The Mythos AI model is a restricted frontier AI system developed by Anthropic for cybersecurity research, shared only with selected partners and governments through Project Glasswing. According to reports, the European Commission is now sending representatives to San Francisco to discuss gaining access to this highly controlled tool, signaling that governments worldwide are competing for Mythos capabilities as AI-powered vulnerability discovery reshapes how nations defend critical infrastructure.
Key Takeaways
- Mythos AI model is restricted to around 40 partner companies and government bodies, not publicly available.
- The model has identified over 10,000 high- and critical-severity vulnerabilities in under two months.
- Mozilla used Mythos to identify and ship 423 Firefox security bug fixes in a single month.
- Anthropic limits Mythos access due to concerns about its power and misuse potential.
- OpenAI’s Daybreak represents a competing frontier model in the cybersecurity AI race.
Why governments are racing for Mythos access
Mythos discovered flaws in every major operating system and web browser, making it invaluable to any government serious about digital defense. The European Commission’s move reflects a hard reality: nations that lack access to latest AI vulnerability discovery tools risk falling behind in securing their digital infrastructure. When a single model can uncover thousands of critical flaws in weeks, the geopolitical stakes become clear. Anthropic has deliberately kept Mythos restricted because the company views it as too powerful for unrestricted release, creating scarcity that governments now compete to fill.
The EU’s interest also signals something deeper: frontier AI models designed for security research are becoming strategic assets. Unlike consumer AI tools, Mythos operates at the intersection of national defense and corporate security. A government with reliable access can patch vulnerabilities before adversaries exploit them. One without access faces the opposite problem. This is why the Commission is not waiting for a public launch—it is negotiating directly for partnership status.
What Mythos has already proven it can do
The evidence of Mythos’s capabilities is not theoretical. Mozilla used Mythos alongside other AI models to identify and patch 423 security bugs in Firefox in just one month. Anthropic’s own testing found that Mythos located over 10,000 high- and critical-severity vulnerabilities across major software in under two months, with independent security researchers confirming 90 percent of assessed findings as valid positives. These are not marginal improvements—they represent orders of magnitude faster vulnerability discovery than traditional methods.
One security team demonstrated that Mythos could build a working macOS exploit in five days, a process that typically requires weeks of expert work. Another team used the model in a 32-step simulated corporate network attack that would normally take human experts around 20 hours to execute. These results explain why governments are interested and why Anthropic is cautious about wider distribution. A tool that can compress months of security research into days is exactly the kind of capability that cuts both ways.
The Mythos AI model in a competitive landscape
Anthropic is not alone in this space. OpenAI released Daybreak, its own frontier model for cybersecurity, signaling that the competition for dominance in AI-powered vulnerability discovery is intensifying. Both companies understand that governments, enterprises, and security teams will gravitate toward whichever model delivers faster, more reliable results. The EU’s decision to negotiate directly with Anthropic suggests that European officials believe Mythos currently holds the advantage, but OpenAI’s entry into the market means that advantage is not guaranteed to last.
The broader implication is that frontier AI models designed for security research are becoming as strategically important as military hardware once was. Nations that secure partnerships with leading AI labs gain asymmetric advantages in defense. Those left out face pressure to either develop their own models or accept a reactive security posture. This dynamic explains why the Commission is not waiting passively—it is actively pursuing access.
Why Anthropic is keeping Mythos restricted
Anthropic has made a deliberate choice to limit Mythos access, and that choice reflects genuine risk. A model capable of finding vulnerabilities in every major operating system and browser is also capable of helping malicious actors find those same flaws before patches ship. The company’s Project Glasswing framework attempts to balance security benefit with safety risk by vetting partners and monitoring usage. Expanding access to government bodies like the EU requires confidence that the model will not be misused or leaked to adversaries.
This tension—between the security benefits of wider access and the dangers of proliferation—is exactly what the EU and Anthropic will need to navigate in their discussions. The Commission likely wants reliable, ongoing access to Mythos for its own security agencies and critical infrastructure operators. Anthropic likely wants assurances about oversight, usage monitoring, and non-proliferation. How they resolve this will set a precedent for how frontier AI security tools are governed globally.
What happens if the EU gains access?
If negotiations succeed, the EU would join a small circle of governments and enterprises with Mythos access. This would accelerate vulnerability discovery across European critical infrastructure, from financial systems to energy grids to telecommunications. It would also position Europe as a major player in the emerging ecosystem of AI-powered security research. Conversely, failure to secure access would leave European security teams reliant on slower, traditional vulnerability discovery methods while competitors move faster.
The outcome also signals how governments will approach frontier AI governance. Rather than waiting for public releases or regulatory mandates, the EU is pursuing direct partnerships with AI labs. This pragmatic approach acknowledges that the most powerful AI tools may never be publicly available and that strategic access requires negotiation, not legislation.
Is Mythos available to the public?
No. Mythos is not publicly released and is available only to selected partners and government bodies through Project Glasswing. Anthropic has restricted access due to concerns about the model’s power and potential for misuse. If you need vulnerability discovery tools, you can access other AI models or traditional security research methods, but Mythos remains behind closed doors.
How many vulnerabilities has Mythos found?
Anthropic reported that Mythos discovered over 10,000 high- and critical-severity vulnerabilities in under two months. Independent security researchers assessed 1,752 of these findings, confirming 90 percent as valid positives, with 62.4 percent confirmed as high- or critical-severity. These numbers far exceed what traditional security research typically uncovers in the same timeframe.
Why is the Mythos AI model restricted?
Anthropic limits Mythos access because the model is too powerful and risky for unrestricted release. A tool capable of finding vulnerabilities in every major operating system and browser could also help malicious actors if it fell into the wrong hands. By controlling access through Project Glasswing, Anthropic attempts to maximize security benefits while minimizing proliferation risks.
The EU’s pursuit of Mythos access reflects a new reality in cybersecurity: frontier AI models are becoming strategic assets that governments compete to control. Whether the Commission succeeds in negotiating access will shape how Europe approaches AI-powered security research and how other nations view the governance of powerful AI tools.
Edited by the All Things Geek team.
Source: TechRadar


