Модель Anthropic Claude Mythos нашла 10 тысяч уязвимостей за месяц
Anthropic представила результаты проекта Project Glasswing. ИИ-модель Claude Mythos за один месяц обнаружила свыше 10 тысяч уязвимостей в корпоративном ПО. Это
What is Project Glasswing
Project Glasswing is a new Anthropic initiative launched in April of this year. The project focuses on finding vulnerabilities in corporate software using artificial intelligence. At the core of the project is the Claude Mythos Preview model — an advanced version of Claude that has not yet become widely available to the public. The model is specially optimized for code analysis and identifying potential security issues. It is not simply a tool for finding known patterns — Claude Mythos is capable of understanding context and identifying more subtle issues that traditional SAST tools might miss. The company positions the project as a way to help partners increase the security level of their products.
Impressive Results
In its first month of operation, Claude Mythos helped Anthropic partners identify over 10 thousand vulnerabilities. This is a stunning figure. For comparison: traditional vulnerability detection methods (static analysis, manual code review, penetration testing) require significantly more time and resources. The AI model handled this task at a scale that previously seemed unattainable for automated tools. It is important to note that the quality of found vulnerabilities remains a central focus. Anthropic does not simply count detections, but verifies the relevance and criticality of each identified issue. This means that the figure of 10 thousand is not a count of false positives, but real potential threats requiring attention.
What Vulnerabilities Does Claude Find
The Claude Mythos model analyzes source code, searches for typical vulnerability patterns, and offers contextualized solutions. Its main advantage is that it can understand how different parts of a system interact and where security issues might arise. Unlike signature-based detectors, Claude works at the level of code semantics. Here are the main categories of vulnerabilities found:
- SQL injection, XSS and other classic OWASP Top 10 vulnerabilities
- Memory management issues and buffer overflow
- Weak cryptographic implementations and incorrect use of cryptographic functions
- Errors in access control and authentication
- Incorrect API usage and unsafe framework patterns
The model is capable of analyzing both client-side and server-side code, finding issues at different levels of application architecture.
The Future of AI in Cybersecurity
The results of Project Glasswing demonstrate the real potential of AI in practical cybersecurity. When companies can quickly identify tens of thousands of potential vulnerabilities in their software, this fundamentally changes the approach to security operations. Instead of manual searching and expensive penetration tests, organizations gain the ability to scale security audits.
The Claude Mythos model is currently available to a narrow circle of Anthropic partners, but the results of the project clearly indicate the direction of AI development in cybersecurity. It is not hard to imagine how in the coming years AI assistants will become a standard part of any security tooling. This could overturn the approach to development: instead of finding vulnerabilities after release, companies will be able to identify them during the development stage.
What This Means
Project Glasswing shows that AI is capable of scaling solutions to traditional cybersecurity problems. If the results are reproduced consistently, this could become a turning point in the industry, when cybersecurity automation moves to a new level.