Gadget

What Claude Mythos Preview means for secure software

News Room
News Room
What Claude Mythos Preview means for secure software

Since Anthropic presented Claude Mythos Preview and his Project Glasswing on April 7, 2026, there has been a lot of talk about hype and marketing. According to Anthropic, the model that can detect security gaps in software is so powerful that the company does not publish the model. However, there are hardly any technical details for assessing the model. Only hand-picked customers should have access to a gated research preview.

The first results of selected projects have now been published. A picture can be sketched out of the sparse puzzle pieces. We answer the most important questions about Claude Mythos Preview and the future of cybersecurity in times of fully automated exploit agents.

Code analysis in record time: How AI detects security gaps

A large language model finds security vulnerabilities in software because it has been trained with many well-documented code examples. But that’s not everything. Because agents powered by these large language models can call up tools independently, the rest of the workflow can also be largely automated. Anthropic describes it for Claude Mythos Preview like this: read code, form a hypothesis for the exploit, write a proof of concept and test it in a virtual environment and at the end issue a robust bug report.

Of course, “reading code” doesn’t mean reading the code like human developers. But language models are now able to analyze text and therefore also code in a larger context. The Swedish developer Daniel Stenberg describes this in a case study: a report on the analysis of the software curl with the Claude Mythos Preview. Language models like Claude Mythos Preview, for example, detect “when a comment says something about the code and conclude that the code does not work as the comment describes,” he writes. Or the model uses its knowledge of “details about third-party libraries and their APIs so that it can detect misuse or false assumptions.”

Recommended editorial content

Here you can find external content from Podigee GmbHwhich complement our editorial offering on . By clicking “Show content” you agree that we can show you content from. now and in the future Podigee GmbH may display on our pages. Personal data may be transmitted to third-party platforms.

Note on data protection

Note: This podcast is supported by sponsorships. You can find all information about our advertising partners here.

Recommended editorial content

Here you can find external content from TargetVideo GmbHwhich complement our editorial offering on . By clicking “Show content” you agree that we can show you content from. now and in the future TargetVideo GmbH may display on our pages. Personal data may be transmitted to third-party platforms.

Note on data protection

What are these security vulnerabilities?

The National Institute of Standards and Technology (NIST), which is responsible for cybersecurity in the USA, generally defines security vulnerabilities as weaknesses in the logic of software or hardware that, if exploited, affect the confidentiality, integrity or availability of the IT.

Attackers usually want to execute code without authorization, gain access rights or access data from protected areas. A buffer overflow, for example, is a vulnerability that occurs when a program allows input without length checking. If the input is extremely long, the program writes more data into a memory area than fits there. This causes neighboring memory locations to be overwritten – in unfavorable cases, the attacker can execute his own code that was inserted like a cuckoo’s egg.

The AI ​​does not find a new type of vulnerability, but rather common and, in principle, well-known vulnerabilities that have been in the code for a long time but that no one has noticed yet.

Editorial recommendations

How well can an AI exploit such vulnerabilities?

Language models can exploit security vulnerabilities by forming hypotheses and then testing them with example code. Thorsten Holz from the MPI for Security and Privacy in Bochum reports on results from the ExploitGym project, in which he was involved together with international researchers, at a press briefing at the Science Media Center. In the project, the researchers tested, among other things, Claude Mythos Preview, how well large AI models can fully automatically exploit security gaps.

The AI ​​models were presented with almost 900 examples, each containing the code of the program to be attacked, a crash report and the associated input that caused the program to crash. Based on the model, an agent should be able to create a working exploit in a maximum of six hours, which makes it possible to execute your own code in a protected area of ​​the test system.

The result: Mythos found 160 gaps, GPT 5.5 found 120 gaps. Only one open model, GLM (from Chinese provider Zhipu AI), was even able to find two vulnerabilities. “But we are also seeing that the open models are catching up very quickly. Open models may soon be online that have similar capabilities to those that only Mythos and GPT-5.5 now have,” says Holz. For him, soon means six months to a year.

Does this mean IT security is broken?

No, but the situation is not uncritical. On the one hand, the initial findings suggest a real increase in ability. Top models like Claude Mythos Preview are able to find security gaps that previously could not be detected automatically. And in many cases they can also develop software that maliciously exploits these gaps. So far, access to the top models with these capabilities is severely limited. But experience shows that open-source models are catching up quickly.

However, the same technique that scales attacks can also scale defenses. In this sense, Claude Mythos Preview is not only a threat, but also a foretaste of a future in which software developers not only test their software automatically, but also patch it automatically. “This could be unpleasant in the next two to three years, but once we get through the crisis, software will actually become safer overall,” says Holz.

But there are two big unknowns in this equation. On the one hand, it is not clear how much software will be written by AI in the future and whether it will be possible to produce code with fewer security gaps – or whether the situation will actually get worse. On the other hand, AI models have not yet found any completely new attack or defense methods. But that can still happen. How the situation will then develop is completely unclear.

Jonas Geiping from the University of Tübingen also fears that small companies from Germany in particular could fall behind if they can only ensure the security of their software with the help of expensive top models from the USA. “Then we would have to look at how we can protect the domestic software industry.”

This article was originally published on May 14, 2026, but is still of interest to many of our readers. That’s why we’ve made it available again here.

See more in Google News:

Add as a preferred source on Google

Top Article

Share This Article
Previous Article Infomaniak makes itself unsellable to protect your data! Infomaniak makes itself unsellable to protect your data!
Next Article after the Netherlands, another European country opens up to autonomous driving after the Netherlands, another European country opens up to autonomous driving
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay Connected

Latest News

Union reaches agreement with Samsung: strike averted at the last minute
Union reaches agreement with Samsung: strike averted at the last minute
Software
after the Netherlands, another European country opens up to autonomous driving
after the Netherlands, another European country opens up to autonomous driving
Mobile
Infomaniak makes itself unsellable to protect your data!
Infomaniak makes itself unsellable to protect your data!
Computing
Secretiveness about IT salaries
Secretiveness about IT salaries
News
Lost your password?