Cloudflare recently shared their experience testing Anthropic's Mythos Preview, a security-focused AI model that was deemed too dangerous for public release. After running it against over 50 of their own repositories, Cloudflare's findings reveal both the impressive potential and concerning limitations of AI-powered vulnerability detection.
Who is it for?
This technology is currently limited to select organizations with defensive security needs. Mythos Preview represents the cutting edge of AI security research, accessible only to around 40 trusted organizations rather than being publicly available. It's designed for security teams at major companies who need advanced vulnerability detection capabilities.
✅ Pros
- Demonstrates senior researcher-level reasoning when chaining exploit primitives
- Can autonomously identify high-severity vulnerabilities across complex codebases
- Provides detailed proof-of-concept exploits, not just surface-level scanning
- Offers genuine defensive value for organizations with access
- Represents a significant advancement in automated security analysis
❌ Cons
- Built-in guardrails show concerning inconsistency
- Same tasks can produce completely different outcomes when framed differently
- Limited availability creates unequal access to security capabilities
- Potential to accelerate attacks if misused
- Capability and controllability are diverging as models advance
Key Features
Mythos Preview stands out for its ability to perform sophisticated security reasoning that goes beyond traditional automated scanners. The model can take multiple exploit primitives and logically chain them together into working proof-of-concept attacks. Cloudflare noted that the reasoning quality resembles the work of experienced security researchers rather than basic pattern matching. The model successfully identified vulnerabilities across major operating systems and web browsers during Anthropic's testing phase, demonstrating broad applicability across different technology stacks.
Pricing and Plans
Mythos Preview is not commercially available through traditional pricing models. Access is restricted to approximately 40 selected organizations as part of Anthropic's controlled release program. The model was developed under Project Glasswing and remains sequestered due to security concerns. Organizations interested in similar capabilities may need to explore other AI security tools or wait for future developments in controlled AI deployment.
Alternatives
While no direct equivalent to Mythos Preview exists publicly, organizations can explore other AI-powered security tools. Traditional static analysis tools, dynamic testing frameworks, and existing AI coding assistants offer some vulnerability detection capabilities, though likely without the advanced reasoning demonstrated by Mythos. Security teams might consider combining multiple approaches, including manual code review, automated scanning tools, and emerging AI assistants that can help with security analysis within their current capabilities.
Best For / Not For
Mythos Preview would be best for large organizations with sophisticated security teams who can properly contextualize and act on advanced vulnerability findings. It's particularly valuable for companies managing complex, critical infrastructure where thorough security analysis is essential. However, it's not suitable for smaller teams without extensive security expertise, organizations that cannot properly secure such powerful tools, or any use case where consistent, predictable behavior is required. The inconsistent guardrails make it unsuitable for automated deployment without human oversight.
Mythos Preview represents a significant milestone in AI security capabilities, demonstrating that models can perform genuine security research rather than just pattern matching. However, Cloudflare's experience highlights a critical challenge: as AI capabilities advance, controlling when and how they activate becomes increasingly difficult. The inconsistent guardrails and potential for misuse explain why Anthropic chose the unprecedented step of restricting rather than delaying release. This sets an important precedent for handling powerful AI capabilities that could be dual-use.