Anthropic Flags Risks as Mythos AI Ships Before Patch Rollout, Officials Warn

Anthropic has rerouted the Claude Mythos preview through its Project Glasswing program, sending the model first to critical‑infrastructure operators and open‑source maintainers, according to a post by Ariel Frischer on April 17. The public rollout will wait until security patches are in place, the report says.

Frischer’s evaluation shows Mythos can discover thousands of previously unknown flaws across Linux, Windows, macOS, OpenBSD, FreeBSD and all major browsers, including Chrome, Safari, Edge and Firefox. The model produced tier‑5 control‑flow hijacks on ten fully‑patched OSS‑Fuzz targets, a level that Opus 4.6 only reached tier‑3 on a single target, the analysis notes.

The AI also generated multi‑bug exploit chains against the Linux kernel and a guest‑to‑host memory‑corruption bug in a production hypervisor, breaking the isolation cloud providers sell, Frischer writes. A 27‑year‑old OpenBSD TCP SACK crash chain and a 16‑year‑old FFmpeg H.264 decoder flaw resurfaced, both hidden in plain sight.

Running a thousand agents against OpenBSD cost roughly $20,000 and surfaced dozens of findings, Frischer adds. The marginal cost per exploit is “dinner money,” highlighting how cheap large‑scale attacks could become. Exploit capability emerged as a downstream effect of code‑reasoning improvements, not from explicit training, the report warns.

Finance ministers and top bankers have voiced alarm over the model’s potential to destabilize financial systems, the BBC reports. Canadian Finance Minister François‑Philippe Champagne said the issue is an “unknown, unknown” that demands safeguards, citing discussions at the IMF meeting in Washington. Barclays chief executive Venkatakrishnan called the threat “serious enough that people have to worry,” urging rapid fixes to exposed vulnerabilities.

Anthropic’s decision to delay the public release reflects growing concern that an unpatched Mythos could become a powerful weapon. By funneling the model through Glasswing first, the company hopes to give operators time to patch before broader exposure, Frischer’s post concludes.