenberg leads has discovered and stuck extra vulnerabilities than every of the earlier two years.
Other than experiences by exterior safety researchers, Stenberg additionally makes use of AI to seek out vulnerabilities himself. With one click on, AI has flagged over 100 bugs in his code that has gone by rounds of evaluation by people and conventional code analyzers “in virtually magical methods.”
Stenberg’s expertise is just not distinctive. Maintainers of the Linux kernel have seen the same change within the high quality of bug experiences. Nicholas Carlini, an Anthropic analysis scientist, was capable of finding vulnerabilities within the Linux kernel utilizing an older Anthropic mannequin and a comparatively easy immediate. Carlini additionally used AI to seek out the primary crucial vulnerability in one other 20-year-old open supply mission.
“LLMs have now bypassed human functionality for bug discovering,” mentioned Alex Stamos, chief safety officer at Hall, an AI software program safety firm. The rise in high quality of the safety analysis experiences adopted the discharge of Anthropic’s mannequin Opus 4.5 in November, mentioned Stamos, who was beforehand the pinnacle of safety at Yahoo and Fb. Since a lot business software program has open-source elements, what occurs to open-source initiatives has wider implications for the web, Stamos mentioned.
Can AI patch the bugs and safety vulnerabilities it finds?
Stenberg appreciates that AI fashions at the moment accessible to everybody have turn into extra useful to find bugs, however he is additionally cautious of what future, extra highly effective fashions may deliver for builders who keep open-source software program. “It is an overload of all of the maintainers who’re already usually overloaded and understaffed and underpaid and underfunded in some ways.”
Stenberg is not a part of Challenge Glasswing and says that loads of crucial initiatives, “issues which are truly cornerstones of the Web,” have been neglected.
Anthropic didn’t reply to NPR’s request for remark.
However based mostly on his expertise to date, Stenberg says AI is just not pretty much as good at fixing bugs and safety flaws as it’s at discovering them.
A part of the reason being that neither the bugs nor their fixes are cut-and-dry. Like many different elements of software program growth, making the judgement calls takes extra time than truly writing the code. “As soon as we now have recognized the issue and agree that this can be a downside, then truly fixing it isn’t very arduous and never very time consuming. It is extra your complete course of as much as that step that takes time and vitality,” Stenberg mentioned.
Others assume in another way. An organization known as HackerOne is now growing an agentic AI product to extra autonomously discover— and mend— vulnerabilities.
How does AI issue into the tug of conflict between offense and protection in cybersecurity?
“Discovering bugs is just not making the bugs exploitable,” Stamos mentioned. “The primary a part of what we name the kill chain is discovering the failings. The following step is… [actually] constructing the weapon. And the muse fashions won’t try this for you.”
Basis fashions are fashions made by essentially the most superior AI labs like Anthropic, OpenAI and Google Deepmind. These labs have put guardrails in place to forestall their fashions from creating software program that can be utilized maliciously. These fashions are extremely proprietary and their interior workings aren’t public.
However all bets are off as soon as so-called open-weight fashions which are extra accessible to the general public catch as much as these from essentially the most superior AI labs. Dangerous actors could make a replica of them and take away the guardrails in opposition to malware.
“Then we’re in actual bother since you would be capable of ask these fashions to not simply discover the bugs, however then to create exploit code” that may hack into techniques, Stamos mentioned. Probably the most superior open-weight fashions are lower than a yr behind essentially the most superior closed-weight fashions.
“It additionally exhibits how extremely silly it’s for the Pentagon to say that Anthropic is a threat to your complete United States,” Stamos added. The Pentagon has labelled Anthropic a “provide chain threat” as a result of the corporate requested the federal government to not use its expertise for autonomous weapons and mass surveillance. The label would bar authorities companies and contractors from working with Anthropic. Anthropic is at the moment disputing the label in court docket.
Many of the open-weight fashions are made by corporations based mostly in China, which the U.S. considers its primary rival within the race in direction of AI dominance. By not releasing Mythos Preview publicly, Stamos mentioned, Anthropic is giving software program builders in addition to the U.S. time to shore up their defenses.
