Podcast Episode
The model achieved a 72.4 percent success rate in turning discovered vulnerabilities into working exploits, up from near zero for its predecessor. Among its findings were a 27-year-old bug in OpenBSD, a 16-year-old flaw in FFmpeg, and vulnerabilities in major cryptography implementations. In one test, Mythos autonomously chained together four separate vulnerabilities to escape browser and operating system sandboxes.
Over 99 percent of the vulnerabilities discovered remain undisclosed because patches have not yet been developed, underscoring the scale of the challenge ahead.
IBM Says Open-Source AI Is Now a Design Requirement After Anthropic Withholds Mythos
April 12, 2026
0:00
4:13
Anthropic's new Claude Mythos Preview model discovered thousands of zero-day vulnerabilities across every major operating system and browser, prompting the company to restrict access through its Project Glasswing initiative. IBM responded by arguing that as AI becomes critical infrastructure, open-source development is no longer optional but a fundamental design requirement.
A Model Too Powerful to Release
Anthropic has unveiled Claude Mythos Preview, its most capable AI model to date, and made the unprecedented decision not to release it publicly. The reason: during internal testing, the model autonomously discovered thousands of previously unknown security vulnerabilities across every major operating system, web browser, and widely used software library.The model achieved a 72.4 percent success rate in turning discovered vulnerabilities into working exploits, up from near zero for its predecessor. Among its findings were a 27-year-old bug in OpenBSD, a 16-year-old flaw in FFmpeg, and vulnerabilities in major cryptography implementations. In one test, Mythos autonomously chained together four separate vulnerabilities to escape browser and operating system sandboxes.
Project Glasswing: Defensive AI at Scale
Rather than shelving the model entirely, Anthropic launched Project Glasswing, a collaboration with more than 40 organisations including Apple, Amazon, Microsoft, Google, CrowdStrike, and Palo Alto Networks. The initiative deploys Mythos strictly for defensive security work, with Anthropic committing up to one hundred million dollars in usage credits and four million dollars in direct donations to open-source security organisations.Over 99 percent of the vulnerabilities discovered remain undisclosed because patches have not yet been developed, underscoring the scale of the challenge ahead.
IBM Pushes Back With Open-Source Argument
IBM Senior Vice President Rob Thomas published a commentary titled "Open Source, After Mythos," arguing that concentrating understanding of frontier AI capabilities inside a small number of companies could heighten rather than reduce risks. Thomas wrote that critical technologies tend to be safer when more people can inspect, challenge, and improve them, and that openness is now a design requirement rather than a philosophical preference.Markets React
Cybersecurity and software stocks fell sharply in the days following the announcement, with companies like Cloudflare dropping around 14 percent and Akamai losing more than 16 percent, as investors grappled with what AI-driven vulnerability discovery means for the entire software industry.Published April 12, 2026 at 9:30am
