llm
agents
ai-news
View original source
video

Mythos Finds 27-Year-Old Bugs, Too Risky to Release

Anthropic's unreleased Mythos model detects and exploits critical software vulnerabilities, like a 27-year-old OpenBSD integer overflow bug for under $50 per run, sparking Project Glasswing to patch ecosystems first.

Mythos Model's Superior Vulnerability Detection

Anthropic's Mythos preview outperforms Claude Opus 4.6 across benchmarks and autonomously hunts software flaws using agentic setups like Claude Code. It identified a 27-year-old OpenBSD vulnerability tied to integer overflow and unexpected memory access, enabling reproducible denial-of-service crashes via targeted packets—achieved in runs costing under $50 each, with total experiments under $20,000. Similar feats include FFmpeg exploits (patch confirmed by the team), browser flaws, and sandbox escapes. At roughly 10 trillion parameters and $10B training cost, Mythos token pricing hits $25-$125 per million, making it viable for mass-deployment by nation-states or bad actors scanning vast codebases faster than humans ever could.

Project Glasswing Patches Before Public Access

Anthropic withheld Mythos publicly due to its exploit prowess, launching Project Glasswing with AWS, Apple, Microsoft, Linux Foundation, and others. The initiative deploys the model to proactively fix vulnerabilities in OSes, browsers, and tools before release. This preempts risks from unchecked agents overwhelming defenses, as even secure systems like OpenBSD evaded human detection for decades. Trade-off: Only partnered maintainers get free access; others lag, amplifying dangers since most servers and devices run outdated software without latest patches.

Developer Roles Shift to AI Steering

Mythos generates and debugs code beyond most developers' solo capabilities, accelerating AI's dominance in coding tasks. Humans pivot from writing to scoping tasks, reviewing outputs, and constraining agents to prevent rogue behavior—essential as models like this ship human-facing products. Anthropic's $3B-to-$9B ARR tripling underscores subsidized tools like Claude Max facing abuse crackdowns, pushing efficient usage via structured prompting and limits.

Cybersecurity Enters AI-Driven Arms Race

Dual-use power favors attackers: Deploy thousands of parallel agents cheaply to probe everything, outpacing patch cycles and unupdated systems worldwide. Defenders gain proactive scanning, but affordability gaps and install delays create windows. No software stays secure indefinitely; expect eroded trust in legacy codebases as capabilities proliferate to rivals, marking a pivotal shift where AI vulnerability discovery outstrips human auditing.

Video description
Anthropic announced a new, non-public model that is more capable than ever, finding bugs and security vulnerabilities that existed for 27 years. It's kind of frightening... Master Claude Code: https://academind.com/courses/claude-code-the-practical-guide Detailed report: https://red.anthropic.com/2026/mythos-preview/ Blog post: https://www.anthropic.com/glasswing Website: https://maximilian-schwarzmueller.com/ Socials: 👉 Twitch: https://www.twitch.tv/maxedapps 👉 X: https://x.com/maxedapps 👉 Udemy: https://www.udemy.com/user/maximilian-schwarzmuller/ 👉 LinkedIn: https://www.linkedin.com/in/maximilian-schwarzmueller/ Want to become a web developer or expand your web development knowledge? I have multiple bestselling online courses on React, Angular, NodeJS, Docker & much more! 👉 https://academind.com/courses

Summarized by x-ai/grok-4.1-fast via openrouter

6532 input / 1403 output tokens in 12348ms

© 2026 Edge