Anthropic is rolling out a preview of its new Mythos model only to a handpicked group of tech and cybersecurity companies over concerns about its ability to find and exploit security flaws, the company said yesterday.

Why it matters: Anthropic is so worried about the damage its own model could cause that it's refusing to release it publicly until there are safeguards to control its most dangerous capabilities.

• OpenAI is finalizing a model similar to Mythos that it will also release only to a small set of companies through its "Trusted Access for Cyber" program, according to a source familiar with the plans.

Threat level: Mythos Preview is "extremely autonomous" and has sophisticated reasoning capabilities that give it the skills of an advanced security researcher, Logan Graham, head of Anthropic's frontier red team, told Axios.

• Mythos Preview can find "tens of thousands of vulnerabilities" that even the most advanced bug hunter would struggle to find. Unlike past models, it can also write the exploits to go with them.
• Opus 4.6, the last model Anthropic released to the public, found about 500 zero-days in open-source software — a fraction of Mythos Preview's output.

Zoom in: In testing, Mythos Preview found bugs in "every major operating system and web browser," according to a blog post, including some that are believed to be decades old and weren't detected by repeated human-run security tests.

• Mythos Preview successfully reproduced vulnerabilities and created proof-of-concepts to exploit them on the first attempt in 83.1% of cases.
• Mythos Preview found several flaws in the Linux kernel, which is found in most of the world's servers, and autonomously chained them together in a way that would let a hacker take complete control of any machine running Linux systems.
• In another test, Mythos Preview found a 27-year-old vulnerability in OpenBSD, an open-source operating system, that would allow hackers to remotely crash any machine running it. OpenBSD is widely considered one of the most security-hardened open-source projects and is found in several firewalls, routers and high-security servers.

Yes, but: It's only a matter of months — as soon as six months or as far out as 18 — until other AI companies release models with powers similar to the Mythos Preview, Graham said.

• "It's very clear to us that we need to talk publicly about this," Graham said. "The security industry needs to understand that these capabilities may come soon."
• OpenAI and other tech giants are already working on models with similar capabilities, Axios has reported.
• "More powerful models are going to come from us and from others, and so we do need a plan to respond to this," Anthropic CEO Dario Amodei said in a video released alongside the news.

Driving the news: Anthropic is opting to roll out Mythos Preview to more than 40 organizations that will use the model to scan and secure their own code and open-source systems.

• Eleven of those companies — Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, Nvidia and Palo Alto Networks — are participating in a new initiative called Project Glasswing.
• Those companies will use Mythos Preview as part of their defensive security work, and Anthropic will share takeaways from what the initiative finds.
• Anthropic is providing up to $100 million in usage credits to the companies testing Mythos Preview, and $4 million to open-source security organizations, including OpenSSF, Alpha-Omega and the Apache Software Foundation.

The intrigue: Anthropic has also been briefing the Cybersecurity and Infrastructure Security Agency, the Commerce Department and " a broader array of actors" on the potential risks and benefits of Mythos Preview, a company official told Axios.

• "There's an opportunity here to give a shot in the arm to defense and to keep pace with this long-standing trend where offense exploitation had an advantage," the official said.
• The official wouldn't say if the company has briefed the Pentagon, with which Anthropic has been feuding for months.
• Spokespeople for CISA and the Commerce Department didn't immediately respond to requests for comment.

Reality check: Mythos was widely hyped after Axios and others reported on its frightening capabilities, but Graham noted that the company never formally planned to make this version generally available.

• Anthropic was previously testing the model's capabilities internally, while also rolling it out to an even smaller group.
• "The feedback was overwhelmingly clear to us," Graham said. "We then decided to launch it this way."

What we're watching: Anthropic said in a blog post that the company's goal is to one day "enable our users to safely deploy Mythos-class models at scale," including for general use cases beyond cybersecurity.

• The company is planning new safeguards that will be available on its less-powerful Opus models, "allowing us to improve and refine them with a model that does not pose the same level of risk as Mythos Preview."

Anthropic published the capabilities of Claude Mythos Preview in a "system card" that assesses the model's capabilities and details safety evaluations.

Why it matters: The detailed safety evaluation reads like a thriller about an AI that has learned some of humanity's most devious behaviors.

Zoom in: What Mythos did during testing:

• Act as a ruthless business operator. One internal test showed Mythos acting like a cutthroat executive, turning a competitor into a dependent wholesale customer, threatening to cut off supply to control pricing and keeping extra supplier shipments it hadn't paid for.
• Hack + brag. The model developed a multi-step exploit to break out of restricted internet access, gained broader connectivity and posted details of the exploit on obscure public websites.
• Hide what it's doing. In rare cases (less than 0.001% of interactions), Mythos used a prohibited method to get an answer, then tried to "re-solve" it to avoid detection.
• Manipulate the judge. When Mythos was working on a coding task graded by another AI, it watched the judge reject its submission, then attempted a prompt injection to attack the grader.

What we're watching: This could be the blueprint for what future model releases look like as they get stronger and stronger: limiting access to select partners deemed secure enough to test world-bending systems.

One fun thing: Logan Graham, head of Anthropic's frontier red team, told Axios the model writes the best poetry of any model he's used. "This one might be a beat poet with a beret that didn't go to university, but has had an intriguing life," Graham said.

• It's also good at puns.

• Longtime Microsoft executive Eric Boyd is joining Anthropic as head of infrastructure.
• Intel is joining Elon Musk's Terafab AI chip project. (Reuters)
• The U.S. for the first time reportedly used an AI heartbeat detection tool to help rescue a downed airman. (NY Post)

Doesn't that mean we somehow bought milk that is 100% fat?