This morning, I read about Project Glasswing, and shuddered. If you know about this project, you’d think that it should’ve made me feel happy and secure instead. Why? Well, because someone’s giving a damn.

Yes, I should feel better, but I feel worse, too, because the creators of AI are the only ones trying to do something about it. It makes me wonder whether it’s because they think it’s all happening too quickly for them to reap the benefits. They’d of course not want the fire that they built to turn everything to ashes.

Let us quickly take a look at Project Glasswing so that this post makes more sense.

Project Glasswing

I quote from their site:

Project Glasswing (is) a new initiative that brings together Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks in an effort to secure the world’s most critical software.

We formed Project Glasswing because of capabilities we’ve observed in a new frontier model trained by Anthropic that we believe could reshape cybersecurity. Claude Mythos Preview is a general-purpose, unreleased frontier model that reveals a stark fact: AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.

Here’s a nice-to-know:
The Glasswing butterfly has transparent wings and it uses them to become invisible to its enemies.

So, what then is Mythos?

Claude Mythos

As the above quote says, it’s an unreleased frontier model of Claude. This model has already found “thousands of high-severity vulnerabilities, including some in every major operating system and web browser.”

They believe that no single organization is capable of handling something of this magnitude alone, and that when bad actors get their hands on Mythos, “the fallout for economies, public safety, and national security, could be severe.”

Several inferences hit us in the face at once.

1. We’ve had crappy (human-built?) software so far, and we had been doing just fine. Then came AI. And programmers kept telling us that vibe-coders can’t do what human coders can. Perhaps the best among the human coders can still do something that makes Mythos go, “hey! wassat?” But mostly, any hacker with reasonable coding skills can use Mythos to break into all the existing browsers and operating systems. Thankfully, Mythos is still not released to the public in general, because it’s too dangerous.

Here’s what happened at Anthropic, and I quote from Forbes, where you can read about the exact vulnerabilities Mythos found.

An Anthropic engineer with zero security training asked Claude Mythos to find remote code execution bugs overnight. He woke up to a complete working exploit.

That’s the kind of model Anthropic announced on April 7. Claude Mythos Preview is, by every published benchmark, the most capable AI model ever built. It scores 93.9% on SWE-bench Verified, 97.6% on the USAMO math olympiad, and 83.1% on CyberGym. It found zero-day vulnerabilities in every major operating system and every major web browser. Fully autonomously. No human guidance needed.

2. The regulators are still twiddling their thumbs. Why? Because for them, AI is just another technological revolution – quite like the automobiles, the calculators, the computers, the internet…they move slowly. All administration moves slowly. Imperfectly. AI moves fast. AI-building companies keep the new models under wraps.

3. Even the AI-Tsars don’t look eye-to-eye. Do you see xAI, OpenAI, and other AI companies in the list? I understand that they are Anthropic’s competitors, and yet, aren’t they building newer, stronger, and more devastating versions of their AIs? Shouldn’t they be part of this conversation? They aren’t, because they are fighting each other. Musk is fighting OpenAI and asking for the removal of Altman as the head of OpenAI, while Altman avoided holding hands with Amodei at the Indian AI summit.

4. As AI continues to become increasingly smarter, will it just stop at finding software vulnerabilities? Reflect on the deadly combination: An unethical hacker and an ultra-smart AI assistant working autonomously. What do we get? Pure ruckus.

Psst…those little people surrounding the hill? You know who they are.

Project Glasswing: The fear that keeps Anthropic from releasing Claude Mythos.
Mythos: Claude’s newest and most powerful version yet.

Image Credits: Google Gemini

Written by: Shafali R. Anand.