{"id":203096,"date":"2026-04-07T19:16:00","date_gmt":"2026-04-07T23:16:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/07\/why-anthropics-new-model-has-cybersecurity-experts-rattled\/"},"modified":"2026-04-07T19:40:09","modified_gmt":"2026-04-07T23:40:09","slug":"why-anthropics-new-model-has-cybersecurity-experts-rattled","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/07\/why-anthropics-new-model-has-cybersecurity-experts-rattled\/","title":{"rendered":"Why Anthropic\u2019s new model has cybersecurity experts rattled"},"content":{"rendered":"

Why Anthropic\u2019s new model has cybersecurity experts rattled<\/a><\/p>\n

https:\/\/www.platformer.news\/anthropic-mythos-cybersecurity-risk-experts\/<\/a><\/p>\n

Publish Date: 2026-04-07 19:16:00<\/a><\/p>\n

Source Domain: www.platformer.news<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points.
\n This is a column about Anthropic and AI. My fianc\u00e9 works at Anthropic. See\u00a0my full ethics disclosure here.Two weeks ago, Anthropic accidentally leaked the existence of what the company said was its most powerful artificial intelligence to date: a new model, known as Claude Mythos Preview, that represented \u201ca step change\u201d in AI performance. In particular, according to a blog post that leaked due to human error and a misconfigured content management system, Mythos posed serious new risks to cybersecurity. \u201cIt presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders,\u201d the blog post stated.On Tuesday, the wave crashed onto the shore. Anthropic announced Mythos alongside Project Glasswing, an initiative with more than 40 of the world\u2019s biggest tech companies that will see Anthropic grant early access to the model to find and patch vulnerabilities across many of the world\u2019s most important systems. Launch partners in the coalition include Apple, Google, Microsoft, Cisco and Broadcom.They\u2019ll be tasked with scanning and patching their own systems along with the critical open-source systems that modern digital infrastructure depends on. Anthropic is giving participants $100 million in usage credits for Mythos, and donating another $4 million to open-source security efforts.Still, today marks a striking and mostly unsettling moment in the development of AI systems. One of the world\u2019s three frontier labs has now created a model it says is too dangerous to release to the general public. These dangers emerged not from any specialized cyber training but from the same general improvements that every other lab is currently pursuing. As a result, models with similar capabilities may soon be accessible to criminals, hackers, and nation states \u2014 or even more broadly via open source models.Already, Anthropic said, the model has found thousands of high-severity vulnerabilities in every major operating system and web browser, and in many cases developed related exploits. Among them: a vulnerability in OpenBSD, a security-focused open source operating system, that had escaped detection for 27 years; another flaw in the video encoder FFmpeg that had escaped detection in 5 million previous automated tests; and \u201cseveral\u201d vulnerabilities in the Linux kernel, which could be exploited to take complete control of a user\u2019s machine.\u201cGiven the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely,\u201d the company wrote. \u201cThe fallout \u2014 for economies, public safety, and national security \u2014 could be severe. Project Glasswing is an urgent attempt to put these capabilities to work for defensive purposes.\u201d\u00a0In a video that Anthropic made to accompany the announcement, researchers say that Mythos is more dangerous largely due to its advanced reasoning capabilities. While current models are capable of identifying high-severity vulnerabilities, Mythos might identify five separate vulnerabilities in a single piece of software and then chain them together into a uniquely dangerous new attack. Coupled with models\u2019 growing ability to work without supervision for extended periods of time, Anthropic said we have reached an inflection point in cybersecurity risks.\u00a0Of course, AI labs have often been criticized for making ominous pronouncements about the dangers posed by their own work, which can come across as a strange new form of marketing hype. For that reason, along with the fact that my fianc\u00e9 works at Anthropic, I wanted to see what other cybersecurity experts made of the Mythos announcement.\u00a0Alex Stamos, chief product officer at cybersecurity firm Corridor, told me that Glasswing is \u201ca big deal, and really necessary.\u201d\u201cWe only have something like six months before the open-weight models catch up to the foundation models in bug finding,\u201d said Stamos, who previously led security at Facebook and Yahoo. \u201cAt which point every ransomware actor will be able to find and weaponize bugs without leaving traces for law enforcement to find (and with minimal cost).\u201dStamos\u2019 sentiments were broadly echoed by Glasswing participants. \u201cAI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats, and there is no going back,\u201d Anthony Grieco, chief security and trust officer at Cisco, said in a statement accompanying the announcement.If critical infrastructure really is at risk, as Grieco suggests, then you would hope the US government is paying attention. (And right on cue, here\u2019s a story from today about Iran successfully hacking US water and energy utilities.) Awkwardly, though, the US government attempted to declare Anthropic a supply chain risk after it refused to modify its contract with the Pentagon to permit mass domestic surveillance and fully autonomous weapons. A judge has blocked that designation from taking effect while the case is litigated.Anthropic told me that before launching Project Glasswing, it briefed senior US government officials about Mythos\u2019 capabilities, both offensive and defensive. That includes the Cybersecurity and Infrastructure Security Agency and the Center for AI Standards and Innovation, which works with the industry to test new models and evaluate them for security risks.\u00a0The company told me it has signaled to the government that it is available to help the government with evaluating Mythos. But it\u2019s not clear the government is taking Anthropic up on the offer.A functioning government would take a strong interest in what Anthropic is up to here, if only out of self-preservation. We simply don\u2019t know whether Project Glasswing will be enough to protect critical systems from being breached \u2014 and for how long.\u201cThe optimistic timeline is that we are one step past human capabilities, and that means that there is a huge but finite pool of flaws that can be found and fixed,\u201d Stamos told me. \u201cThe pessimistic timeline is that with every release there will be new classes of flaws we never even imagined. It\u2019s hard to predict, because we are trying to model superhuman thinking.\u201dFor the moment, there’s a case to be made that Project Glasswing represents Anthropic’s founding thesis in action. The whole reason the company set out to build frontier AI models was so that a safety-focused lab would be the first to encounter the most dangerous capabilities \u2014 and could lead the way in mitigating them. With Mythos, that appears to be exactly what\u2019s happening.At the same time, Glasswing is built on a deeply uncomfortable premise \u2014 that the only way to protect us from dangerous AI models is to build them first. And Anthropic is doing so in an environment that is barely regulated at all, at the near-insistence of the Trump administration.\u00a0One effect of this is to centralize power. (\u201cAn underrated feature of this situation,\u201d observed Kelsey Piper today about Mythos: \u201ca private company now has incredibly powerful zero-day exploits of almost every software project you’ve heard of.\u201d) Another effect is to centralize risk: Among other things, the incentives to steal Anthropic\u2019s model weights just went up significantly.\u00a0None of which is likely to make AI more popular in a country that appears to be turning against it. Surveys show people are clamoring for more control over how AI is used and stronger safeguards around it. As the story of Project Glasswing plays out, we may regret not beginning that work much sooner.Elsewhere in Mythos: A striking new benchmark result noted by VentureBeat: “Mythos Preview achieves 93.9% on SWE-bench Verified, versus 80.8% for Opus 4.6.” That’s a near 13-percent jump over the previous state of the art since February.FollowingPeople are yelling about tokenmaxxingWhat happened:\u00a0Meta has an internal leaderboard called \u201cClaudeonomics,\u201d The Information reports, ranking over 85,000 employees are ranked on their AI usage. Users who burn the most tokens can earn titles including \u201cSession Immortal,\u201d \u201cCache Wizard,\u201d and \u201cToken Legend.\u201dEmployees are running coding agents continuously in hopes of landing a coveted spot in the top 250. (The top individual user at Meta spent 281 billion tokens last month.) A \u201ctoken\u201d is a chunk of information inputted or outputted by an LLM, roughly equivalent to one word. Which means that one Meta employee\u2019s poor agents generated six times more tokens than are contained in the entirety of Wikipedia in all languages.Over a recent month, total token usage on \u201cClaudeonomics\u201d topped 60 trillion. Had these tokens all been from one of the more expensive recent models, Claude Opus 4.6, this would\u2019ve been a $900 million expense, although we hope they\u2019re sometimes substituting for more economical models.The news generated a bunch of X chatter. Onlookers are wondering if this is really a good metric for work at the company \u2014 or if Meta is burning a ton of money for the sake of productivity showboating.Why we\u2019re following: This is only the latest account of tech workers competing to use ever more tokens. It reflects both how much AI agents are actually boosting coders\u2019 productivity, and the anxiety that only \u201cCache Wizards\u201d will escape the permanent underclass.At Meta, the high token spend and goofy leaderboard also underscore the expensive, flashy, somewhat chaotic efforts the company has made to catch up in AI.What people are saying: On X, New York Times reporter Mike Isaac posted that after the recent conversation, a product growth director at Meta circulated an internal memo titled \u201ctoken usage is NOT impact.\u201d One line from the memo: \u201cwe\u2019re talking about token usage and skill counts when we should be celebrating outcomes.\u201dRoblox\u2019s product lead Peter Yang was skeptical of the tokenmaxxing approach: \u201cMeasuring productivity by token usage sounds almost as dumb as measuring by lines of code written.\u201dSoftware engineering blogger Gergeley Orosz pointed out that we\u2019ve known AI use is part of Meta\u2019s performance evaluations for a little while now. \u201cThis is just smart people (Meta only hires smart folks) hitting targets they assume leadership wants them to hit so they get that exceeds expectations (or above) rating.\u201d University of Chicago economics professor Alex Imas posted, \u201cFocusing on the input and not the output is literally the most Meta thing to do.\u201d\u2014Ella MarkianosSide QuestsAn Indianapolis city councilor said someone fired 13 shots at his home and left a note that said \u201cNO DATA CENTERS.\u201dAnthropic is reportedly planning to invest $200 million in a new PE venture that would sell AI tools to their portfolio companies. The company hired Microsoft’s Eric Boyd as head of infrastructure.A conversation with OpenAI president Greg Brockman on the company\u2019s research direction, Codex, and LLMs. OpenAI opened applications for the OpenAI Safety Fellowship, its new program for researchers and others looking to pursue AI safety-focused research. Jeff Bezos’s new lab Project Prometheus has reportedly poached xAI cofounder Kyle Kozic from OpenAI.Hackers with ties to Russia are targeting routers to gain access to passwords, the UK warned.Licensing talks between Universal Music and Suno have reportedly stalled in recent months.Tax experts are stumped on how to file taxes for wins from prediction market bets. Kalshi struck a deal with Fox Corp to integrate its forecasts into Fox channels. Finally, a Kalshi partnership that makes sense.Intel is joining Elon Musk\u2019s Terafab AI chip project. Musk amended his lawsuit against OpenAI to say that if he wins he wants the proceeds to go to OpenAI’s nonprofit arm. Apple is reportedly experiencing setbacks with engineering for its first-ever foldable iPhone \u2014 but it\u2019s still on track for a September debut, sources told Bloomberg.Google added mental health features to Gemini following multiple lawsuits.SEO agencies are rushing to cash in on the AI boom by claiming they can help brands be cited by AI. A look at how easily Google\u2019s AI Overviews can be manipulated.Spotify is expanding its Prompted Playlist feature to include podcasts.An interview with Upscrolled founder Issam Hijazi on how he\u2019s catching up to the social platform\u2019s rapid growth.AI dolls are filling in the gaps in South Korea\u2019s strained social care system by offering companionship to the elderly.\u00a0The MLB\u2019s robo-umps aren\u2019t accurate enough to replace human umpires yet.Those good postsFor more good posts every day, follow Casey\u2019s Instagram stories.(Link)(Link)(Link)Talk to usSend us tips, comments, questions, and Linux kernel exploits: casey@platformer.news. Read our ethics policy here.<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Why Anthropic\u2019s new model has cybersecurity experts rattled https:\/\/www.platformer.news\/anthropic-mythos-cybersecurity-risk-experts\/ Publish Date: 2026-04-07 19:16:00 Source Domain:…<\/p>\n","protected":false},"author":1,"featured_media":203097,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.platformer.news\/content\/images\/size\/w1200\/2026\/04\/Project-Glasswing-Logos.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,20,24,31,17,27],"class_list":["post-203096","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-artificial-intelligence","tag-cybersecurity","tag-exploit","tag-llm","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/203096"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=203096"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/203096\/revisions"}],"predecessor-version":[{"id":203098,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/203096\/revisions\/203098"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/203097"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=203096"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=203096"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=203096"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}