Anthropic has launched Project Glasswing, a cybersecurity initiative that uses the Claude Mythos Preview AI model to proactively find and patch critical vulnerabilities across operating systems, browsers, and open-source projects.

Access to Mythos is restricted to a closed consortium of more than 40 participants, including Amazon, Microsoft, Apple, Google, the Linux Foundation, and security vendors like CrowdStrike, Palo Alto Networks, and Cisco.

In trials, Mythos identified thousands of vulnerabilities, including many zero-days, some of which have been unpatched for a decade or more, though independent verification remains limited.

The overarching theme is the dual-use risk of AI: defensive vulnerability research can be repurposed for offense, raising ongoing policy and governance questions as capabilities advance.

Public discourse centers on whether the model is too dangerous to release, with debates over safety versus capability and calls for rigorous proofs and independent verification before deployment.

Prominent voices and outlets are weighing in on risk and governance of highly capable AI models, including concerns about safety, release decisions, and potential misuse.

Experts warn that advanced reasoning and automation could enable sophisticated hacking, including weaponizing discovered vulnerabilities, prompting concerns about broad access and adversarial use.

There are also concerns that AI could crack passwords or encryption, escalating cybersecurity risks with potential fallout for economies, public safety, and national security.

Threat actors have historically exploited AI tools, underscoring the need for guardrails and responsible deployment.

Security researchers note a shift toward more capable AI vulnerability research, with industry voices highlighting the trend and the buzz around claims that the model is 'too dangerous to release.'