Anthropic's Mythos Found Millions of Security Vulnerabilities

Welcome to the podcast.

I'm your host, Jaden Schaefer.

Today on the show, we are talking about Project Glasswing

from Anthropic.

They just tweeted this out like an hour ago.

They said, introducing Project Glasswing,

an urgent initiative to help secure

the world's most critical software.

It's powered by our newest frontier model,

Claude Myfos Preview,

which can find software vulnerabilities

better than all but the most skilled humans.

Okay, there is this crazy project.

It's not released to the public.

They're sending this out to security researchers

and they've pledged $100 million essentially

to big companies like Microsoft to go and test

all of the open source software,

all of the software in the world

to find the vulnerabilities and fix it

before they release this to the public

because they said basically,

this is going to be an existential crisis for code

because everything can be hacked

and there's vulnerabilities everywhere that can be found.

So they're trying to give it to the security researchers

to fix everything before they release it.

And it's not just for software.

This is just a general insanely good model

but that's just something that they're concerned about.

So we're going to get into all of that on the podcast

without too much doomerism.

I think there's a lot of optimism

but this is definitely a absolutely massive drop in model

and speaking of AI models,

if you want to test all of the top AI models,

everything from anthropic to open AI to GROC,

to Gemini, to 11 labs for audio,

tons of cool image models.

Go check out my startup AIbox.ai for 899 a month.

You get access to over 80 of the top audio, image,

text, video models, open AI to Sora,

which is going to get discontinued

because it costs $130 to generate a video for them

but for you, it's very cheap.

So if you want to check it out,

go check out abox.ai.

Hope that saves you a ton of money

and you get access to everything in one spot.

All right, let's talk about what's going on with anthropic.

So they just released this, what they're calling,

of course, their quote, most powerful model yet.

Now it's interesting as usually everyone's like,

this is our most capable model.

This is most powerful.

It sounds a little bit ominous.

There was a leaked memo where they were actually calling it,

that's what they told the world.

This is just kind of internally.

And basically this right now is limited to,

it's just kind of a debut for a bunch of the top organizations

as part of a new security initiative

in which there's 40 partner organizations

and they're all deploying the model across

a bunch of different quote unquote defense security work areas.

And they're basically trying to secure critical software

before this goes out to the general public.

I think they didn't specify exactly what this was trained on.

So they're not saying like, hey,

we specifically trained this on like cyber security work

or kind of like source code.

But right now the preview that they're sending out to everyone

is being used to scan both first party

and open source software systems.

They're looking for code vulnerabilities

and they're just giving this out

to a lot of the big organizations.

What they're saying right now is that over the last few weeks

they were using it internally

and they were able to identify quote thousands

of zero day vulnerabilities.

Many of them critical.

So they're saying a lot of the vulnerabilities

are one to two decades old.

So they have this new software.

They ran on code bases and they're finding vulnerabilities

that have been around for 10 to 20 years

in literally everything.

And if they're just, they're concerned.

They really can't release this to the public

because they're like, as soon as we release it to the public,

security of basically all software is going to explode.

So now they're trying to get this out to people

that can fix it before they release it.

It's like, the model's so powerful,

they can't release it until we fix all the software in the world.

And so they're like, okay, everyone,

we really want to release this new model

because we're probably gonna make a lot of money

and be open AI.

But like, we're not held back by anything other than

that we're gonna destroy the entire internet

and all software combined.

So honestly, that's a pretty wild point.

And I mean, this is just crazy.

Apparently, this isn't just like a software model.

It's a general purpose model.

It's the new tier.

So they have like Opus, Sonnet.

They have these other tiers.

This is gonna be Mythos and it is kind of the next highest tier.

They have a higher tier.

I guess they're not continuing with the Opus model

or the, you know, Sonnet model.

But kind of the Opus being the best,

they actually are creating a new thing

because it is such a big step up,

which is really interesting.

It has really strong,

agentic coding and reasoning skills.

So everyone using Clawed Codework,

which I've been shouting from the rooftops

and Clawed Code recently are going to love it.

And it's basically the most sophisticated

and high performance model.

It can do complex tasks

and it can do a lot of agent building and coding.

So who is, and for topic, giving this to in order to go

and, you know, put it out onto all of the different,

you know, test all the code bases in the world

and fix all of these vulnerabilities.

They're giving it to Amazon, Apple, Broadcom, Cisco,

CrowdStrike, the Linux Foundation,

Microsoft and Palo Alto Networks.

All of those people are going to share

what they've learned from using the model

so that the rest of the tech world can benefit from it.

It's not going to be made publicly available.

So we don't know exactly when they're going to actually

launch it, feels it's kind of like a wait and see.

They're like, well, we're giving this to all

of the biggest tech companies.

We're going to see what they can do with it,

what they can fix with it,

what they can teach us about it.

And then we'll basically decide on how

and when we get this out.

Anthropic says that right now they have engaged

in quote ongoing discussions with a bunch of federal

officials about the use of my thos,

although one would imagine that I think

a lot of those discussions are pretty complicated

by the fact that Anthropic and the current administration

are having a whole bunch of illegal battles.

Pentagon labeled the AI lab a supply chain risk

because Anthropic didn't let them use their AI model

for autonomous targeting or surveillance

and basically had a bunch of different rules

and they didn't want to follow them.

Or maybe they just didn't want a precedent

of having rules.

I think we're probably a fair characterization.

But in any case, news of this rate now

is originally something that got leaked a little while back.

We kind of reported on it.

There was a data security incident

that got reported by a fortune and there's a blog

with some, you know, some is like an unpublished blog draft

somewhere that someone found.

And it alluded to this.

So we kind of knew that this was coming.

We didn't realize how wild this was.

Basically, Anthropic attributed that leak in particular

to quote unquote human error.

So they're like, look, it wasn't like an AI model leaking this.

The AI model didn't do it.

But what they did say is that Kappy Barra

is the new name for a new frontier of model.

It's larger and more intelligent than Opus.

So it's actually going to be called Kappy Barra.

That's, I guess they're, they're latest.

I don't know where they get the names for these.

It's almost as bad as Barra, in my opinion, but whatever.

So Kappy Barra is going to be better than Opus,

but MyFos is kind of the umbrella of models, right?

They kind of do these pushes where they'll make an umbrella

of models and they go from best and then like medium

if you want to save power and then kind of worst

if you want to like run it on locally

or on an edge device or something like that.

So Kappy Barra is the new one.

It's getting replaced Opus.

And according to all these leaked documents,

it is quote by far the most powerful AI model

you've ever developed in this leak anthropic claim

that this new model was going to far exceed the performance

in areas like software coding, academic reasoning

and cyber security.

And evidently the cyber security was one of the big areas

they were concerned about because now they're

pushing this, you know, making this big push.

When they released it, you know, if you kind of look

at some of the current public models, we, we, like sure,

you could use something like ChatGbT or Gemini

or anything for some sort of cyber security issue.

But it feels like this, this one is so advanced.

They're concerned about the threats

of this being weaponized by bad actors.

It's going to find bugs and exploit them.

And because they found, they just alone

found so many zero day exploits

and so much, you know, infrastructure and software.

They're, you know, even with bad relationships

with the government, they're giving this to the government

and giving this to every major organization

and telling them look like you use this

and try to fix it for something like this gets out.

And the other thing that I think is important

is everyone's like, you know, well, why don't they just,

like not really sit if it's so dangerous,

why don't they keep it forever.

And the reality is these models are all getting better

and better and someone in China is going to make

an open source version of this and release it either way.

So I think it's an, everyone's best interest to take this,

use it to fix the software as fast as possible

because if anthropic was able to create it,

other people inevitably are going to be able

to create it eventually as well.

Last month, anthropic accidentally exposed

about 2000 source code files and more than half a million

lines of code that was kind of linked to a mistake

in the launch of version 2.188 of Cloud Code

and their software package.

The company accidentally caused all, you know,

a thousand code repositories and get hub to be taken down

because they were trying to clean up the mess

and they're, you know, launching cease and desists.

In addition, I think what not a lot of people know

is that anthropic right now is absolutely exploding

in revenue.

If you take a look at the numbers,

just how fast anthropic is growing right now,

they put out a tweet a couple days ago

where they said,

our run rate revenue has surpassed $30 billion

up from $9 billion at the end of 2025

as demand for cloud continues to accelerate.

This partnership gives us the compute to keep pace.

So the revenues exploding,

they're making a lot of these partnerships.

I mean, the end of 2025, they were at $9 billion

in run rate and run rate revenue

and now they're past $30 billion triple.

Since the end of last year, I mean, we're three months in.

So this is absolutely exploding,

open AI is concerned, everyone's concerned.

Obviously the software industry is concerned

with what is, you know, coming down the pipe here.

Something that's interesting is,

as far as that whole $9 million at the end of last year goes,

they said when we announced our series G fundraise in February,

we shared that over 500 business customers

were each spending over a million dollars on an annualized basis.

Today, that number exceeds a thousand

doubling in less than two months.

That is crazy.

Their growth is absolutely astronomical

and I think where Anthropic really crushed it,

open AI is kind of targeting the everyday user

who maybe will spend $20 a month

and many will just use it for free.

Anthropic is targeting business users.

I personally am spending hundreds and hundreds of dollars

a month on it, loving every second of it

because I'm getting so much done.

But I think they know their customer,

they're finding the power users

that are really pushing AI to its limits.

And I mean, even in the case of giving it

to all these cybersecurity people,

it's like they basically made the problem.

They're like, we made a model so good.

It discovered all of the cybersecurity issues.

And now you need to use our model

to fix the problem that we basically made.

And so they're giving it out,

but they are to in all fairness,

they are pledging about $100 million.

They're giving to all of these different companies and credits

and tokens and they're like,

look, we're gonna give you guys $100 million

to run through and fix all of the software in the world

because we know we made this problem

and we wanna get the model out.

So that's pretty fascinating.

We're literally paying Microsoft

to fix the security vulnerabilities of the world

because their model is about to crush it.

Everyone, thank you so much for tuning into the podcast today.

If you enjoyed this episode,

I mean, this was an absolute wild ride.

Make sure to test all of the latest models

from OpenAI and Theropic Gemini.

Test them side by side.

I think this is so important

to understand the capabilities of all these models.

And you can do that at AIbox.ai for $8.99 a month.

And you also get audio, image, video,

everything in one place.

Hope that it is a phenomenal product for you.

Put a lot of blood, sweat, and tears in the suit to it.

So let me know what you guys think.

Hope you have a fantastic rest of your day

and I will catch you in the next episode.