Overview
- Anthropic is keeping its high‑risk Claude Mythos in a tightly controlled Project Glasswing preview and is investigating reports that a small group gained access through third parties, as White House officials oppose expanding access to more organizations.
- To give defenders a safer option, Anthropic launched Claude Security on its less cyber‑capable Opus 4.7 model that scans private GitHub codebases, explains severity with confidence scores, proposes fixes, and pipes results into tools like Slack and Jira.
- The UK’s National Cyber Security Centre says AI‑driven bug hunting will trigger a costly “patch wave” and urges teams to prioritize internet‑facing systems, enable secure hot‑patching, and replace unsupported legacy tech rather than rely only on updates.
- Financial and policy leaders are mobilizing: the U.S. Treasury and Federal Reserve briefed major banks, EU lawmakers say current rules are ill‑equipped and want ENISA access to these models, and India is pushing public banks to boost cybersecurity and has formed a review committee.
- Evaluations reported by Anthropic and the UK AI Security Institute show Mythos can chain steps to find and weaponize latent flaws at scale, including 271 Firefox vulnerabilities with 181 working exploits, highlighting the gap between machine‑speed discovery and human patch cycles.