Anthropic said on Tuesday that it has halted the broader release of its newest AI model, Mythos, due to concerns that it is too good at finding “high-severity vulnerabilities” in major operating systems and web browsers.<\/p>\n
\n Loading audio narration…\n <\/p>\n
“Claude Mythos Preview’s large increase in capabilities has led us to decide not to make it generally available,” Anthropic wrote in the preview’s system card. “Instead, we are using it as part of a defensive cybersecurity program with a limited set of partners.”<\/p>\n
The announcement is a major step for Anthropic, which in February weakened a safety pledge <\/a>about how it would develop AI models. Claude Opus 4.6, which the company called its most powerful model to date, was publicly released on February 5.<\/p>\n In its statements about Mythos, Anthropic detailed a number of eyebrow-raising findings and episodes, including that the model could follow instructions that encouraged it to break out of a virtual sandbox.<\/p>\n “The model succeeded, demonstrating a potentially dangerous capability for circumventing our safeguards,” Anthropic recounted<\/a> in its safety card. “It then went on to take additional, more concerning actions.”<\/p>\n The researcher had encouraged Mythos to find a way to send a message if it could escape. “The researcher found out about this success by receiving an unexpected email from the model while eating a sandwich in a park,” Anthropic wrote.<\/p>\n The model apparently decided that wasn’t enough and found another way to spike the football.<\/p>\n “In a concerning and unasked-for effort to demonstrate its success, it posted details about its exploit to multiple hard-to-find, but technically public-facing, websites,” Anthropic wrote.<\/p>\n Anthropic is withholding some details about the cybersecurity vulnerabilities Mythos found, but it did point out a few. The AI model “found a 27-year-old vulnerability in OpenBSD\u2014which has a reputation as one of the most security-hardened operating systems in the world,” the company wrote.<\/p>\n Mythos was powerful enough that even “non-experts” could seize on its capabilities.<\/p>\n “Engineers at Anthropic with no formal security training have asked Mythos Preview to find remote code execution vulnerabilities overnight, and woken up the following morning to a complete, working exploit,” Anthropic’s Frontier Red Team wrote in a blog post. “In other cases, we’ve had researchers develop scaffolds that allow Mythos Preview to turn vulnerabilities into exploits without any human intervention.”<\/p>\n All told, Anthropic said it decided not to publicly release Mythos. Instead, their hope is to eventually release “Mythos-class models” once proper safeguards are in place.<\/p>\n “Our eventual goal is to enable our users to safely deploy Mythos-class models at scale\u2014for cybersecurity purposes but also for the myriad other benefits that such highly capable models will bring,” the team wrote in the blog. “To do so, that also means we need to make progress in developing cybersecurity (and other) safeguards that detect and block the model’s most dangerous outputs.”<\/p>\n