English
中文
Deutsch
HomeArticle

The prematurely leaked top-secret Claude model "saved" Apple, Microsoft, and Google.

36氪的朋友们2026-04-08 16:14
"Leak-style" hype and marketing

Amodei scratching his head. The picture is generated by AI.

A week ago, Claude Mythos, a model defined as top - secret by Anthropic, was leaked and has now unveiled its veil.

Early on April 8th, Anthropic officially disclosed the core information of the Claude Mythos preview version. According to the introduction, this model, originally designed to enhance logical reasoning, independently "hunted down" a fatal vulnerability that had existed in the OpenBSD system for over two decades, just by understanding the codebase without any specific cybersecurity training.

To prevent the abuse of the project, Anthropic, in collaboration with 40 industry giants such as Amazon, Apple, Microsoft, and NVIDIA, urgently launched a defense project called "Project Glasswing".

01 Silicon - based Security Expert

Traditional tools rely on matching known vulnerability characteristics, while Mythos has the logical deduction ability of top - level human hackers.

When analyzing the OpenBSD operating system, which is known for its security, Mythos detected a vulnerability that had been hidden for 27 years. Based on this vulnerability, any attacker can crash this so - called "safest" system instantly through a remote connection.

In the FFmpeg codec library, which is widely used in video streaming, Mythos also discovered a line of code with a 16 - year - old logical vulnerability. Previously, professional automated security testing tools had conducted more than 5 million brute - force scans on this line of code but failed because they couldn't understand its deep - level logic.

In the Linux kernel test, Mythos didn't just find a single vulnerability. Instead, it independently searched for and connected multiple minor low - risk vulnerabilities to complete an attack chain from ordinary user privileges to full control of the machine.

02 Improved Performance, Reduced Tokens

Claude Opus 4.6 can be regarded as the most powerful productivity tool in the current market, while the Mythos preview version is more like a "well - rounded warrior".

In the evaluation data disclosed by Anthropic, Mythos comprehensively outperformed its predecessor in almost all core dimensions.

In the CyberGym benchmark test, which measures the model's ability to reproduce vulnerability exploitation methods, Mythos scored 83.1%, while the previous flagship Opus 4.6 only scored 66.6%. This 16.5 - percentage - point gap represents a fundamental leap from "assisted analysis" to "autonomous offense and defense".

In the SWE - bench Pro test, which simulates real - world software repair tasks, Mythos scored 77.8%, leading Opus 4.6 by about 24 percentage points.

In the SWE - bench Verified, a rigorous code test verified by humans, Mythos achieved an almost perfect score of 93.9%. This means that the repair code it writes is not only correct but also meets high - quality engineering standards. Even in non - English environments or when dealing with complex visual code charts, Mythos still performs stably, with a multi - language score of 87.3%, while Opus 4.6 scored 77.8%.

In the internal multi - modal SWE - bench test, the gap between the two is even more significant: Mythos scored 59.0%, while Opus 4.6 only scored 27.1%.

In the Terminal - Bench 2.0 test (which evaluates the end - to - end execution ability of AI agents in a real command - line environment), Mythos needs to complete a series of complex operations in the command - line environment and scored 82.0%, while Opus 4.6 scored 65.4%. Anthropic noted in the report that when the timeout limit was extended to 4 hours and the 2.1 version was used for testing, Mythos' score could reach 92.1%.

In the BrowseComp test (which evaluates the information retrieval and reasoning ability of large language models in real - time Internet browsing scenarios), Mythos scored 86.9%, while Opus 4.6 scored 83.7%.

It should be noted that while Mythos' reasoning ability has been significantly improved, its resource consumption has changed in the opposite direction. Its token consumption is 4.9 times lower than that of Opus 4.6, which is good news for users troubled by the high costs caused by large token consumption.

In the OSWorld - Verified test (a benchmark test for agents' computer usage), Mythos scored 79.6%, while Opus 4.6 scored 72.7%.

In the GPQA Diamond test (which tests the reasoning and knowledge level of large language models in the scientific field), Mythos scored 94.6%, while Opus 4.6 scored 91.3%. In the more difficult Humanity’s Last Exam dataset (which evaluates the complex reasoning ability and professional knowledge level of large models), Mythos scored 56.8% without tools, while Opus 4.6 scored 40.0%. After using tools, Mythos' score increased to 64.7%, while Opus 4.6 scored 53.1%.

03 Project Glasswing

This time, Anthropic didn't choose to make a big splash by releasing a new model overnight as the outside world said.

According to the information released by Anthropic, the company launched a project called "Project Glasswing", aiming to establish a preemptive defense alliance.

It is understood that Anthropic has allocated $100 million worth of usage credits for the Mythos preview version, providing them to the partners of the Glasswing project either for free or at a low price. Their reason is that since the attack ability will surely spread within a year, defenders must use the best tools to strengthen their defenses within these 12 months.

However, judging from the official list of partners, it seems that these companies don't need the $100 - million token package.

Interestingly, Anthropic donated $4 million to organizations such as the Linux Foundation and the Apache Software Foundation, paying tribute to the open - source software foundations in the current situation where most of the global infrastructure runs on open - source software.

Mythos will not be launched as a general - purpose chatbot but as a dedicated security API, distributed through professional platforms such as Amazon AWS Bedrock and Google Cloud Vertex AI to ensure that every call is traceable and regulated.

As Elia Zaitsev, the Chief Technology Officer of CrowdStrike, said: "AI has shortened the window between the discovery and exploitation of vulnerabilities from months to minutes. This is not a reason for us to slow down but a signal that we must run faster."

Back to the Glasswing project, its list of partners covers every corner of the modern digital world.

At the hardware level, the participation of companies like NVIDIA and Broadcom means that security risks are seeping into the underlying hardware. Anthony Grieco, the senior vice - president of Cisco, pointed out that the previous methods of strengthening systems have become ineffective. Mythos is scanning hardware vulnerabilities at an unprecedented speed, and this profound change has no turning back.

At the system level, the investment from Microsoft and Google shows that network security will no longer be limited by the "human - resource bottleneck". Igor Tsyganskiy, the executive vice - president of Microsoft Cybersecurity and Microsoft Research, said that through Mythos, Microsoft can pre - identify and reduce risks before its huge codebase is maliciously exploited.

In the financial field, the participation of JPMorgan Chase means that even in an extremely strict compliance environment, top - tier financial institutions have begun to recognize that collaborative AI defense is an inevitable choice for the future. Pat Opet, the Chief Information Security Officer of JPMorgan Chase, emphasized that they will adopt a strict and independent approach to decide how to proceed, but Anthropic's initiative reflects the forward - looking and collaborative approach required at this moment.

Project Glasswing is essentially a global "system - patch mobilization". Anthropic is trying to establish a new paradigm for vulnerability disclosure: give developers 90 days to conduct secret repairs before the model publicly discusses any technical details.

04 The First "Crater"

On social media, Dario Amodei, the CEO of Anthropic, seemed more worried than excited. He believes that the vulnerability - mining ability demonstrated by Mythos is just the first clear and urgent risk brought by cutting - edge AI.

As the model's reasoning ability further improves, AI may show similar "unexpected abilities" in biosecurity, chemical defense, and even in the game of critical infrastructure. The significance of Project Glasswing lies not only in fixing several Linux kernel vulnerabilities but also in providing a reference blueprint for human society on how to deal with AI's "overstepping": transparency, collaboration, and preemption.

Logan Graham, the head of Anthropic's advanced red - team, said: "If Project Glasswing is just a few companies working in isolation, it is doomed to fail. It must grow into something on a larger scale."

In summary, the release of Claude Mythos marks the end of an era - the era of building a security wall with human labor and time. In the future where AI autonomously scans every bit of code, only by using AI to counter AI can humans find peace in this digital forest.

This article is from the WeChat official account "Tencent Technology". Author: Worth Paying Attention To. Republished by 36Kr with permission.

该文观点仅代表作者本人,36氪平台仅提供信息存储空间服务。

For media inquiries, interview requests, business collaboration and Recruit global ecological partners, please contact mohaiying@36kr.com.
Partner:startuprad.io

36kr Europe (eu.36kr.com) delivers global business and markets news, data, analysis, and video to the world, dedicated to building value and providing business service for companies’ global expansion.

© 2024 36kr.com. All rights reserved.