The Mythos artificial intelligence model, developed by Anthropic, detected vulnerabilities in some of the US government’s most heavily protected IT systems during controlled security tests. The Associated Press reported this, citing a US official familiar with the project.
The tests were carried out as part of Project Glasswing, an Anthropic initiative designed to identify and remove vulnerabilities in critical software before they can be exploited by cybercriminals or state-sponsored actors. The project involves both government agencies and technology companies responsible for maintaining critical digital infrastructure.
The matter gained publicity following remarks made by Senator Mark Warner during a congressional hearing. Citing information provided by the heads of the NSA and Cyber Command, the politician stated that Mythos had “hacked into almost all classified systems” within a matter of hours. According to the AP, however, this statement referred to the rapid detection of security weaknesses, rather than the actual takeover of systems. Officials emphasise that finding vulnerabilities does not mean they are automatically exploited.
Project Glasswing was launched in response to the growing capabilities of AI models in the field of cybersecurity. Anthropic claims that the latest systems are already capable of finding errors in code at a level surpassing that of most specialists. The company makes Mythos available to selected organisations involved in protecting critical infrastructure, and the model itself is not publicly available.
At the same time, Anthropic’s relationship with the US administration remains strained. In recent weeks, the government has restricted access to the company’s latest models for foreign users, citing national security concerns as the reason for the decision. However, some experts warn that overly restrictive measures could hinder the use of advanced AI tools to strengthen cyber defences.
The story of Mythos illustrates a broader trend: artificial intelligence is increasingly becoming not only a tool to support developers, but also an active participant in processes related to threat detection and the protection of critical digital systems.
