The internet got flooded with news about a new, supposedly exceptional model from Anthropic - Mythos.
But this launch looked different from anything we’ve seen before.
Access was given only to a very closed circle of major software companies - Apple, Cisco, CrowdStrike, Google, and the Linux Foundation. The whole initiative was named Glasswing, with the stated goal of improving cybersecurity using Mythos.
Here’s the quick breakdown:
- No public access to the model
- Reportedly “too dangerous” to release broadly
- Companies get usage credits to level the playing field beyond the biggest players
- Real-world use cases from top firms + a supposedly elite model = fix software security
So is Mythos actually that powerful? Let’s unpack it honestly.
Anthropic Is Fighting Hard for the AI Leadership Spot
Claude models are great, and technical people genuinely love them.
But for the vast majority of people, AI still equals ChatGPT. Some of them are also vaguely aware that Google has “their own ChatGPT” too.
Anthropic is building genuinely impressive LLMs - but they’re also clearly investing in positioning, not just research. The name “Anthropic” and “Claude” need to mean something to non-technical buyers.
Does that mean Mythos results are fake? No. But it matters for how we read the hype.
Closed Betas Always Look More Impressive Than They Are
We’ve seen this pattern before:
- Model launches in a quiet, controlled beta
- Every AI influencer calls it disruptive
- Public release comes and the model underperforms expectations
- People get frustrated
Running experimental models in a near-lab environment is a very different thing from real-world deployment.
Scarcity creates a “wow” effect. It raises expectations and makes premium pricing easier to justify. It’s good marketing.
The biggest PR win for Mythos was finding 0-day vulnerabilities in real software. That made headlines. But…
Open Source Models Found the Same Vulnerabilities
Aisle Security found the same issues - in FreeBSD and Linux - using small, cheap, open source models.
The key difference: those models were specifically directed to look for those vulnerabilities. That’s a much easier task when the scope is defined.
So who should we actually worry about more:
- A non-technical person with money asking a model to “find me a security flaw”
- Or a team of experienced experts who can find the same flaw for free with open source tools?
Also worth noting: the vulnerabilities Mythos found weren’t all unique. Across different scenarios and configurations, there were essentially 2 types of issues it identified.
The Real Threat Isn’t Behind a Restricted API
Mythos is worth watching. Anthropic’s research is serious and the model may genuinely push the boundaries of what’s possible in cybersecurity.
But right now, the bigger threat isn’t a restricted model that only a handful of vetted companies can access.
It’s the tools already out there - in the hands of well-funded groups with the right experts and the wrong intentions.
You don’t need Mythos to cause serious damage. You need money, motivation, and people who know what they’re doing.
That combination already exists. And it doesn’t wait for a press release.
Kamil Kwapisz
Sources: