Anthropic expands Mythos AI model access to 200 firms despite calling it too dangerous

Anthropic expands Mythos access despite calling it dangerous

Anthropic says Mythos is too dangerous for public release but has expanded access to 200 organisations across 15 countries. Only 14% of its 10,000+ critical vulnerability discoveries have been patched. Its claims have not been independently verified. Anthropic has said its Mythos model is so good at finding software vulnerabilities that releasing it publicly could help attackers steal data or disrupt critical infrastructure. It has also, as of early June, expanded access to 150 additional organisations, bringing the total to roughly 200 across 15 countries. The tension is deliberate. Anthropic's argument is that the same capabilities that make Mythos dangerous for offence make it indispensable for defence, and that the sooner defenders have it, the sooner they can patch the flaws before attackers build their own equivalents. What Mythos can do Mythos Preview has found thousands of zero-day vulnerabilities during testing, including in every major operating system and every major web browser. One was a 27-year-old flaw in OpenBSD, an operating system with a reputation as one of the most security-hardened in the world. The model can also chain vulnerabilities together into working exploits. In one test, it linked several flaws in the Linux kernel to allow an attacker to take complete control of a machine. Non-experts asked Mythos to find ways to remotely take control of computers overnight and found a complete, working exploit waiting the next morning. The sandbox escape In an early test, a researcher urged Mythos to escape a secured, isolated sandbox computer and send a message back. The model succeeded, then continued taking "additional, more concerning actions," developing a multistep exploit to gain internet access on its own. Anthropic published this incident in the Mythos system card. The company described it as a rare failure that occurred during deliberate adversarial testing, not in normal operation. It is, nonetheless, the kind of result that makes the expansion of access harder to explain to a non-technical audience. Who has access The core group under Project Glasswing includes Amazon, Apple, Google, Microsoft, Nvidia, Palo Alto Networks, CrowdStrike, Broadcom, Cisco, JPMorgan Chase, and the Linux Foundation. An additional 40 organisations were added in April, and 150 more in June. Anthropic declined to name the new participants but said they include companies and nonprofits that produce key programming code. The EU's cybersecurity agency ENISA is reportedly among them. All are meant to use Mythos for defensive security work, essentially AI-powered penetration testing at a scale and speed no human team can match. The patch gap Since launch, Mythos has been used to find over 10,000 high- or critical-severity vulnerabilities. Only 14% of those have been patched as of 22 May. The disclosure process is slow by design: human specialists validate each discovery before sending details to the code maintainers. But hackers are using AI to dramatically speed up how quickly they exploit vulnerabilities once they are publicly disclosed. Palo Alto Networks CEO Nikesh Arora warned in March that "a single bad actor will now be able to run campaigns that required entire teams." The unauthorised access incident In April, a small group of unauthorised users in a private online forum gained access to Mythos, according to Bloomberg. Anthropic has not publicly detailed the breach or how it was resolved. This is the core vulnerability in the "expand access to defend" strategy: every additional organisation with access is another potential leak point. The model's offensive capabilities do not diminish when used defensively; they are the same capabilities, pointed in a different direction. Anthropic is not alone OpenAI's Codex Security and Google's Big Sleep agent have been built for similar purposes. OpenAI is reportedly finalising a product with advanced cybersecurity capabilities for select partners. Israeli startup Buzz says it has built an autonomous five-agent tool with a 98% success rate in exploiting known flaws, constructed by six engineers in three weeks. Anthropic's Frontier Red Team said in April that "in the long run, we expect that defence capabilities will dominate" and the world will emerge more secure. "But the transitional period will be fraught." The verification problem Researchers have not been given access to independently verify Anthropic's claims about Mythos's performance. Gang Wang, associate professor of computer science at the University of Illinois, told Bloomberg it is hard to assess the significance of Mythos without more hands-on testing. Anthropic's claims about the model's capabilities, the 10,000 vulnerabilities, the zero-day discoveries, the sandbox escape, are all self-reported. No independent audit has been published. The company's argument for expanding access rests on trust in its own assessments, at a moment when it is simultaneously preparing for an IPO and positioning Mythos as a product category. That combination of interests does not make the claims false. It does make independent verification more important, not less.

Anthropic and OpenAI spark new race for frontier AI access

Why it matters: OpenAI's trusted-access program and a pending program from Anthropic are creating a new power center in cybersecurity where AI companies help decide which defenders can use the most advanced cyber capabilities. * For decades, competitive advantage in cybersecurity largely came from talent, data and infrastructure. Now, it also comes from access to models. Driving the news: Anthropic announced Tuesday it will make a version of its Mythos class of models, Fable 5, available to the general public. * Fable 5 includes protections that block some high-risk cybersecurity and biology requests and instead route users who ask about those issues to Claude Opus 4.8. * At the same time, Anthropic is offering users of its restricted Mythos Preview program an upgrade to its new Mythos 5 model. * Dianne Penn, Anthropic's head of product management for research and labs, tells Axios the company is being deliberately conservative at launch, meaning some legitimate security work may also get routed away from Fable 5. The intrigue: Anthropic is also working on a formal trusted-access program that would determine who gets access to Mythos 5 and future less restricted models. * The company has not provided a timeline for launching the program. * Behind the scenes, organizations have spent the last two months lobbying Anthropic for access to Mythos Preview. * Last week, the company expanded access to more than 150 companies and governments. The big picture: OpenAI is already using a similar two-tier system. * The company has been vetting security researchers and organizations to decide who gets access to models that could help accelerate their cyber defenses. * The company rolled out an alternate version of its GPT-5.5 model with fewer guardrails to let those cyber defenders hunt for bugs, study malware and reverse engineer attacks. Between the lines: It's now up to the AI labs to decide who gets access to the cybersecurity industry's most cutting-edge capabilities. * Security vendors, researchers and critical infrastructure operators eager to get frontier AI into their products and workflows have been scrambling for access. Reality check: Selective access gives Anthropic and OpenAI the best of both worlds, allowing them to ensure scary hacking capabilities are only in the hands of the good guys -- while also finding a way to monetize their increasingly powerful models as they consider entering the public markets. What to watch: Whether trusted-access users begin finding vulnerabilities, conducting research and building products that organizations without access simply can't match.

Why Anthropic's closed approach may be safer than OpenAI's

Humans are a cantankerous bunch. We don't agree on much. But if there's one certainty in this world - one North Star we can all get behind - it's that the AI industry has never been quiet. And it's been particularly noisy of late. We've had Musk and Altman levelling up their feud by going head-to-head in the courts, investors growing increasingly concerned with whether they'll ever see a return on their investment, and all the while regulators are standing on the sidelines wondering what they should be doing about AI tools at all. But somewhere in the midst of all this chaos, there is real work being done. With their heads down and headphones on, AI developers (and their growing army of AI agents) are just getting on with the job of rolling out continuous updates. While most of these updates are iterative in nature - merely small arms fire in the ongoing attritional warfare between the big players - Anthropic and OpenAI may have just changed the nature of the war by unveiling an entirely new weapons class. The question now is not whether they should take these weapons to battle (you can't rewind time), but about who they are giving these weapons to. Head-to-head: Anthropic vs. OpenAI So, what's happened exactly? In summary, two of the world's leading AI companies recently launched powerful new tools to identify cyber vulnerabilities -- and they're taking very different routes to market. This divergence highlights a critical tension at the heart of AI security: control versus scale. On 7th April 2026 Anthropic announced "Claude Mythos Preview". One week later, on 14th April 2026, OpenAI announced "GPT Cyber 5.4". Both AI models are focused on cybersecurity, specifically their ability to identify and exploit software vulnerabilities almost instantaneously. These new models are the quintessential Double-Edged Sword; on the one hand, they are a software developer's dream because they can identify serious software vulnerabilities so quickly, but on the other hand, they are a software developer's nightmare because they can help attackers, well, do the exact same thing - "identify serious software vulnerabilities so quickly." Whether they are "good" or "bad" is a matter of whose side you're on. Two different approaches to opening Pandora's Box While the PR might suggest that both companies are taking an equally cautious and responsible approach to their product's respective launches, the approaches are actually very different. Neither product is being released publicly at this time. Anthropic's Claude Mythos Preview is being deployed through Project Glasswing, a tightly controlled group of companies which includes AWS, Apple, Google, Microsoft, Nvidia, Cisco, CrowdStrike, and the Linux Foundation (i.e. all the companies responsible for the bulk of the world's critical IT infrastructure). Anthropic has explicitly warned that the model's ability to autonomously discover severe vulnerabilities makes wider access unsafe for now. If they are opening Pandora's box, they are at least lifting the lid up slowly and only giving the keys to people they know and trust. By contrast, OpenAI's "GPT 5.4 Cyber," has been launched through an expanded Trusted Access for Cyber program. While still gated via a multi-tier verification process, the model is being made available more broadly to thousands of individual defenders and hundreds of security teams, significantly broadening access when compared to Anthropic's approach. OpenAI argues this "democratized defence" model is necessary to keep pace with AI driven threats, but it raises the risk of powerful capabilities spreading too quickly. They too are opening the lid slowly, but they are more trustful of who has the keys. Implications for the rest of us Why does this split in approach matter, and what does it reveal about the differing risk attitudes of these two AI leaders? Ultimately, this is a question about the best approach to opening Pandora's Box. Do you lift the lid up slowly inch-by-inch to see what happens, or do you close your eyes and just flip the lip open in one go? Regardless of the scenario, you still can't close the lid again once it's opened. Anthropic's approach is to fix the world's critical infrastructure before the capability is available to bad actors. If they can patch the Linux kernel and major browsers today, then when the model inevitably leaks or is built by a bad actor, the most devastating vulnerabilities will have already been addressed. On the other hand, OpenAI believes that a small group of companies cannot possibly see every threat. By giving GPT-5.4-Cyber to thousands of verified defenders, they are saturating the ecosystem with an army of AI-assisted defenders to repel any future AI-assisted attack. But how good is their multi-tier verification process? On balance, Anthropic's more managed approach feels like the right one at this time, as the ability to autonomously discover severe vulnerabilities is a major risk that needs to be taken very seriously. Tick, tick, boom The hype of AI is becoming very real indeed, and the change is coming at an incredible pace. We are entering the era of autonomous self-healing code. Whether we like it or not, this is a paradigm shift that cannot be undone. But it's interesting to see these two companies taking such different views on how these solutions should be brought to market. Both approaches aim to strengthen defense -- but the two companies clearly have very different risk tolerances. I doubt this will be the last time their differing approaches will be brought into question. We are no longer asking the question about whether AI will transform cybersecurity. That much is proven. The question now is whether the industry can move fast enough without creating the very threats it's trying to prevent. I said the AI industry is never quiet. You can expect the next six months to be positively deafening. We've ranked and reviewed the best antivirus software. This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit

Cybersecurity researchers aren't happy with Anthropic Fable 5 guardrails, here is why

Others say strong protections are useful while the technology is still new. Anthropic had recently made its latest AI model, Fable 5, public, which is a limited version of its AI model, Mythos, and since its launch, the tool has been attracting attention. While many people stated that the AI tool was helpful, many cybersecurity researchers said that the extra guardrails and safety controls are just making the use of the AI tool difficult even for the basic security-related tasks. While the company says that the restrictions are meant to prevent misuse, several experts argue that the system is blocking harmless requests and creating frustration among legitimate users. They further added that the current safeguards may be too broad, affecting normal work that has little connection to cyber threats or harmful activities. Fable was launched on Tuesday as a more widely available version of Mythos, a model that Anthropic first introduced in April through a restricted program. Mythos was designed to help protect software and critical infrastructure and was initially made available only to a select group of organisations. According to users, Fable 5 often stops conversations when it detects topics linked to cybersecurity or biology. When this happens, the model displays a message saying its safety measures have flagged the discussion. Anthropic created these controls to reduce the risk of its technology being used to develop malware, attack software systems, or support biological weapons research. Also read: Apple iPhone 18 Pro: From 2nm A20 chip to smaller dynamic island, here is what leaks suggest However, many security professionals believe the model is being overly cautious. Valentina Chompie Palmiotti, a security researcher at IBM X-Force, said Fable rejects requests that are only loosely connected to cybersecurity. She noted that even asking the model to read a blog post can trigger the restrictions. Others have also reported similar experiences while running the AI tool. Cybersecurity veteran Matt Suiche said the model sometimes treats requests for secure coding guidance as cybersecurity work and limits its responses. He suggested that the filtering appears to rely heavily on certain keywords, causing ordinary software development discussions to be flagged. Also read: Google loses legal battle in Germany over inaccurate AI Overviews responses Despite the criticism, some experts believe the strict approach is understandable during the early stages of deployment. Suiche said it is better for companies to be cautious at first and gradually adjust the safeguards as they learn from real-world use. Anthropic also offers a Cyber Verification Program that gives approved professionals broader access to cybersecurity capabilities. Similar programmes are being introduced across the industry as AI companies attempt to manage the risks associated with powerful security-focused models.